cancel
Showing results for 
Search instead for 
Did you mean: 

Class 0 Encryption for NVMe SSDs

marek_aui
Level 7
Hello!

Is there possibility that the board will enable class 0 encryption build in NVMe SSDs? I could not find it anyware in the BIOS, no instruction for at all. Only for TPM module...

I have Samsung 960 Pro which allows this type of HW encryption. It should be only BIOS thing as far as I know. It is a pitty that so expensive board does not allow it....

Thank you!
2,785 Views
1 REPLY 1

Korth
Level 14
Embedded drive encryption - aka "always on internal encryption" - or (Samsung calls it) Class 0 encryption - is built into the drive controller logic/firmware. Not the motherboard firmware.

It's really just a "simple" real-time crypto hash applied directly over the encoding, it's an insignificant (and basically immeasurably tiny) performance impact because the drive controller has to process encoding/decoding in real-time anyways. It's not considered particularly secure in itself, but adds security as part of a layered multi-crypto strategy.

Most TPMs (of the sort I'm familiar with) will capture and store the drive password (which is typically written in plaintext). But they don't otherwise interface with it or augment it in any way. They can (when supported by the motherboard firmware and operating system software) only layer their own hardware layer token/cryptologic on top of it.

And the motherboard firmware/BIOS itself can also provide another layer of crypto, if the "HDD" password/lock feature is enabled. But again, this generally isn't considered "secure" by most IT folks - they'll use it but they won't rely on it - it's mostly useful only for limiting access to drives (and the data they contain) when they're installed in different platforms, and it's usually not too difficult to defeat by professional/forensic data recovery types.
"All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

[/Korth]