Samsung 960 EVO and "data encryption" feature

I really wonder what is all about the propagated feature not only for this ssd drive?!?

I have an 960 EVO (500GB) with latest firmware, latest nvme driver and latest samsung magician installed - still that option “is not supported by the drive”.

WTF?!

I’ve asked the Samsung support about this - no answer as of yet.

Has someone a hint for me in this riddle?

Samsung itself states:

https://www.itsupportguides.com/knowledge-base/tech-tips-tricks/how-to-enable-disk-encryption-on-samsung-evo-ssd-hard-drive/

This provides detailed info for what you require.

Already tried all that - without success.

also the Samsung support refused to help me properly.

I know this is “only” a consumer SSD, but they ad this drive with “data encryption” support!!
Even bitlocker may work, it has nothing to do with the promised hardware data encryption.

I refuse to use bitlocker - IME and PSP with TPM already is too much spying without legal rights…
So hw encryption is a lie actually with this drive - i stay with true/veracrypt.

Samsung cannot deny that they offer a product with a feature that wont work properly and then claim:

[quote]
Bitte beachten Sie, dass Samsung NVMe SSDs eine interne Hardware-Verschlüsselung aller auf der SSD gespeicherten Daten einschließlich des Betriebssystems bereitstellen.

Die von Samsung NVMe SSDs (960 EVO / PRO) bereitgestellten Verschlüsselungsmethoden sind: AES (Advanced Encryption Standard, Class0 SED) und TCG / OPAL.

Die auf die SSD angewendete AES-Technologie verwendet hardwarebasierte Controller- und Verschlüsselungstechnologien, die den Leistungsverlust minimieren und Daten verschlüsseln, um die gespeicherten Informationen vor dem Zugriff von außen zu schützen. Einige Systeme oder BIOS unterstützen diese Funktion möglicherweise nicht.[/quote]

The last sentence is pure

gum - mibear.

1 Like

SSD hardware encryption isn’t secure, as the encryption key is easy to obtain.
I believe Windows 10 has it disabled by default, and using software encryption instead.

There is a document and guide on how to check, and setup software encryption for BitLocker.
The guide also covers VeraCrypt

You should for sure check if hardware encryption is for sure disabled if you are using BitLocker, which I use…

[edit] Follow up article. Hardware encryption is disabled by default on Windows 10 since sept 2019.

2 Likes

Thanks for the info!!

Shame on Samsung because they ad a product with a feature that isn’t usable - at least for me. And in such a case Samsung must provide such info of a “non-working hardware encryption in some cases…” within their advertising of such a product. AFAIK, in this case is misleading advertising if not worse!

I don’t trust bitlocker but i have some trust in truecrypt/veracrypt.

At this stage I would probably buy a Corsair MP600 drive (when using a Ryzen Mobo with M.2 Gen4 slot) - with Gen3 the MP510 is good for me.

With some Linux Distros you can at least manage and enable hw encrytion. :grinning:

Check this out:

It clearly says that Samsung lies when advertising their SSDs with “hardware encryption”…