The Samsung range of SSD drives boast about their hardware level encryption – but what surprises me is that there is so little detail about this feature.
In fact, the more I looked into it I noticed that it’s not even enabled by default and there’s no clear instruction on how to enable it.
Here I hope to clear up some of that mystery and show how to enable the hardware level encryption.
What is the hardware level encryption?
Encryption is the processing of taking data from its standard state and processing it so it is no longer readable without a ‘key’ to unlock it.
Hardware level encryption is where the hardware manages the encryption/decryption process of all data on the drive – this has a significant performance advantages and reduces read/write cycles that ultimately shorten the life of the drive. Without hardware level encryption you can still encrypt the data but performance is typically reduced.
What’s important to note here is that the drive alone does not encrypt the data – it needs to be done along with a software level encryption tool like BitLocker or TrueCrypt.
How can I tell if hardware level encryption is enabled?
- Download and install the Samsung Magician software on the computer with the SSD drive.
- Open Samsung Magician and select ‘Data Security’ from the left hand menu
- Make sure the correct drive is selected under ‘Target Drive’
- Under ‘Encrypted Drive’ you will see ‘Disabled’ if it is not already enabled.
How to enable hardware level encryption?
Note: this process requires you to erase all existing content on the SSD drive – backup and be prepared to reinstall everything.
To enable hardware level encryption on your Samsung drive you will need to
- use the Samsung Magician software to enable it,
- create a bootable usb drive
- boot the drive with the SSD connected and follow the on screen prompts
- re-install Windows
- enable BitLocker (required the Professional edition of Windows) or TrueCrypt (or similar third party paid software)
Step 1: Enable encrypted drive
- Download and install the Samsung Magician software on the computer with the SSD drive.
- Open Samsung Magician and select ‘Data Security’ from the left hand menu
- Make sure the correct drive is selected under ‘Target Drive’
- Under ‘Encrypted Drive’ click ‘How to enable’
- In the pop-up click ‘Ready to enable’
- The state will change from ‘Disabled’ to ‘Ready to enable’
Step 2: Create bootable media
- Now in the left hand menu select ‘Secure Erase’ – you will now need to create a bootable drive, you can do this using a CD/DVD or USB (note that this will erase all existing content from the USB drive).
- Using the USB option, insert the USB drive into the computer.
- Click ‘Browse’ and select the drive from the list
- Click ‘Start’ to start the process
- When finished it will prompt you to restart the computer.
- Restart the computer and boot from the USB drive.
Step 3: SSD Secure Erase
When booted from the USB drive you’ll see the following screen
- Click ‘Y’ on the keyboard to continue
- The software will list the compatible SSD drive connected to the computer
- Click ‘Y’ on the keyboard to continue
- If you see a message which says “the selected drive is in a Frozen state” – you will need to follow the on instructions provided on screen (I’ve had this happen on desktop and laptop computers – it is much more awkward for laptop computers and should be done with extreme caution … you are after all prodding your hands inside a powered computer!)
- Once completed you will see “Secure Erase is Successful” – the software will exit to DOS – you can now turn off the computer and begin the Windows re-install process.
Step 4: Re-install Windows and enable BitLocker
I won’t detail how to re-install Windows, but once this is done this guide will help explain how to enable BitLocker on Windows 10 – Windows 10 – How to encrypt a drive using BitLocker
References: