Hey,
I still haven't ordered my Crucial M4 SSD and am currently became aware of hardware full drive encryption (FDE) which is dubbed SED (self-encrypting drive), standardized through the OPAL specifications from the Trusted Computing Group (TCG). Right now, I use Bitlocker with USB for FDE, but the 0-performance impact of OPAL for FDE appeal to me, and I've read that bitlocker might amplify writes on SSDs (although maybe that's only when using a SSD based on a Sandforce controller which I am not going to get).
Now I have a few questions regarding TCG OPAL / SED.
Apparently Bitlocker in Windows 8 supports managing OPAL drives, but it requires TPM and UEFI for it.
- Is this UEFI requirement inherent to how OPAL works, or is it based on a concious decision that UEFI+TPM is the only way to provide a secure booting environment (preventing bootkits from compromising the boot process)?
- If the limitation is not inherent to OPAL, is it possible to retrofit a SED drive on an old notebook (e.g. onto my IBM Thinkpad T43 which does not have TPM 1.2 nor UEFI), and can I enable a request for a user authentication key in the pre-boot environment?
I still haven't ordered my Crucial M4 SSD and am currently became aware of hardware full drive encryption (FDE) which is dubbed SED (self-encrypting drive), standardized through the OPAL specifications from the Trusted Computing Group (TCG). Right now, I use Bitlocker with USB for FDE, but the 0-performance impact of OPAL for FDE appeal to me, and I've read that bitlocker might amplify writes on SSDs (although maybe that's only when using a SSD based on a Sandforce controller which I am not going to get).
Now I have a few questions regarding TCG OPAL / SED.
Apparently Bitlocker in Windows 8 supports managing OPAL drives, but it requires TPM and UEFI for it.
- Is this UEFI requirement inherent to how OPAL works, or is it based on a concious decision that UEFI+TPM is the only way to provide a secure booting environment (preventing bootkits from compromising the boot process)?
- If the limitation is not inherent to OPAL, is it possible to retrofit a SED drive on an old notebook (e.g. onto my IBM Thinkpad T43 which does not have TPM 1.2 nor UEFI), and can I enable a request for a user authentication key in the pre-boot environment?
Comment