Technical support

Knowledgebase
OPAL Encryption FAQ
Article ID: KB527 email a link to this article

Important Note

Using OPAL Hardware Encryption, entrusts the security to the disk hardware vendor. ESET cannot verify or be liable for the strength of security in third-party devices and advise checking whether the disk in use has any known security vulnerabilities.

What is OPAL?

Full Disk Encryption (FDE) used to be a software only solution, however, a hardware based standard has emerged in the form of the OPAL Security Subsystem Class (SSC), commonly just referred to as OPAL.

 

What are the benefits?

  • Hardware encryption has no negative impact on the performance of systems
  • Encrypting a system with OPAL encryption is immediate and does not require you to wait for it to finish
  • Hardware based encryption is very secure
  • Easier to setup

Will my system support OPAL Full Disk Encryption (FDE)?

If you are unsure whether your system will support OPAL, please send us a support ticket with attached UEFI diagnostic log and we will be able to tell.

To obtain UEFI diagnostic log, please refer to this article: KB511 - How to obtain UEFI Diagnostic Log

If you have a OPAL 2.0+ compliant drive, it is expected to be supported.

OPAL FDE Minimum requirements

To FDE a system utilising OPAL, the system must meet the following requirements:

  • The drive must support TCG OPAL 2.0
  • The system must boot from UEFI (UEFI 2.3 or greater).
  • The system UEFI must support EFI_STORAGE_SECURITY_COMMAND_PROTOCOL or a pass-through protocol for the appropriate bus type. EFI_ATA_PASS_THRU_PROTOCOL, EFI_SCSI_PASS_THRU_PROTOCOL, EFI_NVME_PASS_THRU_PROTOCOL.
  • The system must have ESET Endpoint Encryption version 5.0 or later installed.
  • The system must be managed by an ESET Endpoint Encryption Server, which must be version 3.0 or later. 

Can I use the machine's TPM as well as OPAL?

TPM is an authentication method independent of the encryption method.  Therefore, you can use both OPAL and TPM.

Tested Disks

In our testing, we have made a short list of disks that are compatible:

Make & Model

Bus

Firmware

Samsung - MZVLW256HEHP-000L7

NVMe

 

Samsung - 960 EVO 256GB

NVMe

3B7QCXE7

Samsung - MZVPW256HEGL-000L7

NVMe

6L6QCXZ7

Crucial - CT250MX500SSD1

 

 

Crucial - CT1000MX500SD4

 

 

Crucial - MTFDDAV256TBN-1AR15ABHA

 

 

Crucial - MTFDDAV256TBN5

 

 

Kingston - SUV500M8/120G

 

 

 

 

 

 

 


We use cookies on our website to enhance your browsing experience. Read more