Hi!
How does one go about enabling the hardware encryption offered by the Samsung 850 EVO SSD?
The laptop using this implementation would be a Late 2011 MacBook Pro, 17."
Thanks!
Macbook Pro 17inch Late 2011 2.5GHz-OTHER, Mac OS X (10.7.4), Powered by Wild Nacatls
I did some further research.
The original number quoted from Wikipedia must be out-of-date, because other sources claim a negligible hit in performance with FileVault2, even when being applied to a mechanical hard drive. I assume the Wikipedia article was referencing the performance of FileVault2 on a machine that doesn't use a more recent Intel processor. The reason I assume that is because apparently FileVault2 now takes advantage of hardware acceleration offered by Intel processors for the software encryption process. This is for Macs that use an Intel processor from 2010 and later; as is discussed in these three links:
http://osxdaily.com/2011/08/10/filevault-2-benchmarks-disk-encryption-faster-mac -os-x-lion/
There's still a downside to using FileVault2 over hard drive facilitated encryption; though, which is a vulnerability to hackers retrieving the encryption password from the memory of a Mac that is still powered on. This info is from an article published in 2012, so maybe Apple has patched that vulnerability by now? I didn't see any mention of that, though.
https://www.cnet.com/news/filevault-2-easily-decrypted-warns-passware/
In the mean time, a way to account for that vulnerability would be to always power down the Mac when not near it instead of allowing sleep mode.
https://www.engadget.com/2012/02/03/apple-filevault-2-encryption-cracked-but-don t-panic/
So although there's probably negligible difference in performance between hardware encryption and FileVault2, there still seems to be better security with the hard drive's hardware-based encryption.
All of this info ultimately leads back to the original question. How does one go about accessing the UEFI/EFI on a Mac and enable the hardware encryption of the hard drive?
Hi,
That's a good question.
Apparently with FileVault's software mediated encryption, "the I/O performance penalty for using FileVault 2 was found to be in the order of 20 – 30% when using CPUs with the AES instruction set, such as the Intel Core i and OS X 10.7.[14][15] Performance deterioration will be larger for CPUs without this instruction set, such as older Core CPUs."
So in other words, if the hard drive is encrypting the data (instead of the OS) by using dedicated hardware that encrypts faster than the drive can read and write, then the encryption process no longer acts as a performance bottleneck. Seeing as how the whole point of getting a solid state drive was to remove read/write speeds as a bottle neck in performance, it would be kind of silly to re-introduce that bottleneck, even if it is marginal in comparison to the performance penalty incurred by using a mechanical hard drive.
I called Samsung, and the tech support representative said that one can enable the encryption protocol by accessing the BIOS or EFI/UEFI and assigning a password to the hard drive. The representative also said that because Apple is the computer manufacturer, Apple has the responsibility of helping the customer to navigate to the correct configuration page in the EFI/UEFI to enable the hardware encryption of the drive.
So, how exactly do I do that?
Hopefully someone here knows.
I don't have time to research it now, but I've never heard of FV taking anywhere near that percentage. Of course, I could have heard wrong. If that is true, and IF the hardware encryption really is faster than the disk can write, that sounds like a good reason to use it, if it doesn't cause issues with macOS....
I definitely do not know, have never heard of anyone doing it, and strongly suspect Apple isn't going to help you with a third party product. For your sake, I hope I'm proven wrong, and either Apple will help you (I really don't think they will), or someone will stop by here who has done it and will explain how to do it. I'd be curious to know myself. Good luck.
GeoMoon5 wrote:
I did some further research.
The original number quoted from Wikipedia must be out-of-date, because other sources claim a negligible hit in performance with FileVault2, even when being applied to a mechanical hard drive. I assume the Wikipedia article was referencing the performance of FileVault2 on a machine that doesn't use a more recent Intel processor. The reason I assume that is because apparently FileVault2 now takes advantage of hardware acceleration offered by Intel processors for the software encryption process.
That is exactly what I remember. Thanks for digging it up.
There's still a downside to using FileVault2 over hard drive facilitated encryption; though, which is a vulnerability to hackers retrieving the encryption password from the memory of a Mac that is still powered on. This info is from an article published in 2012, so maybe Apple has patched that vulnerability by now? I didn't see any mention of that, though.
I believe this is still true, which is why I always shut down my Macs. However, it takes very sophisticated equipment and the process is very difficult, so unless you have data that someone is willing to spend some serious money on retrieving, it's nothing to worry about. IIRC, it involves removing the RAM and putting it in liquid nitrogen in order for the RAM to retain the password information, then special hardware and technique to complete the operation. I'm not worried about it.
Hi,
I was looking at those, and IIRC, that's Window's only software. Why not enable FileVault?
Enable hardware encryption Samsung 850 EVO
