08-18-2013 07:01 AM
I recently purchased an EliteBook 8570w with Windows 7 Pro and a MTFDDAK256MAM-1K12 self-encrypting SSD drive (SED).
However, I cannot find an option to enable the self-encrypting feature. I've tried checking in the pre-boot options without luck (hitting Esc at boot). For instance, I see menu options for DriveLock and Auto DriveLock but these are disabled in the BIOS menu.
And I have tried looking in the HP Protect Tools software but this appears to have only activated software encryption on the drive.
Any advice on how I can enable the hardware encryption (SED) feature?
08-31-2013 10:36 PM
Thanks for the link. The document you linked to reads:
That the drive must be provisioned and "Provisioning an SED requires SED management software."
and refers to ATA Drive Lock (HP BIOS).
However, when I enter BIOS via F10, the Drive Lock menu option is disabled. Do you know how I can enable this menu option in BIOS?
09-01-2013 01:14 AM
>"Provisioning an SED requires SED management software."
>when I enter BIOS via F10, the Drive Lock menu option is disabled. Do you know how I can enable this menu option in BIOS?
I think you need extra software to enable it. I.e. the SED is already encrypting/decrypting. You need to have software to prompt you for the authentication key and this must be done in some boot code.
The above document says "HP ProtectTools is included with all HP workstations that ship with an SED".
Which may imply that it would only work if you bought that SED with a HP workstation but you have a laptop.
09-02-2013 07:15 AM
>Which may imply that it would only work if you bought that SED with a HP workstation but you have a laptop.
The HP 8570w is an Elitebook Mobile Workstation.
09-02-2013 09:22 AM - edited 09-02-2013 09:24 AM
>The HP 8570w is an Elitebook Mobile Workstation.
Unfortunately the whitepaper is not specific enough to mention which workstations and what software is needed.
In any case, did your laptop come with the SED?
09-10-2013 09:30 AM
Self Encrypting Drives manage (and hide) all data encryption in the drive controller. You can enable protection of the SED by setting a password in the drive. Once that is done, the drive will only acknowledge any I/O when it is "unlocked' by providing that password
Now, there are 2 ways to set and manage that password (as the white paper suggested). You can have an Enterprise Management software with an agent that manages SED access corporate-wide (or workgroup-wide), OR, you can have the BIOS manage the SED password via Drivelock. What you may be missing is the fact that as a security precaution, you are required to setup a BIOS admin password to enable Drivelock. That way, someone else with access to the laptop could not go back into the BIOS, reset, the Drivelock and access your drive (whose data you are trying to protect) with impunity
Hope this helps, and sorry for the long response