Is a hardware-based full disk encryption possible on a Mac?
Is it possible to use hardware-based full disk encryption (perhaps on a Samsung 840 Pro SSD) on a Mac, specifically a Macbook Pro 8,2? If so, how?
My understanding is that this will be handled in the BIOS or possibly EFI, however I think Apple's EFI is generally quite locked down.
I'm not looking for any software-based solutions such as FileVault 2 or TrueCrypt. I dual boot and matters will be simpler if it is handled in hardware.
I've asked myself exactly the same thing as I've also bough a Samsung 840 Pro for my MacBook Pro. After some research I've found this post indicating that the 840 Pro's hardware encryption requires TPM support, and that's only found in PC BIOSes, not in Mac's (U)EFI. To be sure, I've asked Samsung support which of the standards "ATA-Security", "Seagate DriveTrust" and "TCG OPAL" are supported by the 840 Pro, and their answer was:
Dear Customer,
Thank you for contacting Samsung SSD support regarding your inquiry. In response to your inquiry, the only one of the 3 that the unit supports is the ATA Security feaure. As for the encryption, the 840 Pro Series SSD only supports AES 256 bit hardware level encryption but requires the BIOS to be TPM enabled.
So there's no way to enable the 840 Pro's hardware encryption in a Mac.
However, there's also the Crucial M500 which supports TCG's Opal. In conjunction with a special Opal management software like WinMagic's SecureDoc for Mac it sounds as if it's possible to get hardware encryption to work on a Mac.
BTW, note that according to Sophos' support their SafeGuard does support Opal only on Windows, not on Mac OS. Also, McAfee's General Q&A for Opal states
Q: Will Opal drives be supported on Mac OS X?
A: No. Apple currently does not ship their devices with Opal drives so Opal is not supported on Endpoint Encryption for Mac.
But of course that's says nothing about that happens if you just put an Opal drive into a Mac yourself.
Expanding on sschuberth's answer, as of December 2013, the Samsung 840 EVO (but not PRO) also has firmware that directly supports TCG OPAL. It's a good bet that an 840 Pro firmware update to do the same thing will come soon.
You need some software to manage the SED drive, otherwise you get little or no benefit from the built-in security.
WinMagic SecureDoc will manage the drive, but not for every OS X release out there (anecdotal evidence suggests 10.8.1: ok, 10.8.2: not ok).
You'll need to run WinMagic enterprise software, too, I believe. While they have a standalone edition of SecureDoc to support SEDs, it appears that it is only available for Windows.
NOTE: SecureDoc does not require a TPM for SEDs, nor does the 840 EVO running in TCG Opal mode. SecureDoc can support the use of a TPM if you have one and enable the feature (Windows only).