• caglararli@hotmail.com
  • 05386281520

Are there any motherboards / UEFI that support hardware encryption on SED?

Çağlar Arlı      -    11 Views

Are there any motherboards / UEFI that support hardware encryption on SED?

I found that Thinkpads have hdd password support, which in terms uses some bizarre password hashing and ends up with 90 bits of entropy, which is again used as ATA security password to SED, which in terms encrypts the HDD:s own build-in always on encryption key...and kinda does what Im looking for.

But are there any other computers / motherboards / UEFI that support this, hopefully in more secure or complex ways?

Since it can be as simple as having hdparm-command to issue passwords, or as complex as having UEFI program to hash passphrase with keyfile from USB-stick to use the same hdparm, or complex combination of TPM included secrets unlocked via fingerprint reader & PIN:s to get secrets to hash together to get ATA security passphrase, etc... Or it could be done using Opal security extensions on UEFI / Motherboard with any or all of these... Or it could be something else.

I dont understand why this is not generally available in UEFI to secure SSD/M.2 HDD:s on hardware security level, independent of operating system etc.??? It would be more secure, more easy, and no worries about Bitlocker getting into recovery mode or about reinstalling new OS or anything like that, since the whole package would be handled by UEFI and hardware on the SED.

Notice: There was/is "ATA Security eXtension BIOS" but this is for old computers. https://www.fitzenreiter.de/ata/ata_eng.htm