using hardware encryption on samsung 840 pro?

IctusBrucks

Member
Jun 20, 2004
40
0
0
Hey guys,

Just got a samsung 840 pro drive. It's functioning fine but it came with no instruction on how to set up the hardware encryption. I had no luck searching how to enable it or set a password.

The included CD just had the magician 3.2 software that I already had installed for my samsung 830 which is my OS drive.

I am using the 840 pro as a hotswap drive intended for frequently moving between 2 different PCs. I would need to be able to lock and unlock at each PC. Can anybody help me figure out how to enable the samsung hardware encryption??
 

IctusBrucks

Member
Jun 20, 2004
40
0
0
What is this Hdd password option called? I've scoured my bios and user manual a few times and found nothing like that.

The only password option I can find is system password and admin password. Those just prompt for password on post and bios load, which has nothing to do with encrypting just the drive.

I need to set a password for a removable hot swap drive, not the system in general. I need the removable drive to work on multiple PCs with the same password.
 

Coup27

Platinum Member
Jul 17, 2010
2,140
3
81
If your BIOS does not have the facility to set a HDD password then it cannot support hardware based encryption. To my knowledge, there is no other way to setup hardware based encryption on a HDD or SSD.
 

RhoXS

Senior member
Aug 14, 2010
207
16
81
I am currently using Truecrypt to encrypt my entire C: drive (128 GB Samsung 830 SSD) but, for a number of reasons, would prefer a hardware based encryption system. The new Samsung 256GB 840 is advertised to include "Advanced AES 256-bit ATA full disk encryption".

My mobo is a ASUS P8P67 PRO (REV 3.1) that is less than a year old. The bios is the latest but it only gives options for Administrator and User passwords. Is it possible once the 840 is installed a new option for the drive password will appear. I just find it a bit incredible that this late model mobo will not support this feature.
 

IctusBrucks

Member
Jun 20, 2004
40
0
0
Thanks guys.

Can anybody recommend a mobo I could upgrade to that supports the BIOS HW encryption that is socket lga2011? Does it need to have a TPM?

setting password in BIOS seems to suggest to me that the same secure ssd wouldn't work in 2 PCs just by setting the same password, would they? It's pointless if I can't move the SSD between systems.


Thanks
 

Coup27

Platinum Member
Jul 17, 2010
2,140
3
81
You're probably better off emailing ASUS or the brand of your choice and asking them to recommend to you or give you a list of their X79 boards which support this feature. I just checked my boards BIOS and I don't have the facility to set a HDD password either.
 

masteryoda34

Golden Member
Dec 17, 2007
1,399
3
81
It may be relevant to point out that the newer Intel CPUs have AES instruction support built in to hardware and these instructions are used by recent versions of TrueCrypt. It is software based encryption, but it is still a form of hardware acceleration.
 

RhoXS

Senior member
Aug 14, 2010
207
16
81
I spoke with the Samsung SSD tech support group in New Jeresy about how to enable the Samsung 240 hardware based AES 256-bit encryption. This what he said:

1 - Hardware encryption is enabled by assigning a "HDD Password" in the bios. That's all there is to it.
2 - The mother board must support TPM (Trusted Platform Module)
3 - Samsung is getting a lot of calls about this and, as a result, they are currently working with marketing and the group that publishes the user manual to get more information readily available.
4 - Motherboards using a Phoenix Award Bios will probably support an HDD password. He also stated many Dell machines support an HDD password.

I also had an email exchange with ASUS regarding my less than one year old P8P67 Pro Rev 3.1. This was their unsatisfying response:

Dear Valued Customer,

Thank you for contacting ASUS Customer Service.

My name is Carter and it''s my pleasure to help you with your problem.

As far as I know,there isn't such option in the bios of our boards to support "Advanced AES 256-bit ATA full disk encryption".
It should work without setting in the bios.
I will also pass the case to out relative department for a check.

If you continue to experience issues in the future, please do not hesitate
to contact us.

Best Regard
Carter

So much for any hope to depend on ASUS for competent support.

