Thinkpads Forum

Hi,

I just got a new X220 (4287-2TG) and wanted to encrypt its SSD drive.
Problem is - I do not know how...
- Bitlocker is not present (because of installed Win7 version)
- I cannot find any utility for disc encryption on Lenovo site (I thought there is Safeguard available under Client security Solution soft - but there is only password manager...).
- Full Disk Encryption does not seems to be present on this laptop (in BIOS under Security there is possibility to add User/Master password for disc access - but because there is no delay after enabling this I suppose disk is not encrypted afterwards and simple removing it from X220 and connecting as slave in desktop comp would bypass this?)
- I am not sure if I want use some 3rd party solution like Truecrypt...

Any help would be appreciated

brutus007 wrote:... but because there is no delay after enabling [FDE]...

Welcome to the Forum!

Your assumption is wrong! If the drive has FDE, then data written to it is always encrypted -- it is never written in plaintext. Even if FDE introduced a delay -- it does not! -- there would be nothing against which to measure it.

With hardware FDE, if there is no HDD password set in the BIOS, then decryption takes place automatically and transparently, as if there were no encryption. If the HDD password is set in the BIOS, then decryption takes place only if that password is provided upon bootup.

You may be interested in the Lenovo utility below for resetting the cryptographic key and erasing the SSD:
http://support.lenovo.com/en_SE/downloa ... D=DS019026

If your drive does not support hardware FDE and you still want encryption, then TrueCrypt is the best solution.

EOMtp wrote: Your assumption is wrong!

I didn't know that!
Thats good news - if the disk is supporting FDE ...
Is there any way how to find this out?

I made a picture of disk if it helps:

http://mageo.cz/home/EL_BRUTO/disk.JPG

unfortunately that particular drive (intel X25-M) doesn't support FDE at the hardware level.   you would need an intel 320-series for hardware FDE support.

software encryption such as bitlocker or truecrypt on the X25-M would be supported though.

Yips .... I found the HARD WAY = about Intel SSD

even though Lenovo Tech Support Staff (USA) will TELL YOU & INSIST that ALL INTEL SSD do support the FDE ,,,,, so be aware > erik is correct - 320 & above series will support FDE !!

Glad I dont have to waiste time ........

Cheers

Thank you guys - saved me lot of time
Will try TrueCrypt then...

brutus007 wrote:Thank you guys - saved me lot of time
Will try TrueCrypt then...

Why not Bitlocker?

Bánh mì wrote:Why not Bitlocker?

Several reasons. Read the following, particularly the Conclusion:
http://www.tomshardware.com/reviews/bit ... ,2587.html

However, arguably, the main reason is one of "trust". Although the review does not address the issue of encryption integrity and its possible breach via back doors, that issue should be of serious concern for anyone who places trust in these systems. TrueCrypt is open-source, BitLocker is not -- given that, what else does one need to know?!

You use conventional logic. In the real world unconventional logic is what makes money. Borrowing from that BL is not open source. Thus LESS people can figure out how to "break in." On top of that, its far less likely that Bill Gates et al would spy on you. More likely your neighbor would than Billy et al. People like me and most users need to secure data from theft ie trade and business data. If your needs go beyond that then its not normal and I would be suspicious of what you are doing. Enuf said.