0

I have made major changes to my body of text and title to clarify the question and the situation. Apologies for any confusion.

I recently purchased a Samsung 990 Pro NVME. It supports encryption, though Samsung support says that it needs to be explicitly enabled using BIOS Class 0, TCG Opal, or BitLocker (hardware encryption to use the built-in encryption engine).

Now, that is logical as the definition of encryption is to scramble the data and make it unreadable to unauthorised users. By default, the contents of the drive can be read by anyone with physical access to the drive since there is no key or password required.

In my own situation, I do not need to prevent unauthorised access to the contents of the drive while it is still in use by me. But I do need protections to ensure the data can be rendered unreadable in the case of an RMA (if drive destruction is not allowed) or sale of the drive.

The ultimate question, is the data scrambled using the encryption engine using a Data Encryption Key (DEK) without explicitly enabling encryption by setting a password or enabling encryption in Samsung Magician?

I am aware of potential flaws with the manufacturer’s implementation, but this is not a topic I am looking to touch on.

Joep van Steen
  • 4,730
  • 1
  • 17
  • 34
Joel
  • 33
  • 1
  • 6
  • 1
    Your question is confusing. Please describe the settings of your case in a more exact manner. After telling a long story suddenly Bitlocker comes into play in addition to the enabled/disabled ATA encryption. – r2d3 Aug 20 '23 at 13:40
  • In practice all SSDs always scramble data to equalize the 0's and 1's, regardless of any user-controller encryption settings. This is a technological measure to better utilize flash chips. – Nikita Kipriyanov Aug 20 '23 at 15:35
  • @NikitaKipriyanov, yes, but often XOR type scrambling. It does not equal encryption and the purpose is different. – Joep van Steen Aug 20 '23 at 15:47
  • I have made major changes to the body of text to hopefully make it more specific and less confusing. I can make more changes if necessary. – Joel Aug 21 '23 at 08:53
  • This does not change my answer, FWIW: You do not require encryption to securely get rid of your data as the drive provides other means, and likely encryption is always on as it is an easy way for data whitening as required by NAND anyway. – Joep van Steen Aug 21 '23 at 09:53
  • 1
    Related, and I don't think things have changed since then https://superuser.com/questions/986387/why-does-my-ssd-internally-encrypt-data-even-without-a-password-set/986392#986392 – Journeyman Geek Aug 21 '23 at 12:07
  • @JourneymanGeek, exactly! – Joep van Steen Aug 21 '23 at 15:21

3 Answers3

3

The thing is, Samsung support stated that their drives support encryption, but that it needs to be explicitly enabled.

From what I gathered, "enabling" encryption doesn't really enable it, as it is indeed always on and all data is already encrypted, but rather wipes the "clear" copy of the encryption key, so that the drive can no longer automatically unlock itself but requires a passphrase to be provided (via OPAL or via ATA security extensions).

The advantage of this method is that "enabling" encryption does not require encrypting and re-writing all sectors (which takes a long time, causes wear on the flash storage, and may end up leaving old copies of un-encrypted data around); all that needs to be rewritten is the few sectors holding the clear encryption key.

(It is similar to the BitLocker "suspended" mode that you sometimes see on fresh Windows installations – the entire disk is encrypted but the BitLocker header, which would normally hold passphrase-encrypted (or TPM-protected) copies of the Volume Master Key, instead holds a clear-text copy. In this mode, "Enabling" bitLocker will simply wipe the clear-text protector (to the best of the OS's ability) and replace it with a passphrase-encrypted one.

Joep van Steen
  • 4,730
  • 1
  • 17
  • 34
u1686_grawity
  • 426,297
  • 64
  • 894
  • 966
2

I just need sufficient protections in place should I have to sell or RMA the drive (unless they allow me to destroy it). In this case, would I benefit from data scrambling without the need to enable encryption

Does the SED question even matter?

Without asking ourselves whether the drive is a so called SED, if secure erasure is the main concern, NVMe specification which would apply to the Samsung drive as well, provides several secure erase methods:

"There are two types of secure erase. The User Data Erase erases all user content present in the NVM subsystem. The Cryptographic Erase erases all user content present in the NVM subsystem by deleting the encryption key with which the user data was previously encrypted." - source.

IOW the question you raise about encryption being enabled at all times or not, and the bulk of the OP being about this, becomes a red herring.

Back to SED anyway

This being said it seems unlikely to me the drive does not encrypt even if this option could somehow be disabled. And the reason for this is, as @NikitaKipriyanov mentions in the comments, modern NAND requires some kind of 'scrambling' or 'whitening' technique due to the nature of NAND.

Without it would suffer from an increase in bit errors. Scrambling was 'invented' to counter bit errors. Historically techniques like inversion (obsolete) and XOR shifting were used to increase entropy.

But encryption provides us with high entropy as it is. IOW the SDD relies on it, on some form of scrambling, and with the encryption engine baked into the controller it seems to me it's only logical it is always 'on' to provide this scrambling, encryption is the side effect in this case rather than the goal. - Reference.

Joep van Steen
  • 4,730
  • 1
  • 17
  • 34
  • SED was brought into question as SEDs apparently usually have encryption engine always enabled. I was concerned that if a drive did not scramble data using AES, a Secure Erase would result in User Data Erase, and NAND cells that were not cleared for some reason would retain this data in plain. Referring to Figure 189 on page 170 of **NVM Express Base Specification 2.0** you linked, it does seem like requesting a User Data Erase may result in Cryptographic Erase if the user data is encrypted. Unless I have misunderstood it? Samsung says their Secure Erase changes the status of the cells to FF. – Joel Aug 21 '23 at 21:20
  • FF is default state of the cell = no data (which we'd read as 00 or zero). With regards to page 170: Two options, (1) User data erase either erases - or - if encryption is enabled do crypto erase (throw away key), (2) crypto erase. So effectively if encryption is enabled it will be crypto erase no matter which option is chosen (if supported). – Joep van Steen Aug 21 '23 at 22:25
  • Would it be logical then to assume that, based on what support has told me, the Samsung Secure Erase in this case would be doing a User Data Erase, and this would also throw away the key (if the encryption engine is always enabled)? – Joel Aug 21 '23 at 23:33
  • I personally think that most likely the drive is encrypted, always, and that support was poorly instructed. And so that no matter which of the options you pick to erase the drive, in effect it will do a crypto erase. – Joep van Steen Aug 21 '23 at 23:45
  • That is what I also think. I have tried to ask Samsung if the encryption engine is always active, but they have been unable to give an exact answer. They even used to state that the drive was always encrypting with AES with previous products (like the 840 series). – Joel Aug 22 '23 at 00:12
2

You asked:

Since the encryption is essentially a black box, how could I even verify it?

You would need to reverse-engineer the firmware but even if you succeed in doing so you won't be able to reverse engineer the hardware.

Do not rely on black boxes. Use an alternative if available - and there are some.

Selling your disk to a random person is different than returning your disk in a RMA case. A random person is not aware of the content of the firmware and its abilities. Your disk manufacturer has written the firmware, though.

Asking Boeing or Airbus if they can remote control their planes or asking a storage manufacturer about the implementation of ATA security will not provide usable information for you.

The security of your data should not depend on a statement from support. What they say could be wrong without them doing anything wrong on purpose.

r2d3
  • 3,298
  • 1
  • 8
  • 24