01-31-2019 04:30 AM
Hi, as per subject, I've just got an MX500 500GB and was thinking to enable encryption on it as I bring it with me around and I could possibly loose it. Would formatting it on my Mac as an APFS encrypted volume exploit the HW encryption capabilites of the unit ? If not, is there any other way or can it be used only when used as an internal drive and/or as USB with Bitlocker on Windows ? BR Peppe
Solved! Go to Solution.
01-31-2019 10:17 AM
AFAIK Apple does not make use of OPAL Hardware Encryption employed by third party SSDs.
Check out Drive Trust Alliance (DTA) for a possible third party paid solution for using OPAL HW Encryption. You will have to check around their website for information. I find their website very confusing and it is sometimes hard to tell if they are talking about SED SSDs or just SED USB Flash Drives at times. I'm also not sure if their Apple GUI software (SED Control & SED Access) are available outside of the full kit they sell. Unfortunately they don't provide a free open source solution for macOS like they do for Windows & Linux.
If you want to utilize OPAL hardware encryption with the MX500 connected externally, then it might be possible to utilize a Virtual Machine to boot the free Linux Rescue64 disk DTA provides to setup & unlock the MX500. The tool on this disk is a Linux command line utility. You will need to read the DTA Sedutil Wiki for details on how to use "sedutil-cli". Their documentation mixes Windows & Linux command line examples. I don't know if the VM or macOS will allow any of the necessary communication to the external drive.
I don't know of any way to utilize ATA Security on a Mac as I don't believe the Linux "hdparm" utility is available in Homebrew or MacPorts.
If you want to use the MX500 as a boot drive utilizing OPAL hardware encryption, then it might be possible to use the open source command line DTA software to enable it, but you would need to disable Sleep functionality or convert Sleep into Hibernation using the "pmset" command.
02-05-2019 03:10 AM
Thanks for taking care of explaing in full length the options. I didn't imagine it was so hard, I honestly thought of a seamless process. This purchase of a 500GB unit was meant as a test drive to evaluate the easy feasibility of encrypting a following 2TB drive containing personal stuff that often travels with me. I have to think twice about this or have a clear solid working path of achieving my target before proceeding.