SED technology provides verified and certified data security which offers nearly unbreakable pre-boot access protection for user data. Because SED access is pre-boot, there is no possibility of running an OS utility to break authentication codes. Following TCG Opal 2.0 specifications and IEEE-1667 access authentication protocols provide data security which meets government standards for data in banking, finance, medical and government applications. Support for Windows 8 eDrive provides the individual user with simple plug-and-play data security which can protect sensitive personal data, without having to modify BIOS settings, and without having to spend time to encrypt data already in place (as is the case for software encryption methods).
Windows 8 Professional, Enterprise, and RT editions all automatically support encryption key management of SEDs. Crucial SEDs support Microsoft’s requirements for eDrive capability. This provides security for data at rest with no loss of throughput performance. In other words, in order to active the password feature, to arm the security system if you will, all it takes in Windows 8 is to enable BitLocker. While BitLocker in older Windows Operating Systems does not support SED technology, you can still use BitLocker like on any other drive, it just won’t take advantage of the benefits of the hardware encryption on the SED. To help users on Windows 7 or other Operating Systems take advantage of the SED ability third-party software vendors, such as Wave Systems, WinMagic, and others provide advanced encryption and authentication management features for Opal 2.0 storage devices.
The majority of current Crucial SSDs are Self-Encrypting Drives (SEDs) which means all data is always encrypted by the controller when written to the NAND and decrypted when read. Windows 8 BitLocker, along with other products, can work with this built-in hardware encryption ability when you apply a password in Windows, provided the following requirements are met (solutions other than BitLocker may have further or modified requirements):
Configuring the Host System
It is recommended that the host system UEFI be configured to properly accept the SED before physically installing it, as outlined in the example below. Details of the system setup will vary from system to system, as will the names of various functions. However, they are similar enough that a single example should be sufficient. For details on specific UEFI setups, contact your computer's manufacturer.
Enabling Secure Boot
Microsoft Secure Boot is a requirement to run any Windows 8.x system. Any computer that has been configured from the factory for Windows 8 (as shown by a Windows 8 sticker) will already have Secure Boot enabled. If the host system was originally configured for Windows 7 or a previous operating system, check to ensure that Secure Boot is enabled, as shown below.
UEFI Boot Mode/CSM Support
The host computer system must be in UEFI-only mode, as shown below. Typically, the CSM will be automatically disabled in UEFI-only mode; however, this should be verified and the CSM should be disabled if necessary.
Installing Windows 8.x
The most straightforward method of implementing hardware encryption is to perform a clean, new installation of the operating system. BitLocker versions in the Windows 8.x Enterprise and Professional editions support hardware encryption on SEDs. No special steps are needed for this function; simply follow the normal OS installation process described by Microsoft. After the OS is installed, proceed to the Enable BitLocker section.
Because Crucial SEDs support eDrive, activating BitLocker creates special partitions, which are required to put the eDrive features in effect. When an eDrive-activated SSD is cloned, these special partitions may not be properly copied to the target drive. The target drive may function, but this is not considered a valid process and it may cause latent performance problems. If the source disk has been encrypted using software encryption in Bitlocker, first ensure that BitLocker is turned off before initiating the image clone to a Crucial SED. If using BitLocker in software encryption mode on the source system, a decryption process will be required to turn off BitLocker. This can take several hours, depending on the amount of user and OS data on the drive.
Follow the steps below to enable BitLocker.
The video below illustrates the process in full.