cancel
Showing results for 
Search instead for 
Did you mean: 

Hardware Encryption of NVME Boot Drive Still Broken on Latest Bios Maximus X

Outontheporch
Level 7
Just an FYI for anyone that may be considering an ASUS board and wants to take advantage of hardware encryption on a M.2 PCIe NVME drive. There is a BIOS issue that prevents Windows Bitlocker from utilizing hardware encryption on drives such as Samsung's 960 PRO when used as a Windows boot drive. This was confirmed by Samsung in this thread: https://us.community.samsung.com/t5/Memory-Storage/HOW-TO-MANAGE-ENCRYPTION-OF-960-PRO/m-p/319199/hi...

Awhile ago, this thread was posted here: https://rog.asus.com/forum/showthread.php?101157-Hardware-Encryption-(eDrive)-on-Maximus-X-Hero-1003...

Despite multiple attempts to get an answer from Asus, including PMing some of the Asus folks here, I have received no response.

Today, I updated my Bios to the latest version, unencrypted my Bitlocker software encryption, and then tried again - no luck. Still no fix.

I've been an Asus fan for awhile, but I'm reconsidering. The lack of any response on this issue, coupled with the whole Hero X VRM issue: https://www.reddit.com/r/intel/comments/9ra6n9/z370_maximus_x_hero_with_i99900k_any_result_so_far/e8... where they apparently initially released the board with 4 power phases then switched later to a doubler design (which has impacts with respect to i9-9900k ) is concerning.

Add to the fact that the last post in the Samsung thread reports an Asrock board works now for hardware encryption makes me seriously reconsider whether I will buy Asus when I buy a Z390 board.
6,213 Views
10 REPLIES 10

HiVizMan
Level 40
Thanks for the update mate, let me see if I can bump this issue up the ladder and see if we can get some kind of resolution for users.

Again thanks for taking the time to share.
To help us help you - please provide as much information about your system and the problem as possible.

HiVizMan wrote:
Thanks for the update mate, let me see if I can bump this issue up the ladder and see if we can get some kind of resolution for users.

Again thanks for taking the time to share.


Bump

Thanks. Any efforts you can provide to get this fixed are appreciated.

Outontheporch
Level 7
I just received a response to my trouble ticket that I raised with ASUS regarding this - they stated that "There is no plan for hardware encryption for Samsung at this time for this motherboard."

I'm extremely disappointed. As someone that frequently purchases ASUS hardware (and someone that is actively considering a Z390 motherboard), this will strongly influence my future purchasing decisions. I know that at least one other motherboard vendor IS compatible with Samsung hardware encryption and e-Drive and this is an important feature for me. This is also an important feature for anyone that wants to store any sensitive data on their machines.

btrach144
Level 7
Did you read the recent news? Samsung hardware encryption on their SSDs can be easily reversed engineered. Samsung event had a press release that directed customers to use software based encryption if they wish to keep their data secure.

btrach144 wrote:
Did you read the recent news? Samsung hardware encryption on their SSDs can be easily reversed engineered. Samsung event had a press release that directed customers to use software based encryption if they wish to keep their data secure.


I did not see that, thanks for sharing! I did some Googling, and found this article: https://securityboulevard.com/2018/11/ssd-encryption-from-crucial-and-samsung-is-not-secure-exposes-...

I assume that's what Samsung is referring to in their release.

If I'm reading the linked paper correctly, the Samsung implementation of TCG OPAL for the 960 was not tested, however the 850 EVO faired quite well. The only vulnerability found in the Samsung drives was the less secure ATA password method. Bitlocker is a wrapper (as I understand it) on TCG OPAL 2.0. Microsoft released a bulletin on this, but the main culprit on TCG Opal vulnerabilities appears to be Micron drives. Of course, there may be some stuff we are not privy to as well.

JustinThyme
Level 13
If Samsung is the only drive having the issues cant hardly blame it on ASUS. Not the first time and Im sure it wont be the last. The single biggest thing is Samsung trying to protect their Magician software from working on anything but a Samsung drive, if its encrypted their software wont work. ANY other drives encrypt just fine. I'm running a pair of Intel 900P drives on VROC raid 0 bit locker encrypted. You can encrypt the Samsung drives as non boot drives and the magician software wont work. You cant even put two drives in raid 0 and have the software or drivers work because neither can see past a raid controller. This is on Samsung, same results on any other MOBO.



“Two things are infinite: the universe and human stupidity, I'm not sure about the former” ~ Albert Einstein

JustinThyme wrote:
If Samsung is the only drive having the issues cant hardly blame it on ASUS. Not the first time and Im sure it wont be the last. The single biggest thing is Samsung trying to protect their Magician software from working on anything but a Samsung drive, if its encrypted their software wont work. ANY other drives encrypt just fine. I'm running a pair of Intel 900P drives on VROC raid 0 bit locker encrypted. You can encrypt the Samsung drives as non boot drives and the magician software wont work. You cant even put two drives in raid 0 and have the software or drivers work because neither can see past a raid controller. This is on Samsung, same results on any other MOBO.


I'm not entirely blaming it on Asus. Samsung is blaming Asus, Asus is blaming Samsung. I'm caught in the middle and it's disappointing to me.

SATA drives work just fine with both ASUS and SAMSUNG. Magician is not an issue in my experience. Something is wrong either in Samsung's firmware or Asus' bios. Samsung claims to have fixed the problem, but the solution needs to be done in the BIOS. Whether the problem is a bug in Samsung's implementation of OPAL/Edrive or whether that is an ASUS bios bug is unknown. ASUS has no interest in fixing it apparently. Asrock boards work fine with the Samsung NVME e-drive after a new update.

With your 900P drives - are those boot drives? The issue here is NVME boot drives. Everything apparently works just fine for NVME non-boot drives. If yes, than that at least suggests that the problem might be a bug in the way Samsung implemented e-drive.

Outontheporch wrote:
I'm not entirely blaming it on Asus. Samsung is blaming Asus, Asus is blaming Samsung. I'm caught in the middle and it's disappointing to me.

SATA drives work just fine with both ASUS and SAMSUNG. Magician is not an issue in my experience. Something is wrong either in Samsung's firmware or Asus' bios. Samsung claims to have fixed the problem, but the solution needs to be done in the BIOS. Whether the problem is a bug in Samsung's implementation of OPAL/Edrive or whether that is an ASUS bios bug is unknown. ASUS has no interest in fixing it apparently. Asrock boards work fine with the Samsung NVME e-drive after a new update.

With your 900P drives - are those boot drives? The issue here is NVME boot drives. Everything apparently works just fine for NVME non-boot drives. If yes, than that at least suggests that the problem might be a bug in the way Samsung implemented e-drive.


the problem is clearly in motherboards where they don't put any effort to keep up with the new technologies yet nvme m2 sed ssds are over 1 year old, otherwise why asrock could fixed it with a bios update?The only thing that samsung is to blame is because they didin't add any warning to their shinny hardware encryption advertising sayinng that almost no motherboard currently support it.

JustinThyme wrote:
If Samsung is the only drive having the issues cant hardly blame it on ASUS. Not the first time and Im sure it wont be the last. The single biggest thing is Samsung trying to protect their Magician software from working on anything but a Samsung drive, if its encrypted their software wont work. ANY other drives encrypt just fine. I'm running a pair of Intel 900P drives on VROC raid 0 bit locker encrypted. You can encrypt the Samsung drives as non boot drives and the magician software wont work. You cant even put two drives in raid 0 and have the software or drivers work because neither can see past a raid controller. This is on Samsung, same results on any other MOBO.


NO nvme ssd m2 is able to do hardware encryption with asus and other motherboards as well, the problem is not in this drives but relies on motherboards failing to activate it like they do for sata sed ssds.Only confirmed motherboards to work with hw encryption are asrock recently and some lenovo laptops.