How to enable Hardware Encryption on SSDs like Samsung 840 EVO?

ssd encryption

Just got Ubuntu 14.04 running on a Zotac Zbox CI320. I want to enable the Samsung 840 hard ware encryption that comes with this hard drive, but I don't know how.

Is there anyone that can help me set this up? Much appreciated.


There are different kinds of hardware encryption on SSDs, see SSDs with usable built-in hardware-based full disk encryption for an in-depth explanation.

You asked about the Samsung 840 EVO in particular. It is always encrypting your data and is unlocked by the ATA HDD password set in the BIOS, which defaults to blank. Later you can move the SSD to a new machine and enter the the ATA HDD password via the BIOS there to unlock it. Nothing involved in unlocking is stored outside of the drive itself.

As a Linux user, I prefer this solution over software-based drive encryption. There is no performance penalty and it is simple to setup and use.


I found the following similar questions:

  • OPAL Hardware Encryption on Linux, closed but links to…
  • Free/Libre software to handle TCG OPAL 2.0-compliant Self-Encrypting Drives (SEDs)?

To my knowledge a working SED setup requires a Trusted Platform Module (TPM), but the Zbox doesn't look like it features or supports TPM (1, 2).

While an answer in one of the questions above offers a solution that might even work in your case you should consider the following:

  • If your data is encrypted using TPM and your hardware somehow breaks, your data is gone. Forever.
  • Usually Linux users prefer software-based disk encryption and software-based RAID, because non-standardized or proprietary technology proved to be unreliable in terms of data security and data recovery. If you intend to use free software solutions like Linux for data security or redundancy, also plan in the required computing resources.
  • There have been reports of successful attacks like Warm Replug Attacks on some devices or setups.

Edit: Michael Larabel posted articles on Phoronix where he speculates that SED/OPAL support may be coming to Linux soon, just in case anyone stumbles over this post from the past looking for more up to date information.

Related

Clipit's Offline Mode?
How do I submit wallpapers to be considered for inclusion in Ubuntu?
How can you delete only GPS metadata from a jpeg file?
How to get connection to both wifi as well as LAN in ubuntu 14.04 LTS?
What is the difference between iface eth0 inet manual and iface eth0 inet static?
Pros and cons of hibernating
Upload to PPA succeeded but packages doesn't appear
Why /lib/modules taking so much space on xubuntu?
How do I enter BIOS [closed]
Fatal Python error: Py_Initialize: Unable to get the locale encoding ... SyntaxError: invalid syntax Aborted (core dumped)
Headphones are playing a local radio station
Is Data Transfer between 2 Ubuntu Machines possible via USB-Cable?