I did see a reference made in another forum that some ASUS boards, including my P8P67, have a connector available to install a $13 TPM module. I cannot find this connector on my board so I do not think this in fact true.
 

Coup27

Platinum Member
Jul 17, 2010
2,140
3
81
Dear Valued Customer,

Thank you for contacting ASUS Customer Service.

My name is Carter and it''s my pleasure to help you with your problem.

As far as I know,there isn't such option in the bios of our boards to support "Advanced AES 256-bit ATA full disk encryption".
It should work without setting in the bios.
I will also pass the case to out relative department for a check.

If you continue to experience issues in the future, please do not hesitate
to contact us.

Best Regard
Carter
Don't you just love responses like this. As soon as they say "My name is x and it is a pleasure to be able to help you with this problem" you know it's going to be a waste of time and not in the slightest bit technical.
 

IctusBrucks

Member
Jun 20, 2004
40
0
0
Thanks for posting the additional info and attempts at getting specifics from the manufacturers. It appears there is a bit of a catch-22 going on in that Asus response :)

Well I started to realize that even if I somehow got the BIOS hdd password setup working on another mobo, I don't think the current generation of hardware encryption offers the features I need for what I am trying to do. namely, having some way to enter the password while in windows, unrelated to the BIOS.


So I started looking at software encryption again. Previously I had tested software encryption only using SSDs and USB3 enclosures and there was a pretty significant performance hit (plus USB3 already had shitty randoms).

I tested again yesterday with the SSD installed in the SATA hot swap bays.

First I tested TrueCrypt AES. TrueCrypt wouldn't run with AS-SSD but CrystalDiskMark showed me I was getting great reads, but horribly broken write speeds (everything capped at 60mb/s???). Must've been some weird driver issue with the way TrueCrypt mounts the volume on my PC, since the speeds were much slower than USB3 encrypted.


So then I tried DiskCryptor which uses a different mounting method. I tested AES and Serpent.


Now my baseline 840pro AS-SSD score without any encryption is 1009.

With DiskCryptor and AES, the score is 1008.

With DiskCryptor and Serpent, it was 960 or so (don't have that one saved).


So the DC software encryption is basically free on my PC (I'm sure I pay some minor CPU cost though I need to test for that also). The randoms are incredibly fast and that's what really matters for me for my usage scenarios (rebuilding a shader cache library can take forever because of tons of small random reads of shader code all over the place).


So looks like until things change with how hardware encryption is implemented and presented to consumer users, I will be using software encryption again.

Also FWIW, I ended up needing to rely on a 3rd party utility to make hot-swapping work with my SSD (and by "work" I mean give the option to safely eject the drive using the taskbar icon). There's a win7 bug where in RAID or AHCI mode, your drives don't show up in the "safely remove hardware" list no matter what you do. A little utility called "hotplug.exe" however seems to perfectly replicate the same functionality so you can pull the SSD without worrying if its mid-GC.

Also probably done trying different software encryption methods since I have done at least 3 full disk writes just to test this stuff :)
 
Last edited:

Auric

Diamond Member
Oct 11, 1999
9,591
2
71
AES hardware acceleration is an option in TrueCrypt so did you specifically enable it?

Different controllers and drivers present drives differently. The generic Microsoft driver may include drives under "Safely Remove..." however Intel driver does not. I've used the utility HotSwap! for many years and while I am perfectly content with it, can you provide a linkaroo for hotplug.exe?
 

IctusBrucks

Member
Jun 20, 2004
40
0
0
Actually I did use AES with TrueCrypt. The reads were just as good as DiskCryptor, but for some reason on my system the writes were capped at 60. It must be a weird system specific issue since I didn't have that problem using the same drive in a USB enclosure.

I honestly can't recall where I downloaded hotswap.exe from. I originally found out about it from some german forum post I had to translate. After that, I just googled hotswap.exe and got it from one of the popular download sites.


Yes you are right that the generic windows driver supports "safely remove hardware" for the SATA drives. But it seems once you have installed windows, there is no way to uninstall RST. I tried uninstalling it several times but it automatically reinstalls after reboot. Once I deleted the source driver files from windows and as well but I got a BSOD on reboot. I don't even know that it's possible to get a RAID system up with the generic microsoft drivers, since to install windows I had to provide a disk.

