No announcement yet.

ATA Security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ATA Security

    Hi,

    I have a Z68 Pro3 Gen3 and I want to use the hardware encryption of my SSD. For this to work properly, I have to set a ATA password, but I don't find an option for setting this password in the UEFI. Does the user password do the trick or is my board just not supporting ATA security?

    Thanks
    Last edited by toton; 09-29-2014, 06:12 PM.

  • #2
    Re: ATA Security

    Good question. A source I trust in a recent document refers to the password needed to enable encryption as the "HDD password". As you know, we don't see this in your board's UEFI, or in any of my ASRock boards, ranging from Z77 to Z97.

    That may be simply a mistake, or it is assumed that this password acts as the HDD password. We need confirmation of this from ASRock support. This is important, because even AES encryption, which is active by default when available on a drive, does not provide protection unless a password has been created on the drive.

    Depending upon the SSD you are using, does it have a utility program provided for it? I'm mainly referring to Samsung SSDs and their Magician software. I don't have Magician installed on the PC I'm using now so I can't check, but programs like this might indicate if encryption is enabled on the SSD.

    If you have that capability, you can test the password option available in your UEFI, and see if it enables encryption.

    I also suggest using the Administrator/Supervisor password, since that provides more control and options than the user password does.

    Frankly, IMO I have a feeling these passwords are not for ATA/HDDs. On my ASRock Z97 board's UEFI, the Supervisor password can be cleared in the UEFI by simply clearing the field and pressing enter. Little to no security there.

    Strict master HDD password protocol locks out the owner if they forget/lose that password. Clearing a master HDD password creates a new encryption key, making any data currently on the drive useless and unrecoverable.

    I can imagine how often this happened to some people when you provide them with this capability, who then blame the mother board manufacture for not being able to save them from themselves. Of course the mother board manufacture is not at fault, or the problem. To remove this problem, a mother board manufacture simply does not provide this feature, and I can understand why.

    Comment


    • #3
      Re: ATA Security

      Protect Your Privacy: Security & Encryption Basics | Samsung SSD

      Enabling AES Encryption

      AES encryption is always active on an 840 or 840 Pro Series SSD. In order to benefit from the encryption feature, however, the user must enable an ATA password to limit access to the data. Failure to do so will render AES-encryption ineffective – akin to having a safe but leaving the door wide open. To set an ATA password, simply access the BIOS, navigate to the “Security” menu, enable “Password on boot” and set an “HDD Password.” Administrators also have the option of setting a “Master Password,” which can allow a lost user password (“HDD Password) to be recovered. The “Master Password” may also be used to unlock and/or erase the drive (depending on the settings), effectively destroying, and thus protecting, the data but allowing the drive to be reused. The setup procedure may differ slightly depending on the BIOS version installed on a particular machine. It is best to consult the user manual if there is any confusion.
      #1 - Please, when seeking help, enter the make and model of ALL parts that your system is comprised of in your Signature, or at least the model #'s in your System Specs, then "Save' it.
      ____If you are overclocking, underclocking, or undervolting any parts, informing us of this and their values would prove beneficial in helping you.


      #2 - Consider your PSU to be the foundation from which all else is built upon. Anything built upon a weak foundation is poorly built.

      Comment


      • #4
        Re: ATA Security: ASRock PLEASE HELP with next UEFI update

        It would be tremendously helpful to make the hardware security features of the Samsung 840 EVO series and the Intel 520 and 530 and 720 and 730 series SSDs functional. To do so, ASRock would need to change their BIOS to include ATA drive passwords for each drive. Intel and Samsung SSDs require this password in order to have their hardware encryption work. No bitlocker, no truecrypt needed. And apparently it's fast. The bad news: this feature only seems to work on certain laptops with ATA password options in their BIOS (no desktop ones have it) or with Bitlocker, if you happen to have Win 7 pro or later. ASRock, PLEASE consider in your next UEFI including this feature. More desktops use hotswap drives these days, and it would be great to be able to secure them from being used on other machines!!!!

        Comment

        Working...
        X