An Overview of Hardware Encryption

If you want to protect your data and keep it secure then you should consider activating a form of encryption on your computer. After the data is encrypted, you will need a secret key or password to decrypt it and have full access to it. We will focus here on Hardware Encryption but if you want to read up more on other types of security, then check out our article Different types of drive encryption and security.


What is hardware encryption?

Hardware encryption means the encryption happens within the drive. An SSD that has encryption built into the hardware is more commonly referred to as a Self-Encrypting Drive (SED). The majority of Crucial® SSDs are SEDs.

How does the hardware encryption on Crucial SEDs work?

With an SED, the encryption is always on, meaning when data is written to the SED it is encrypted by the controller and then it is decrypted when read from the SED. The password security feature needs to be activated by encryption management software. If that is not done, there is nothing stopping a user from reading the data on the drive. In other words, the SED will generously decrypt all information for anyone who asks, unless security management software is installed to prevent that.

The easiest way to regard this is like a security system in a house. Until this is "armed" (through the use of a piece of third-party software for applying login credentials, for example) it is simply there but not actively protecting your data.

What are the advantages of hardware encryption?

SED technology provides verified and certified data security that offers nearly unbreakable pre-boot access protection for user data. Because the encryption is a part of the drive’s controller it provides pre-boot data protection. Running a software utility to try and break authentication codes is not a possibility since the encryption is active before any software has started to load. Another advantage of an encryption feature that is active at all times is that this makes it possible for the drive to meet the compliance requirements of government standards for data in banking, finance, medical, and government applications, by adhering to TCG Opal 2.0 specifications and IEEE-1667 access authentication protocols. Crucial SEDs also support the standard full disk encryption protocol through the ATA-8 security command feature set.

Also, because the encryption takes place on the SED and nowhere else, the encryption keys are stored in the controller itself and never leave the drive.

Hardware encryption vs software encryption?

The main advantage to using hardware encryption instead of software encryption on SSDs is that the hardware encryption feature is optimized with the rest of the drive. If a user applies software encryption to a storage drive this adds several extra steps to the process of writing to the drive, because the data needs to be encrypted by the encryption software while it is being written. That same data then needs to be decrypted by the software again when the user wants to access it, which slows down the read process. In other words, adding a layer of software encryption negatively impacts the performance of an SSD. 

The hardware encryption of an SED however, is integrated into the controller, which means there is no impact on SSD performance either in the short term or in the long run. The read and write speeds are already taking encryption into account, because it already happens on every write cycle and decryption happens on every read cycle. The encryption is simply a part of the drive’s normal operation.


How to activate hardware encryption?

All a user needs to take advantage of an SED’s encryption ability is a software utility that provides encryption key management for SED devices. Crucial SEDs are fully compliant with the Microsoft® eDrive standard, which provides simple plug-and-play data security through the use of Windows® BitLocker®. Because Windows BitLocker doesn’t need to encrypt the drive before it can be used (that has already been done by the SSD’s controller) there is no delay or wait for encryption to take place. After Windows BitLocker is enabled, the SED is instantly ready to use. All you have to do is let the Self-Encrypting Drive operate just the way it has all along, and enjoy the peace of mind and high performance of a hardware-based encryption drive.

To activate hardware encryption on your drive, please refer to our guide here.

©2019 Micron Technology, Inc. All rights reserved. Information, products, and/or specifications are subject to change without notice. Neither Crucial nor Micron Technology, Inc. is responsible for omissions or errors in typography or photography. Micron, the Micron logo, Crucial, and the Crucial logo are trademarks or registered trademarks of Micron Technology, Inc. Microsoft, Windows, and Bitlocker are trademarks of Microsoft Corporation in the U.S. and/or other countries. All other trademarks and service marks are the property of their respective owners.