An introduction to hardware encryption

by Moderator Moderator on ‎06-11-2013 05:34 PM - edited on ‎09-03-2015 02:02 PM by Moderator Moderator (23,810 Views)


How does the hardware encryption on Crucial's Self-Encrypting SSDs work?



With a Self-Encrypting Drive (SED), the encryption is always on, meaning when data is written to the SED it is encrypted and when read from the SED it is decrypted. The password security feature needs to be activated by encryption management software. If that is not done, there is nothing stopping a user from reading the data on the drive. In other words, the SED will generously decrypt all information for anyone who asks, unless security management software is installed to prevent that.

The easiest way to regard this is like a security system in a house. Until this is "armed" (through the use of a piece of 3rd party software for applying login credentials, for example) it is simply there but not actively protecting your data.


SED technology provides verified and certified data security which offers nearly unbreakable pre-boot access protection for user data. Because SED access is pre-boot, there is no possibility of running an OS utility to break authentication codes. Following TCG Opal 2.0 specifications and IEEE-1667 access authentication protocols provide data security which meets government standards for data in banking, finance, medical and government applications. Support for Windows 8 eDrive provides the individual user with simple plug-and-play data security which can protect sensitive personal data, without having to modify BIOS settings, and without having to spend time to encrypt data already in place (as is the case for software encryption methods).

Windows 8 Professional, Enterprise, and RT editions all automatically support encryption key management of SEDs. Crucial SEDs support Microsoft’s requirements for eDrive capability. This provides security for data at rest with no loss of throughput performance. In other words, in order to active the password feature, to arm the security system if you will, all it takes in Windows 8 is to enable BitLocker. While BitLocker in older Windows Operating Systems does not support SED technology, you can still use BitLocker like on any other drive, it just won’t take advantage of the benefits of the hardware encryption on the SED. To help users on Windows 7 or other Operating Systems take advantage of the SED ability third-party software vendors, such as Wave Systems, WinMagic, and others provide advanced encryption and authentication management features for Opal 2.0 storage devices.



Kilobyte Kid

Can I enable the encryption features on Mac?

Moderator Moderator

The hardware encryption on the M5500 is always operating, however, it is not always password protected to the point it locks out unauthorized access. We are at this time not aware of a software tool for Mac that provides this functionality integrated with the SED feature.

Bit Baby

I just bought and installed the M500 240Gig. So disgusted that the product sales page failed to mention the above Windows 7 limitation. Why is there not a combined document detailing to newbies about the encryption, alignment, hibernation vs. sleep, defrag, etc. I have had to spend an evening Googling to get educated, when it could have been so simple for the Crucial brainiacs to put a doc together. My opinion of Crucial has really taken a hit.

Moderator Moderator

Hello LakeFreak,


I'm sorry to hear you were having difficulties finding the information you need. We are always open to customer feedback; please let us know of any improvements you think we can do to the Tribal Knowledge Base to make it easier to locate the information you were looking for.


If you have any additional questions, please don't hesitate to make use of our free Technical Support by sending us an email, or call, or contact us via chat. We'll be happy to provide all the information we can.

Bit Baby

I have a 2TB MX300 with 64bit Windows 10.


Is there a guide which explains how to setup encryption.

Bit Baby
I have 275GB MX300 with 64bit Windows 7 and a non UEFI laptop. Is there a guide which explains how to setup encryption?