Results 1 to 10 of 10
  1. #1
    ROG Member Array
    Join Date
    Nov 2017
    Reputation
    10
    Posts
    18

    Hardware Encryption of NVME Boot Drive Still Broken on Latest Bios Maximus X

    Just an FYI for anyone that may be considering an ASUS board and wants to take advantage of hardware encryption on a M.2 PCIe NVME drive. There is a BIOS issue that prevents Windows Bitlocker from utilizing hardware encryption on drives such as Samsung's 960 PRO when used as a Windows boot drive. This was confirmed by Samsung in this thread: https://us.community.samsung.com/t5/...ght/true#M2354

    Awhile ago, this thread was posted here: https://rog.asus.com/forum/showthrea...vo-960-anybody

    Despite multiple attempts to get an answer from Asus, including PMing some of the Asus folks here, I have received no response.

    Today, I updated my Bios to the latest version, unencrypted my Bitlocker software encryption, and then tried again - no luck. Still no fix.

    I've been an Asus fan for awhile, but I'm reconsidering. The lack of any response on this issue, coupled with the whole Hero X VRM issue: https://www.reddit.com/r/intel/comme...so_far/e8fic2s where they apparently initially released the board with 4 power phases then switched later to a doubler design (which has impacts with respect to i9-9900k ) is concerning.

    Add to the fact that the last post in the Samsung thread reports an Asrock board works now for hardware encryption makes me seriously reconsider whether I will buy Asus when I buy a Z390 board.
    Last edited by Outontheporch; 10-26-2018 at 03:38 AM.

  2. #2
    ROG Guru: Grand Master Array HiVizMan's Avatar
    Join Date
    Dec 2011
    Reputation
    354
    Posts
    25,742

    Thanks for the update mate, let me see if I can bump this issue up the ladder and see if we can get some kind of resolution for users.

    Again thanks for taking the time to share.
    To help us help you - please provide as much information about your system and the problem as possible.

  3. #3
    ROG Member Array
    Join Date
    Nov 2017
    Reputation
    10
    Posts
    18

    Quote Originally Posted by HiVizMan View Post
    Thanks for the update mate, let me see if I can bump this issue up the ladder and see if we can get some kind of resolution for users.

    Again thanks for taking the time to share.
    Bump

    Thanks. Any efforts you can provide to get this fixed are appreciated.

  4. #4
    ROG Member Array
    Join Date
    Nov 2017
    Reputation
    10
    Posts
    18

    I just received a response to my trouble ticket that I raised with ASUS regarding this - they stated that "There is no plan for hardware encryption for Samsung at this time for this motherboard."

    I'm extremely disappointed. As someone that frequently purchases ASUS hardware (and someone that is actively considering a Z390 motherboard), this will strongly influence my future purchasing decisions. I know that at least one other motherboard vendor IS compatible with Samsung hardware encryption and e-Drive and this is an important feature for me. This is also an important feature for anyone that wants to store any sensitive data on their machines.

  5. #5
    ROG Guru: Yellow Belt Array btrach144 PC Specs
    btrach144 PC Specs
    MotherboardASUS Maximus X Hero Wi-Fi
    ProcessorIntel i7 8086K @ 5.3 GHz 1.38V
    Memory (part number)32 GB G.Skill DDR4 3200MHz C16
    Graphics Card #1NVIDIA Titan X (Pascal)
    Graphics Card #2NVIDIA Titan X (Pascal)
    MonitorASUS PG27UQ
    Storage #1Samsung 970 Pro 1 TB
    Storage #2Samsung 950 Pro 512 GB
    CPU CoolerCustom EK loop
    CaseCorsair 750D
    Power SupplyCorsair AX1200i
    Keyboard Logitech G910
    Mouse Logitech G903
    Mouse Pad Logitech Powerplay
    Headset/Speakers Logitech Z905 5.1 surround
    OS Windows 10
    Network RouterASUS 88U

    Join Date
    Jun 2014
    Reputation
    10
    Posts
    127

    Did you read the recent news? Samsung hardware encryption on their SSDs can be easily reversed engineered. Samsung event had a press release that directed customers to use software based encryption if they wish to keep their data secure.

  6. #6
    Banned Array JustinThyme PC Specs
    JustinThyme PC Specs
    Laptop (Model)G752VY-DH72
    MotherboardRampage VI Extreme
    ProcessorI9 9940X
    Memory (part number)64GB DDR4 8x8 Corsair Dominator Platinum 3800 MHz @ C17
    Graphics Card #1ASUS Strix 2080Ti O11G @ 2.1GHz
    Graphics Card #2ASUS Strix 2080Ti O11G @ 2.1Ghz
    Graphics Card #3ROG Nvlink
    Graphics Card #4Have to feed animals
    Sound CardExternal Audioengine D1 24 bit 192kbps DAC
    MonitorASUS PG348Q @ 100Hz
    Storage #1Intel 905P 480GB U2 flavor
    Storage #2Samsung 850 EVO 1TB X2 in RAID 0, 960 PRO 1TB DIMM.2_1
    CPU CoolerHeatKiller IV PRO and VRM blocks ,Dual D5 PWM serial, 2X 480, 1X 360 RADS
    CasePhanteks Enthoo Elite 8X LL120 PWM, 3X LL140 PWM, 12 SP120 PWM 1x AF140 PWM
    Power SupplyCorsair AX 1500i
    Keyboard ASUS Claymore
    Mouse ASUS Spatha, Logitech MX Master
    Headset Sennheiser HD 700
    Mouse Pad ASUS ROG Sheath
    Headset/Speakers Audioengine A5+ with SVS SB-1000 Sub
    OS Win10 Pro 1809
    Network RouterNetGear NightHawk X10
    Accessory #1 NetGear Prosafe 10GBe Switch
    Accessory #2 Qnap TVS-682 NAS modded with I7 CPU

    Join Date
    Nov 2013
    Reputation
    144
    Posts
    3,858

    If Samsung is the only drive having the issues cant hardly blame it on ASUS. Not the first time and Im sure it wont be the last. The single biggest thing is Samsung trying to protect their Magician software from working on anything but a Samsung drive, if its encrypted their software wont work. ANY other drives encrypt just fine. I'm running a pair of Intel 900P drives on VROC raid 0 bit locker encrypted. You can encrypt the Samsung drives as non boot drives and the magician software wont work. You cant even put two drives in raid 0 and have the software or drivers work because neither can see past a raid controller. This is on Samsung, same results on any other MOBO.

