I am to buy a Samsung 840 Pro SSD for my Acer Aspire One 753 Netbook, and stumbled over the feature of embedded hardware 256-bit AES full disk encryption, for which not very much info seems to be available.
The idea is, that the embedded controller does all the work, resulting in full harddisk/SSD encryption completely independent of the operating system, with absolutely no performance impact, which means strong "military" grade disk encryption even on machines with low speed CPUs (like the mentioned netbook with Intel Celeron U3400 1.06 GHz CPU without hardware AES). Using this feature is only possible on computers which offer to set a "hdd password" in the BIOS, which is the encryption-key passed on to the controller of the harddisk/SSD.
Is that cool or what? Means no more fiddling around with GELI, and no wasted CPU cycles for block-level-encryption.
I am wondering if there is any downside of using such embedded hardware 256-bit AES full disk encryption compared to GELI, but I guess there is none at all. An thoughts about this topic are appreciated.
BTW At first I was considering an Intel 520 SSD, but then I discovered, that 256-bit AES encryption is broken in SandForce 2000 SSD controllers, resulting in all SSDs using that controller "only" being capable of 128-bit AES encryption.
The idea is, that the embedded controller does all the work, resulting in full harddisk/SSD encryption completely independent of the operating system, with absolutely no performance impact, which means strong "military" grade disk encryption even on machines with low speed CPUs (like the mentioned netbook with Intel Celeron U3400 1.06 GHz CPU without hardware AES). Using this feature is only possible on computers which offer to set a "hdd password" in the BIOS, which is the encryption-key passed on to the controller of the harddisk/SSD.
Is that cool or what? Means no more fiddling around with GELI, and no wasted CPU cycles for block-level-encryption.
I am wondering if there is any downside of using such embedded hardware 256-bit AES full disk encryption compared to GELI, but I guess there is none at all. An thoughts about this topic are appreciated.
BTW At first I was considering an Intel 520 SSD, but then I discovered, that 256-bit AES encryption is broken in SandForce 2000 SSD controllers, resulting in all SSDs using that controller "only" being capable of 128-bit AES encryption.