Also I'd like to point out that DiskCryptor beta 1.0.732.111 is currently the only software encryption tool that supports TRIM for SSDs. TrueCrypt does not support it yet. Also the non-beta version of DiskCryptor doesn't support it either.

TBH though i'm not sure if the TRIM is working. Yes my bench stats are great but maybe just because there's still enough spare area after my last secure erase.

When I originally read about the DC TRIM support, somebody said it worked by not encrypting the empty space. I was a bit surprised then when it still took the usual 30-40 minutes to create the encrypted disk.

I know for sure the TRIM command is being issued. CrystalDiskInfo also tells me that the drive supports TRIM (not grey), but I suppose there is really no way to verify TRIM is working other than to continually write to the drive and bench, right? If so I'll probably skip that because I'm already well over 2TB of writes on my 840 pro.
 
Last edited:

jwilliams4200

Senior member
Apr 10, 2009
532
0
0
Yes you are right that the generic windows driver supports "safely remove hardware" for the SATA drives. But it seems once you have installed windows, there is no way to uninstall RST. I tried uninstalling it several times but it automatically reinstalls after reboot.

That is strange. On the Windows computer that I use most for testing SSDs, I have gone back and forth between Intel IASTOR/RST and MSAHCI drivers several times. MSAHCI driver was installed way back when I installed Windows, and I never tried to uninstall or reinstall that. But I just use Program Manager to uninstall Intel's driver and MSAHCI automatically takes over. Then I reinstall Intel's driver, and IASTOR takes over. Back and forth works fine.

I wonder if MSAHCI is somehow not installed on your machine, and that is why Intel's driver comes back when you try to remove it?
 

IctusBrucks

Member
Jun 20, 2004
40
0
0
ah but MSAHCI won't work in RAID will it?

I use two platter drives in RAID1 as my mass-strorage as well as random media/TMP drive.

Doesn't MSAHCI only work in AHCI bios mode? I did have MSAHCI on a previous windows install when I had the bios in AHCI.
 

Coup27

Platinum Member
Jul 17, 2010
2,140
3
81
That is strange. On the Windows computer that I use most for testing SSDs, I have gone back and forth between Intel IASTOR/RST and MSAHCI drivers several times. MSAHCI driver was installed way back when I installed Windows, and I never tried to uninstall or reinstall that. But I just use Program Manager to uninstall Intel's driver and MSAHCI automatically takes over. Then I reinstall Intel's driver, and IASTOR takes over. Back and forth works fine.

I wonder if MSAHCI is somehow not installed on your machine, and that is why Intel's driver comes back when you try to remove it?
Is this while you are in RAID mode though? It sounds like he is using a RAID array. I know you can easily switch between the two drivers in AHCI but like he said, can you install into a RAID array without the Intel F6 driver?

Edit: OP managed to sneek a post in before me :p
 

Ashkan

Junior Member
Dec 7, 2017
1
0
1
Hello to all,
I just register to write this reply.
You can use "hdparm" application under a linux environment to setup a password on your SSD.
Manufacturers usually hide some of the motherboard's firmware options (Like my laptop). You can use a firmware modification tool for your BIOS and unhide every available option you want and then reflash it again (Like what i did for myself).
But also you can test if your motherboard supports it or not by enabling the disk password from very low level tool like hdparm. if your motherboard supports it, it will prompt you for a password after a cold reboot.


Steps:
1- Boot with a simple live linux like "Mint", which includes hdparm.
2- Use graphical "disks" utility to find your device path. (Like /dev/sda)
3- Check if the disk is not frozen:
sudo hdparm -I /dev/sda
At the end of the output, you should read: "not frozen"
4- Suspend (sleep) the computer if is frozen, and then exit the suspend state. (you can recheck step 3 for assurance)
5- Set your password:
sudo hdparm --security-set-pass "your_password" /dev/sda
6- Power off and cold boot the system.