Hardware encryption bypass on MX100, MX200 and MX300 SSDs

JEDEC Jedi

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

@Crucial_Benny I think the query is about the even older drives that pre-date the MX series.  The M500 as opposed to the MX500. Smiley Happy

_______________________________________
How do I know what memory to buy?
Shop for your region: US | UK | EU | France |
I think my memory is bad. What do I do now?
FAQs and Top Forum Solutions
Did a user help you? Say thanks by giving Kudos!
Still need help? Contact Customer Service
Want to be a Super User?
JEDEC Jedi

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

Yes, it's about M500 and M550...

______________________________________
How do I know what memory to buy?
Shop for your region: US | UK | EU | France |
I think my memory is bad. What do I do now?
FAQs and Top Forum Solutions
Did a user help you? Say thanks by giving Kudos!
Still need help? Contact Customer Service
Want to be a Super User?
Crucial Employee

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

The M500 and M550 are not effected by this issue in any way, only the MX100, MX200, and MX300 are. Firmware updates that address the issue were already released for the MX100 and MX200 in May, MX300 update is still pending.





Crucial_Benny, Micron CPG Support, US


How do I know what memory to buy?
Shop for your region: US | UK | EU | France |
I think my memory is bad. What do I do now?
FAQs and Top Forum Solutions
Did a user help you? Say thanks by giving Kudos!
Still need help? Contact Customer Service
Want to be a Super User?
JEDEC Jedi

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

Thanks for clarifying that Smiley Happy

_______________________________________
How do I know what memory to buy?
Shop for your region: US | UK | EU | France |
I think my memory is bad. What do I do now?
FAQs and Top Forum Solutions
Did a user help you? Say thanks by giving Kudos!
Still need help? Contact Customer Service
Want to be a Super User?
Kilobyte Kid

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs


@Crucial_Benny wrote:

The M500 and M550 are not effected by this issue in any way, only the MX100, MX200, and MX300 are.

Firmware updates that address the issue were already released for the MX100 and MX200 in May, MX300 update is still pending.


Maybe because only MX100, MX200 and MX300 got tested by the researchers?

So other SSDs could still have security issues... 

 

One question unfortunately is still unanswered:

Is the DEK now linked to the user passphrase, like it should be implemented in the right way?

Or does the firmware update just disable the JTAG interface, like a previous post suggested?

Lee
Kilobyte Kid

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

@Crucial_Benny wrote:

The M500 and M550 are not effected by this issue in any way, only the MX100, MX200, and MX300 are.

Firmware updates that address the issue were already released for the MX100 and MX200 in May, MX300 update is still pending.

 

@BerndLauert wrote:

One question unfortunately is still unanswered:

Is the DEK now linked to the user passphrase, like it should be implemented in the right way?

Or does the firmware update just disable the JTAG interface, like a previous post suggested?

 

I am curious to and i think many others?

Kilobyte Kid

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

I still have some hope Crucial engineers will to the right thing for MX100/MX200 users when they are done with MX300 and fix the MX100/MX200 properly instead of only disabling jtag.

 

Sorry for any mistakes. English is not my native language

ZPQ
Kilobyte Kid

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

Hi!

A new firmware have been released for MX300 SSD's and it's fixing this scurity issue.

https://eu.crucial.com/eur/en/support-ssd-mx300-firmware-update

 

// ZPQ

 

Highlighted
Kilobyte Kid

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

Thank you for informing us!

 

I've read the detailed instructions you have linked to get a more complete picture of the situation.

Crucial's instructions to wipe the drive using "PSID revert" suggests that the DEK safekeeping is improved, e.g. the Disk Encryption Key is now cryptographically linked to the user passphrase. BUT that is just an assumption on my behalf.

Crucial still recommends the use of software encryption on it's main SSD Support section, so I would not bet on it that it's now 100% securely implemented.

And in addition to it MX100 and MX200 didn't get updated instructions, so still only JTAG interface disabled?!

 

For those interested in further reading, WinMagic reached out to SSD manufactures and asked them about security.

https://www.winmagic.com/blog/sed-vulnerabilities/

https://www.winmagic.com/drive-compatibility?manufacturer=All

SW means Software Encryption is recommended – FW means Firmware Update may suffice