I have a Lenovo T460 laptop with Windows 10 Pro. The SSD is factory encrypted; my PO says it's "256 GB Solid State Drive, Serial ATA3 OPAL2.0 - Capable". It's set up to have the BIOS password and the encryption password entered on boot up.
I want to partition the SSD so that I can have a z: drive for my personal files. (I am aware of some debates over partitioning SSDs)
I'm wondering how partitioning will affect the drive's encryption. I want both partitions to be encrypted.
Since it's an OPAL drive the encryption is supposed to be on the drive board itself, rather than going through the OS. So I surmise that partitioning the SSD should have no effect on the encryption. Is that correct?
well, after not finding any reliable information on this via Google I went ahead and did this.
It was pretty easily actually. Lenovo support site provided a helpful document on partitioning the drive under Windows 10. This was very easy to do, took me only a few moments using the built-in tools of Windows 10.
Then I copied my data to the new "z:" drive and it works as expected. The indexing and search functions work as expected.
I am still prompted for the drive password on boot-up, and only once for the single (now-partitioned) drive. I assume that it is still encrypted (which was alway an assumption in the first place, unlike my encrypted external drives)...based on my understanding of the OPAL system (the encryption takes place far below the operating system). I should be able to verify that by booting from another drive and trying to read the SSD, but this is a bit beyond me at the moment.
What I don't like is that now I realize I am subject to the reported flaws in some self-encrypted SED that they were susceptible to some hacking that would expose the drive's factory password. This came out about a year ago and I accepted it only as a theoretical issue (I think it is primarily) until seeing the document from Lenovo I found this morning where they recommend "software encryption" for my particular drive. Which to them means Bitlocker (which I do not like. in general). So why did I even bother with this! And ~why~ is something as important as FDE so difficult to get clarity on? I loved TrueCrypt...maybe it's time to go "retro".