SED need some info basics ect

AlwaysWinter

Junior Member
Feb 25, 2017
6
0
1
ok so I was in the market for a new hard drive and ran across a term Seagate secure did a search and well I wouldn't know where to start but wanted to learn more. at a glance I suppose its self explanatory but anyways this TPM do I need to buy one? as I opened bitlocker it said something like

"administrator has to set allow bitlocker without a compatible TPM option in the require additional authentication at startup policy for os volumes"

no idea what this really refers to. I have a Samsung 960 evo, not sure if it supports bitlocker or not I did see a list of 3 drives from Seagate that are sed's am wondering do I need to buy a TPM module and that runs with any SED? or is this something an sed comes with.

I did see where I could buy a TPM and was wondering if I could buy any drive an add this tpm to the computer then whats to stop someone from taking the TPM and SED out and putting it into another system to write either viruses or backdoors onto the drive then replacing it back into the system.
I will be buying another drive and from Seagate I found ST3000DM002 ST3000DM004 are the only models that support SED for desktop but was wondering if I could get any old drive like ssay a SShd firecuda or ST2000DM006 could either of those be used with a TPM device listed below?

https://www.newegg.com/Product/Product.aspx?Item=9SIA9PV4F76046&cm_re=tpm-_-13-995-029-_-Product
in it's description it say
The Trusted Platform Module (TPM) is a security device on the system board that will hold computer-generated keys for encryption
It is a hardware-based solution that helps to avoid attacks by hackers looking to capture passwords and encryption keys

now will that do anything for someone who has physical access to the drive to keep someone from adding files to a system? or creating a backdoor by adding files. ask away as I really want to understand how to use this stuff if only basic
 

corkyg

Elite Member | Peripherals
Super Moderator
Mar 4, 2000
27,370
238
106
Have you read the sticky for this Forum?
 

AlwaysWinter

Junior Member
Feb 25, 2017
6
0
1
I took a look but that seemed like it was about ssd's I'm asking about sEd's am I not suppose to link newegg?
 
Last edited:

corkyg

Elite Member | Peripherals
Super Moderator
Mar 4, 2000
27,370
238
106
I took a look but that seemed like it was about ssd's I'm asking about sEd's am I not suppose to link newegg?

Got it. I know SED as a stream editor, i.e., software. Just a bit confused as to what you are asking about. Your 960 EVO is a SSD. No problem with the Newegg link. Now I see you are talking about Self Encrypting Drives. So, you are in the right Forum. Seagate is not the only one that has self encrypting drives. WD has them also. I stand educated. :)
 
Last edited:

AlwaysWinter

Junior Member
Feb 25, 2017
6
0
1
trying to figure out if I should get a sed capable drive or just find the fastest non sed drive although I hear that seds don't slow anything down.

edit. never seen the abbreviation SED till I was reading newegg marketing stuff on the hard drives web page seen Seagate secure and just did a google search out of curiosity. but yes self encrypting disk.

if nothin else will get a Seagate or I use to be a western digital guy but been reading they been having a lot of hard drive failures not sure if this is true or not but anyways.
 
Last edited:

ch33zw1z

Lifer
Nov 4, 2004
37,734
18,004
146
The acronym SED is typically seen at enterprise level. Many consumer SSD's have it, just not called that.
 

AlwaysWinter

Junior Member
Feb 25, 2017
6
0
1
I'm not even sure where to begin is sed a 3part process? meaning 1. having a hard drive sed capable, 2. having a TPM> and 3. having a program like bitlocker? not really sure what direction I'm going with this trying to figure out what an sed and a tpm where they fit together I guess
 

Elixer

Lifer
May 7, 2002
10,376
762
126
...

now will that do anything for someone who has physical access to the drive to keep someone from adding files to a system? or creating a backdoor by adding files. ask away as I really want to understand how to use this stuff if only basic

To keep it simple, if a SSD has SED support, then to get SED working 'correctly' (ie, encrypt its contents) you need a TPM enabled motherboard. TPM = Trusted platform module, and it is usually an option in the UEFI BIOS.

The main purpose of this kind of setup is so the SSD (or whatever) will ONLY work with that specific motherboard, otherwise, it would be encrypted.

You say, great, I always wanted to keep my files hidden!
Well, suffice to safe, if they are near your SSD (or whatever) they will take the whole machine, so, at that point, they can still get into windows via a variety of ways, and all your data is visible.

The other issue here is, if the SSD (or whatever) fails for ANY reason, it is pretty much impossible to get any data back, since they are more or less paired with the motherboard.
That means, you would have to ship the motherboard with the device, and hopefully, they can get the data back.
Oh, and if the motherboard fails... well, you have a rude surprise there as well, it all depends on a variety of things, and if you get the same motherboard or not.

If you really need encrypted stuff, then, you should have a backup routine of everything important, and yeah, that needs to be encrypted as well, so keep multiple copies.
 

AlwaysWinter

Junior Member
Feb 25, 2017
6
0
1
well what if you don't use encryption at all is there any security benefit to a TPM read something about background stuff as simple as windows passwords ect background stuff
 

corkyg

Elite Member | Peripherals
Super Moderator
Mar 4, 2000
27,370
238
106
With a SED you don't have a choice. It auto-encrypts. If you want to control what is and what is not encrypted, do not use a SED.
 

Elixer

Lifer
May 7, 2002
10,376
762
126
well what if you don't use encryption at all is there any security benefit to a TPM read something about background stuff as simple as windows passwords ect background stuff
If you are asking if is there anything else that uses TPM besides devices, I only know of a few security dongles that use it.
Haven't seen any program use TPM like that, since it don't really make sense to be tied with windows passwords like that.
 

AlwaysWinter

Junior Member
Feb 25, 2017
6
0
1
well I read in the tidbit of marketing info on the newegg page that it secures windows passwords and other stuff. wondered if it would be of any benefit to have one even if I'm not using it for a specific purpose. like securing windows login malware ect
 

corkyg

Elite Member | Peripherals
Super Moderator
Mar 4, 2000
27,370
238
106
There are better ways to secure passwords
 

Elixer

Lifer
May 7, 2002
10,376
762
126
well I read in the tidbit of marketing info on the newegg page that it secures windows passwords and other stuff. wondered if it would be of any benefit to have one even if I'm not using it for a specific purpose. like securing windows login malware ect
Marketing BS, as usual.
As I mentioned, that wouldn't make sense. TPM generates a key, and then the device in question is "tied" to that.
Think of it like you have a key, and a door, and that key only works on the lock of that door.
There still could be fire inside the place, so, a lock can't do anything about what is happening inside.