02-09-2019 02:46 AM
Hi everyone. I recently plugged in an MX300 into a new laptop, hoping I could use either SATA password locking or self-encryption for security. As it turns out the laptop supports neither of these features, so I will have to resort to software encryption (via Bitlocker). Is it possible to turn off self-encryption on this drive? Will a PSID revert operation accomplish this? I would like to avoid the overhead of self-encryption on top of the software encryption. I'm thinking this would improve overall drive performance, if only marginally. Any insight would be much appreciated.
02-09-2019 07:58 AM - edited 02-09-2019 07:58 AM
The drives are hardware encrypted internally whether or not you setup security to make use of it. There's no way to turn it off. And there's no concept of it being faster with it off because it's an impossible scenario - the drive is designed to run with it on. There is no overhead to it.
I've never much played with encryption myself but my understanding is you can use bitlocker to enable the hardware encryption?
Performance overhead from software encryption won't come from any kind of clash with the hardware encryption but rather the effect such software will have on the ATA trim command which is required for SSD's to maintain peak write performance.
02-09-2019 05:20 PM
If your new laptop doesn't have a TPM then how about using the open source sedutil option to utilize the MX300's hardware encryption. This option puts a special boot image onto an internal boot area of the SSD which will be accessed during system boot to prompt you for the password to unlock the SSD and then transfer control to the normal OS bootloader. Be aware that sleep is not supported and you may want to disable sleep or convert the sleep option into a hibernation option instead so it isn't accidently activated.
Make sure to read all of the documention from the sedutil Wiki including the FAQ. Be aware the documentation mixes Windows & Linux command line examples.
In theory Windows Bitlocker should be able to use hardware encryption with a USB flash drive to store the Recovery Key which is required to boot, but I'm not sure if it can be done without changing the Group Policy to allow it. I'm not a Windows user so I'm not sure of the particulars.
Make sure to update the firmware to version M0CR070 to enable the latest security fixes to the drive's security and to keep the MX300 working correctly.