The Notebook Review forums were hosted by TechTarget, who shut down them down on January 31, 2022. This static read-only archive was pulled by NBR forum users between January 20 and January 31, 2022, in an effort to make sure that the valuable technical information that had been posted on the forums is preserved. For current discussions, many NBR forum users moved over to NotebookTalk.net after the shutdown.
Problems? See this thread at archive.org.

    X220: What UEFI Version (Support for Win8 eDrive) Hardware encryption

    Discussion in 'Lenovo' started by Pintu, Aug 19, 2013.

  1. Pintu

    Pintu Notebook Consultant

    Reputations:
    3
    Messages:
    262
    Likes Received:
    5
    Trophy Points:
    31
    I've been reading about Windows 8 "eDrive" support. That means Bitlocker is now able to use the AES Hardware encryption modern SSDs use, without the need for any software encryption. I.e. less CPU load, less power consumption, better performance. More can be read over at AnandTech.

    The Crucial M500, available both as 2,5" SSD and mSATA supports this technology, But, according to Anandtech:
    My question: What is the current UEFI version of the X220?
     
    Pintu, Aug 19, 2013
    #1
  2. power7

    power7 Notebook Evangelist

    Reputations:
    155
    Messages:
    531
    Likes Received:
    66
    Trophy Points:
    41
    Not sure about the UEFI but eDrive is only needed to integrate with Bitlocker and its key management. W/o the integration requirements other drives, from Intel / PlextorPro / Samsung Pro /Sandisk etc. all have hardware AES encryption, and are simpler to setup and use IMO.
     
    power7, Aug 19, 2013
    #2
  3. Pintu

    Pintu Notebook Consultant

    Reputations:
    3
    Messages:
    262
    Likes Received:
    5
    Trophy Points:
    31
    Of course they have hardware AES encryption, but without eDrive you would set a BIOS HDD password, which is not as safe or comfortable as Bitlocker.
     
    Pintu, Aug 19, 2013
    #3
  4. power7

    power7 Notebook Evangelist

    Reputations:
    155
    Messages:
    531
    Likes Received:
    66
    Trophy Points:
    41
    On the contrary, it's about as safe (the password in TPM) and a bit more comfortable (only with ATA password it works with a single fingerprint reader swipe from cold boot to OS sign in).

    It's not as manageable as Bitlocker is in enterprise environment (key backup etc), but for individual users I much prefer the ATA password, working in any OS with any settings, without Bitlocker starting panic attacks every time I switch discrete video on/off in BIOS. M500 does not work too well with ATA passwords btw ( I tried to set it up on W530, w/o success - no ATA password shows up in BIOS at all for some reason ).
     
    power7, Aug 19, 2013
    #4
  5. Pintu

    Pintu Notebook Consultant

    Reputations:
    3
    Messages:
    262
    Likes Received:
    5
    Trophy Points:
    31
    That's interesting, so ATA password is stored in TPM? I thought that it was stored somewhere in BIOS, i.e. the manufacturer could overcome an ATA password. Do you have a source for this information?

    Edit: In quite a few Lenovo user guides you can find the following information:
    -----

    I used ATA password on an older Thinkpad a while ago with an FDE drive and I had to switch the drive to another computer, which was not possible. For me, this counts as essentially "unmanageable". Do you know whether this is different now?

    Edit: This post explains what I meant:
     
    Pintu, Aug 20, 2013
    #5