1

I'm building up a new machine with a Supermicro MB equipped with a TPM and a Seagate Constellation ES.3 SED drive (ST200NM0053). The MB has the AMI BIOS which does see the TPM.

I've installed Windows Server 2012 R2 Essentials. I'm now struggling to enable hard drive encryption using the SED feature of the hard drive.

My understanding (which is pretty weak) is the Windows BitLocker software can work with the TPM to support hard drive encryption but that Windows requires the hard drive to support OPAL 2, which the Seagate drive does not support.

I don't think I need to be concerned about this, because I'm under the impression that with this Seagate drive and a MB that supports TPM, I can enable the encryption regardless of what OS is running and manage the encryption, its related keys, backup, migration, etc. all through the BIOS. Furthermore, the OS won't even see that the drive is encrypted and needs no encryption capabilities or support at all.

But how do I enable encryption through the BIOS? I've gotten as far as enabling the TPM but I don't see anywhere where I can encrypt the drive or change the default password that the manufacturer installed on the drive.

What are my next steps and where might they be documented?

Improve this question
9
  • I am not aware of ANY requirements of the HDD to support Bitlocker, only of the TPM requirement, are you 100% sure there is a hardware requirement of the HDD in order to use Bitlocker? Bitlocker and the SED feature of the HDD are two entirely separate things.
    – Ramhound
    Commented Apr 24, 2015 at 16:32
  • This article: social.technet.microsoft.com/Forums/windows/en-US/… states that the hard drive will not perform encryption with BitLocker because the drive is not OPAL 2 compliant. I suppose that means the BitLocker will still encrypt the drive, but the encryption/decryption is being done by Windows (BitLocker) and not by the drive itself. My preference is to have the drives perform their own encryption.
    – mbmast
    Commented Apr 24, 2015 at 17:04
  • So you want to use the drives own encryption and Bitlocker, so encryption handled by the TPM and the encryption handled by the HDD?
    – Ramhound
    Commented Apr 24, 2015 at 17:05
  • I will be honest I think I understand what your asking but I cannot figure what your trying to accomplish. You don't have a HDD that supports NOT using Bitlocker if you want to use the TPM module.
    – Ramhound
    Commented Apr 24, 2015 at 17:09
  • @Ramhound I want to use the encryption built into the SED drives without using BitLocker. I don't want any dependencies on the OS to perform encryption. I know that in order to use the drive's encryption capabilities, the MB must have a TPM installed (and it does). I assume there must be some BIOS code that can enable encryption on the drive and manage the encryption keys (very similar to the ROM BIOS extensions used to create/destroy/maintain RAID volumes).
    – mbmast
    Commented Apr 24, 2015 at 17:16

1 Answer 1

Reset to default
0

these drives do work with bitlocker i know as i do use them bitlocker is a 2ed layer defence on these drives when drives are conected to pc with tpm. drives set aside a 100mg parttion and no u cant find it or remove it no software can find it. parttion is used store the encrition keys for drive, warrning microsoft uploades all bitlocker keys and they do use them. way around this is change the key

in all if microsoft want steel anything off the drives not readable even if they get around bitlocker they cant get around seagate encrition.

with microsoft makeing 10 back doors get in to every system these drives become a must have. i test microsoft software and find probems with it and then tell microsoft how fix it.

i stop doing this once i found microsoft was hacking my network once sed was added to my workstation lot change as data become useless to them note these drives looks at file data base files are treated very diffrent on these drives very heavly protecked from theft

u pc must have tpm on it these drives will not work with out tpm the encrition will not work

tpm dose not have be turn on in bitlocker just has be turn on in bios as harddrives tpm is part key makeing process

now diffrent models may be diffrent advise talk seagate on what drives need most these drives are sas drives few are sata throw seagate dose make them sas drives are much better drives

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .