Hardware encryption of internal and external SSD (and Hard Drives)

I use:

  • Internal SSD: Samsung 990 Pro 2 TB
  • External SSD: Crucial x9 Pro 2 TB
  • External HDD: WD My Passport Ultra 5 TB

All of these devices have Hardware Encryption and comply with Opal Storage Specification Version 2.0. How can I easily and safely enable disable hardware encryption?

Drive-Trust-Alliance/sedutil: DTA sedutil Self encrypting drive software is not in active maintenance. And also the procedure is a bit complicated. I was hopeful if there is a easy solution like a flick of a button in Windows.


I know that the hardware encryption of SSD can not be trusted as it is proprietary and also there are some ways to defeat it as demonstrated in an IEEE paper: Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives IEEE Conference Publication IEEE Xplore 2. But for my threat level, I want to use hardware encryption and not LUKS. I have received an email from Samsung that the issues raised in the IEEE paper has been resolved in Samsung 980 Pro onwards.

Please don’t make it a philosophical discussion about pros and cons about Hardware encryption vs LUKS.

I found these docs Self-encrypting drives - ArchWiki
There is a list of disadvantages in those docs that is worth contempating.

Personally I do not trust disk vendors to get there crypto right and to keep the keys secret.
A while ago one vendor was found to be using the same AES key for every drive for example.
Also note when shipped to you there is no pass phrase set to protect the AES key.

That leaves open possible attacks on the drive to get the AES key before you get to set
a passphrase on the drive.

Using LUKS and the linux kernel encryption I do trust.

References for the claims?

Start reading read and follow refs in the reply How secure is hardware Full disk encryption (FDE) for SSD's - Information Security Stack Exchange

Leading to this paper https://eprint.iacr.org/2015/1002.pdf

I could not find the article for using same aes key.