Looking for Reliable NVMe SSD with Hardware Encryption

I want an SSD with hardware encryption to minimise theft damage without the performance loss of software encryption. What's a reliable SSD for this?

I bought a Samsung 980 and have spent the past three hours trying to get the hardware encryption to enable, as for some reason Samsung disables the ability to enable hardware encryption on their drives by default. I've had to follow troubleshooting guides by others such as at: https://eu.community.samsung.com/t5/computers-it/samsung-ssd… but have had no success. I'm exhausted and really just want a product that works as it says on the box.

The SSD that came with my laptop already had hardware encryption enabled by default and was ready to use with Windows (even after re-installs), but it's 256gb only and I want a 1tb drive. Are all OEM SSDs ready to use hardware encryption by default? If so I could maybe buy a Samsung PM9a1.

I'm not concerned about the security vulnerabilities of hardware encryption, as it's just for simple theft insurance.

Any recommendations?

Comments

  • +3

    Wouldn't enabling Bitlocker suffice for simple theft insurance? Negligible performance impact and it seems good enough for every company's employee laptops.

    • I was worried that it'd lower battery life and I/O speeds as I only have a i5-8250U laptop

  • Your linked trouble guide is for the 970 evo plus and you have stated yours is the 980, two different versions of product. Have you also checked that your ssd is updated to the latest firmware through the Samsung Magician software and your computer is also on latest version of bios?

    • The firmware is up to date. Reading the thread, it is not limited to the 970 evo plus and my BIOS is up to date.

  • Any reason it has to be nvme?

    The Samsung t7 touch SSD would meet all your criteria and requirements here out of the box with nothing more than just setting up your finger print.

    • It's for an internal drive

    • Will that work without the hardware encryption feature being enabled on the 980? I think it's a switch in the firmware which I'm unable to enable

  • Any chance you've seen this post on superuser.com?
    https://superuser.com/questions/1172537/how-to-enable-hardwa…

    The first screenshot shows the models of 980 that support Hardware Encryption. Where does your model fall in that list?
    If it's not supported, perhaps one of the other models listed there would be a game changer for you.

    • I think that post is from before the 980 came out, says it's from 6 years ago

      • Sure is.

        Do you get a list of compatible models in your version of Magician, or has that been removed since then?

        • +1

          Removed unfortunately. They've completely redone the UI

  • On the fly software encryption adds so little overhead to raw throughput that it's not even worth worrying about. Modern CPUs have instruction sets purely to deal with encryption.

    I tested this stuff a decade ago for curiosity, and haven't worried about it since.

    • Is it also negligible for I/O speeds?

      • My tests were with raw throughput during sequential (large file) copy operations. I wasn't testing for anything like serious database read/writes :)

        But I'm sure there are loads of test results out there on the net… I just satisfied it for my own use case and haven't had to revisit.

        Edit: What is your use case? Fairly normal end user operations, or something really fancy?

      • Most CPUs these days come with hardware acceleration that allows them to absolutely chew the algorithms used in Bitlocker and most software encryption. This is a slight security risk (if implemented badly in hardware) but not enough to be a problem.

        It means that they should be able to maintain almost the same throughput (expect like 95% as good, basically) with negligible power use. Anything by Intel or AMD from like the last 3-4 years or even longer has most useful "instruction sets"/extensions that enable this.

        Edit: oh the comment I'm replying to literally said all this. Welp, nvm

Login or Join to leave a comment