Enabling Aes Encryption - Samsung 840 White Paper

Choosing the Right Option
With the introduction of the SSD 840 and 840 Pro Series SSDs, Samsung has added AES hardware-based SED
technology to its consumer SSD lineup. Simply enabling the ATA password via the BIOS will automatically render all data
on the drive unintelligible without the proper password. Because it is implemented at the hardware level, there is no
performance penalty like there is with a software-based FDE implementation. This feature is a valuable privacy tool for
anyone who uses a portable computing device (e.g., laptop), especially frequent travelers.
In addition to addressing personal security concerns, there are many industries that either require or would benefit
from SED technology, including healthcare, insurance, government, law enforcement, and finance, among others.
SED technology helps protect sensitive information from physical attack on a lost or stolen laptop, making it nearly
impossible to access data stored on a drive even if the drive is removed from its original system and installed in another
PC or the NAND chips themselves are removed from the SSD.
While they do feature SED technology, the 840 and 840 Pro Series SSDs do not support the OPAL storage specification
management interface. OPAL drives are geared towards enterprises that need to manage security protocols and want
to have advanced control over authentication. With third-party software support, IT managers can set detailed security
provisions to restrict access by partition, physical location of the laptop, etc. Anyone interested in this level of security
management should research enterprise-class TCG/OPAL SED options.
Someone who wants to manage a personal machine or an SMB that depends on its employees to handle most of their
own IT support, however, will find that the SED feature of Samsung's 840 and 840 Pro Series SSDs is well-suited to their
needs. These SSDs offer basic, yet robust, security with minimal effort and expense.

Enabling AES Encryption

AES encryption is always active on an 840 or 840 Pro Series SSD. In order to benefit from the encryption feature,
however, the user must enable an ATA password to limit access to the data. Failure to do so will render AES-encryption
ineffective – akin to having a safe but leaving the door wide open. To set an ATA password, simply access the BIOS,
navigate to the "Security" menu, enable "Password on boot" and set an "HDD Password." Administrators also have the
option of setting a "Master Password," which can allow a lost user password ("HDD Password) to be recovered. The "Master
Password" may also be used to unlock and/or erase the drive (depending on the settings), effectively destroying, and
thus protecting, the data but allowing the drive to be reused. The setup procedure may differ slightly depending on the
BIOS version installed on a particular machine. It is best to consult the user manual if there is any confusion.