Search
My Settings Guidelines Help

Partitioning an encrypted OPAL SSD ?

Reply
fffred
Silver Conversationalist
‎01-05-2020 01:20 PM

Partitioning an encrypted OPAL SSD ?

I have a Lenovo T460 laptop with Windows 10 Pro. The SSD is factory encrypted; my PO says it's "256 GB Solid State Drive, Serial ATA3 OPAL2.0 - Capable". It's set up to have the BIOS password and the encryption password entered on boot up.

 

I want to partition the SSD so that I can have a z: drive for my personal files. (I am aware of some debates over partitioning SSDs)

 

I'm wondering how partitioning will affect the drive's encryption. I want both partitions to be encrypted.

 

Since it's an OPAL drive the encryption is supposed to be on the drive board itself, rather than going through the OS. So I surmise that partitioning the SSD should have no effect on the encryption. Is that correct? 

 

TIA

 

EDIT:   see my update in post # 2

 

 

0 Kudos
489 Views
1
Report
Reply
fffred
Silver Conversationalist
‎01-06-2020 03:24 PM

well, after not finding any reliable information on this via Google I went ahead and did this.

 

It was pretty easily actually. Lenovo support site provided a helpful document on partitioning the drive under Windows 10. This was very easy to do, took me only a few moments using the built-in tools of Windows 10.

 

Then I copied my data to the new "z:" drive and it works as expected. The indexing and search functions work as expected.

 

I am still prompted for the drive password on boot-up, and only once for the single (now-partitioned) drive. I assume that it is still encrypted (which was alway an assumption in the first place, unlike my encrypted external drives)...based on my understanding of the OPAL system (the encryption takes place far below the operating system). I should be able to verify that by booting from another drive and trying to read the SSD, but this is a bit beyond me at the moment.

 

What I don't like is that now I realize I am subject to the reported flaws in some self-encrypted SED that they were susceptible to some hacking that would expose the drive's factory password. This came out about a year ago and I accepted it only as a theoretical issue (I think it is primarily) until seeing the document from Lenovo I found this morning where they recommend "software encryption" for my particular drive. Which to them means Bitlocker (which I do not like. in general). So why did I even bother with this! And ~why~ is something as important as FDE so difficult to get clarity on? I loved TrueCrypt...maybe it's time to go "retro".

0 Kudos
440 Views
0
Report
Reply
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Users
Announcements

Feeling Lonely or Isolated?

Support is available using just your voice. Find out how.

AARP Voice Social Check In

AARP Members Only Games

AARP Members, play Pong, the game that started it all! Grab your paddle, play the angles and score to win.

Paddles up!
AARP Members Only Games Atari Pong
Music and Brain Health

From soft jazz to hard rock - discover music's mental, social and physical benefits.

Learn more now.
/html/assets/SS-Marketing-Image-300x155.jpg