  7. #7
    ROG Member Array
    Join Date
    Nov 2017
    Reputation
    10
    Posts
    18

    Quote Originally Posted by btrach144 View Post
    Did you read the recent news? Samsung hardware encryption on their SSDs can be easily reversed engineered. Samsung event had a press release that directed customers to use software based encryption if they wish to keep their data secure.
    I did not see that, thanks for sharing! I did some Googling, and found this article: https://securityboulevard.com/2018/1...-exposes-data/

    I assume that's what Samsung is referring to in their release.

    If I'm reading the linked paper correctly, the Samsung implementation of TCG OPAL for the 960 was not tested, however the 850 EVO faired quite well. The only vulnerability found in the Samsung drives was the less secure ATA password method. Bitlocker is a wrapper (as I understand it) on TCG OPAL 2.0. Microsoft released a bulletin on this, but the main culprit on TCG Opal vulnerabilities appears to be Micron drives. Of course, there may be some stuff we are not privy to as well.
    Last edited by Outontheporch; 12-01-2018 at 07:58 PM. Reason: (Found the Samsung Press Release)

  8. #8
    ROG Member Array
    Join Date
    Nov 2017
    Reputation
    10
    Posts
    18

    Quote Originally Posted by JustinThyme View Post
    If Samsung is the only drive having the issues cant hardly blame it on ASUS. Not the first time and Im sure it wont be the last. The single biggest thing is Samsung trying to protect their Magician software from working on anything but a Samsung drive, if its encrypted their software wont work. ANY other drives encrypt just fine. I'm running a pair of Intel 900P drives on VROC raid 0 bit locker encrypted. You can encrypt the Samsung drives as non boot drives and the magician software wont work. You cant even put two drives in raid 0 and have the software or drivers work because neither can see past a raid controller. This is on Samsung, same results on any other MOBO.
    I'm not entirely blaming it on Asus. Samsung is blaming Asus, Asus is blaming Samsung. I'm caught in the middle and it's disappointing to me.

    SATA drives work just fine with both ASUS and SAMSUNG. Magician is not an issue in my experience. Something is wrong either in Samsung's firmware or Asus' bios. Samsung claims to have fixed the problem, but the solution needs to be done in the BIOS. Whether the problem is a bug in Samsung's implementation of OPAL/Edrive or whether that is an ASUS bios bug is unknown. ASUS has no interest in fixing it apparently. Asrock boards work fine with the Samsung NVME e-drive after a new update.

    With your 900P drives - are those boot drives? The issue here is NVME boot drives. Everything apparently works just fine for NVME non-boot drives. If yes, than that at least suggests that the problem might be a bug in the way Samsung implemented e-drive.

  9. #9
    ROG Member Array
    Join Date
    Dec 2018
    Reputation
    10
    Posts
    11

    Quote Originally Posted by Outontheporch View Post
    I'm not entirely blaming it on Asus. Samsung is blaming Asus, Asus is blaming Samsung. I'm caught in the middle and it's disappointing to me.

    SATA drives work just fine with both ASUS and SAMSUNG. Magician is not an issue in my experience. Something is wrong either in Samsung's firmware or Asus' bios. Samsung claims to have fixed the problem, but the solution needs to be done in the BIOS. Whether the problem is a bug in Samsung's implementation of OPAL/Edrive or whether that is an ASUS bios bug is unknown. ASUS has no interest in fixing it apparently. Asrock boards work fine with the Samsung NVME e-drive after a new update.

    With your 900P drives - are those boot drives? The issue here is NVME boot drives. Everything apparently works just fine for NVME non-boot drives. If yes, than that at least suggests that the problem might be a bug in the way Samsung implemented e-drive.
    the problem is clearly in motherboards where they don't put any effort to keep up with the new technologies yet nvme m2 sed ssds are over 1 year old, otherwise why asrock could fixed it with a bios update?The only thing that samsung is to blame is because they didin't add any warning to their shinny hardware encryption advertising sayinng that almost no motherboard currently support it.

  10. #10
    ROG Member Array
    Join Date
    Dec 2018
    Reputation
    10
    Posts
    11

    Quote Originally Posted by JustinThyme View Post
    If Samsung is the only drive having the issues cant hardly blame it on ASUS. Not the first time and Im sure it wont be the last. The single biggest thing is Samsung trying to protect their Magician software from working on anything but a Samsung drive, if its encrypted their software wont work. ANY other drives encrypt just fine. I'm running a pair of Intel 900P drives on VROC raid 0 bit locker encrypted. You can encrypt the Samsung drives as non boot drives and the magician software wont work. You cant even put two drives in raid 0 and have the software or drivers work because neither can see past a raid controller. This is on Samsung, same results on any other MOBO.
    NO nvme ssd m2 is able to do hardware encryption with asus and other motherboards as well, the problem is not in this drives but relies on motherboards failing to activate it like they do for sata sed ssds.Only confirmed motherboards to work with hw encryption are asrock recently and some lenovo laptops.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •