Is a Self-Encrypting Drive Necessary for You?

For people who are far from various IT technologies, the concept of SED will be unfamiliar. However, readers of our blog about cybersecurity have probably already heard this abbreviation and know that it stands for “self encrypting drive.”

However, it is worth mentioning that a SED is a special type of the disk that can automatically encrypts the confidential data that stored on the disk without the user’s participation. SED manufacturers often do not advertise this feature to the public, so many people don’t realize that even one of the most popular drives, the Samsung 840 Pro SSD.

Follow the latest security posture methods to prevent any cyber threats! 

So, SED automatically encrypts all data stored on the disk. Additionally, to completely clean the disks and recycle the information, the user can generate a new DEK and the SED will be automatically cleaned.

Today we will tell you more about the self encrypting drive and why it is needed.

Previously, we’ve told you about Wi-Fi security keys. If you’ve missed the topic, you can read the article here.

What is a self-encrypting drive?

SED is a disk that uses automatic data encryption and decryption technologies, without user control of the process. Although the encoding and decoding action is not the most protected process. But with SED, this action happens in the most secure way. It sets a random key for authorization, which will function as a password. Thus, no one will be able to access private information until the password is entered.

What is self encrypting drive

*Note: The number of password attempts is strictly limited.

In addition, it should be borne in mind that if the user wants to connect SED encryption to another device that can’t support the SED, the drive can’t work. It happens because motherboard can not independently enter the necessary key that opens access to the information. In this case, the disk remains locked without any possibility of unlocking.

To unlock it, you will need to perform the following actions: move the disk to a working and supporting system, enter the correct key for authorization, and get the necessary data.

Read more about the cybersecurity framework here.

Disadvantages of SED

If we have already considered the positive aspects of SED, let’s pay attention to the negative aspects.

One of the main disadvantages of SED is that when you unlock the disk, it will remain so until the computer is completely turned off. That is, the disk lock is not affected by restarting or hibernating the computer. You can block it only by turning off the computer, waiting for a while, then turning it on and entering the password for authentication.

How to protect your data online? Read our guide on this topic and prevent any data leaks.

Therefore, if you chose SED as the main method of encrypting data, then forget about sleep mode. It would be a good idea to get used to shutting down the system when you’re not using it.

Disadvantages of self encrypting drive

Another drawback is rising when a user tries to set up all configurations. For example, you can simultaneously use only a few encrypted disks, and even set up a software RAID (redundant array of inexpensive disks), but you can’t do something more complex like a hardware RAID.

How to start using an SED

Of course, the use of an SED will not be able to provide a 100% guarantee of data protection. Besides, to take full advantage of SED encryption requires full compatibility with the motherboard. For example, built-in functions such as encrypting and decrypting data and erasing it will work with any motherboard, but if the user wants to be able to set the authorization key, they need a motherboard to support this feature.

Today, many electronic devices have built-in support for various authentication keys without additional BIOS customization. At the same time, you can often find a case when the user is faced with installing the authentication key through the BIOS.

Such well-known suppliers of equipment as Samsung, Asus, and many others claim that their devices fully support this function. But in some cases, this feature is disabled. The developers block this function to prevent various threats connected with users’ password forgetfulness.

Read our checklist to ensure your online privacy!

How can you manage the drive password?

However, this built-in feature is not supported on all motherboards. In this case, you will need to use additional software. One of the options may be Winmagic. It is also possible to do this manually using a specially created Linux environment.

Here you can find needed instructions. Then, when you load the required Linux environment, you will need to perform these steps.

Note that the first action you should take is to unfreeze the existed SED. Then, you can disable it and add a new password.

Self encrypting drive password

How to come up with the best password? We’ll tell you the most secure way here.

Follow the instruction below to discover and unfreeze your drive:

  1. Choose the terminal option on push on the combination “Ctrl+T.”
  2. Find root privileges and click on the “su.” Enter the password.
  3. Add the command “Isblk.” Find the needed disk to disable and change SED encryption.
  4. Add the “hdparm -I /dev/X” command, where X is the drive name. You should see the phrase “enabled”. In other case, you can see the phrase “not enabled,” SED is not enabled on the drive. So, the encryption hasn’t’ been included or you choose the wrong drive.
  5. Usually, the drive will be highlighted as “frozen.” To unfreeze it, you can put your computer into sleep mode. After 10 seconds, you should wake up the system.
  6. Then, repeat the previous action with the command “hdparm -I /dev/X” to check that your drive is unfrozen now.

By enabling encryption, do not forget to shut down your PC, and then the attackers will not have a chance — of course, if you have a good password. By the way, an insider from security experts: the most reliable place to store passwords is in your head. Therefore, it is better not to store some of the most important passwords (for example, from the bank’s personal account or password manager) anywhere, but try to remember them.

Final word

After you find for yourself SED encryption ability, you have to see how few modern motherboards support it without problems. After all, many board manufacturers intentionally block this feature. In such cases, you can use SED only after adjusting the BIOS settings.

Don’t miss the important cybersecurity news

2 years ago

Thank you for explaining the importance of a self encrypting drive. Now my data will be securely protected from outside interference. I’m glad I came across your blog:) Good luck!

Matthew Turner
2 years ago

Good afternoon, Peter! Thank you for your support! We are glad that we were able to explain the importance of using this disk in an accessible way. Stay tuned, there is a lot of interesting and useful things ahead.

2 years ago

Please, can you answer my question? Can I use a self encrypting drive as normal disks without using encryption? I couldn’t find normal documentation. And what I could found is that if the encryption key is not installed, then the disk will work without encryption, like a normal disk. Is it true?

Matthew Turner
2 years ago

Good afternoon, Chloe! You can use the self encrypting drive as a normal one. There are two keys: the master key, which encrypts the data, and the second key, which encrypts the master key. By default, the master key is not encrypted and the disk works as usual, although it encrypts the data. If you encrypt the master key, then after enabling it, it will wait for the key to decrypt it.

2 years ago

Hi! Do I need controller support to use SED disks? Or do I need nothing? Will the disks work on any system that supports the appropriate interface?

Matthew Turner
2 years ago

Hello, Olive! You need controller support to use self encrypting drive disks. LSI controllers, for example, have a separate set of commands in the CLI (and other interfaces) for working with hard keys. The decryption keys are installed in the controller, and it already passes them to the screws.

2 years ago

Good article! Thanks for help and useful information about self encrypting drive. With self-encrypting drives I see the benefits of hardware acceleration, invisibility to the OS and users, and the ease of securely erasing the drive nearly instantly.

Matthew Turner
2 years ago

Good afternoon, Leo! Thank you for your feedback! We are glad that we were able to help you understand the intricacies of SED. We hope that you will continue to strengthen your data protection practices.

2 years ago

Thank you for the instructions on using SED. I didn’t even know there was such a feature. And it turns out that it has been frozen on my computer.

Matthew Turner
2 years ago

Good afternoon, Emma! We are glad that we were able to tell you about a self encrypting drive and teach you how to use it properly.

Leave a Reply

Leave a comment

Your email address will not be published.