Question Are Windows 11 SSD Laptops SED's?

[very_452001]

Hi,

I like to buy a Win 11 ASUS Laptop with 16GB of RAM, are the SSD's in these laptops are Self-Encrypting Drives SED's aka Hardware Encryption? If yes are they normally turned on by default otherwise how you enable it?

SED's do not require the TPM hardware chip on the motherboard? If they do not require a TPM then why TPM is required as a minimum requirement to run Win 11 then?

Is MS Bitlocker Software Encryption or Hardware Encryption and does it use TPM?

Cheers,

 

[kerberos_20]

ms bitlocker is software encryption and it does use tpm, windows laptops are most likely encrypted, recovery key can be found in your ms account

 

[USAFRet]

TPM is more than just drive encryption.
https://learn.microsoft.com/en-us/w...ation-protection/tpm/how-windows-uses-the-tpm

"Protecting data through encryption and decryption, protecting authentication credentials, and proving which software is running on a system are basic functionalities associated with computer security. "


BitLocker is software.
"SED" is a function of the drive firmware, not Windows, TPM, or Bitlocker.

 

[very_452001]

ms bitlocker is software encryption and it does use tpm, windows laptops are most likely encrypted, recovery key can be found in your ms account

Ok if Bitlocker is software encryption then why does it use hardware TPM?

So windows laptops are encrypted and enabled by default most likely meaning if I lose my windows laptop, the person who found my laptop cant read my data from it?

 

[kerberos_20]

Ok if Bitlocker is software encryption then why does it use hardware TPM?

to store decrypt key

So windows laptops are encrypted and enabled by default most likely meaning if I lose my windows laptop, the person who found my laptop cant read my data from it?

yup, you can deactivate (lock) that lost portable device online through your ms account and whoever has it wont be able to see what files you have there.. since its encrypted

 

[very_452001]

TPM is more than just drive encryption.
https://learn.microsoft.com/en-us/w...ation-protection/tpm/how-windows-uses-the-tpm

"Protecting data through encryption and decryption, protecting authentication credentials, and proving which software is running on a system are basic functionalities associated with computer security. "


BitLocker is software.
"SED" is a function of the drive firmware, not Windows, TPM, or Bitlocker.

Okay are most of the popular SSD drives out there are SED's, and you mean the SSD firmware needs to be updated to enable SED?

 

[USAFRet]

So windows laptops are encrypted and enabled by default most likely meaning if I lose my windows laptop, the person who found my laptop cant read my data from it?

Depends.
Do you have a crappy, password that someone could figure out?

 

[USAFRet]

Okay are most of the popular SSD drives out there are SED's, and you mean the SSD firmware needs to be updated to enable SED?

Read through these:
https://www.trentonsystems.com/blog/self-encrypting-drives
https://www.ibm.com/docs/en/psfa/7.2.1?topic=administration-about-self-encrypting-drives

Hardware-based full disk encryption - Wikipedia

en.wikipedia.org

 

[very_452001]

Depends.
Do you have a crappy, password that someone could figure out?

Do you mean the windows login password after windows boots up? If so, if the drive is not encrypted then anyone with my hard drive or SSD drive can still read my data regardless whether there's a window password or not right?

 

[USAFRet]

Do you mean the windows login password after windows boots up? If so, if the drive is not encrypted then anyone with my hard drive or SSD drive can still read my data regardless whether there's a window password or not right?

I mean...if someone could log on as you, all is open.


But really...if someone steals your laptop, they are NOT interested in your data.
They just want to sell the hardware, as fast as possible.

 

[very_452001]

I mean...if someone could log on as you, all is open.


But really...if someone steals your laptop, they are NOT interested in your data.
They just want to sell the hardware, as fast as possible.

I understand but in this day and age Data is worth more than money, just look at the big Google tech giant, they are making money somehow.

 

[USAFRet]

I understand but in this day and age Data is worth more than money, just look at the big Google tech giant, they are making money somehow.

What google does is a LOT different than what your proposed thief does.

There is little if anything he can "sell", apart from the hardware.
Unless you have the blueprints for a working cold fusion reactor, no one is going to 'buy' your one off data.

 

[very_452001]

What google does is a LOT different than what your proposed thief does.

There is little if anything he can "sell", apart from the hardware.
Unless you have the blueprints for a working cold fusion reactor, no one is going to 'buy' your one off data.

Okay makes sense, but there's no harm in encrypting for extra security and peace of mind you know what I mean. For example if somebody steals my expensive laptop at the coffee shop, my address details are on the laptop and if its not encrypted the thief will know where I live and might come target my house for break in to steal as thief will probably assume expensive laptop means expensive items to steal back at my house.

 

[USAFRet]

Okay makes sense, but there's no harm in encrypting for extra security and peace of mind you know what I mean. For example if somebody steals my expensive laptop at the coffee shop, my address details are on the laptop and if its not encrypted the thief will know where I live and might come target my house for break in to steal as thief will probably assume expensive laptop means expensive items to steal back at my house.

Correct, there is little reason to not encrypt.

But they aren't "selling your data", nor mining it for deeper info on you.
They simply want to move that device to someone else as fast as they can.

 

[very_452001]

Correct, there is little reason to not encrypt.

But they aren't "selling your data", nor mining it for deeper info on you.
They simply want to move that device to someone else as fast as they can.

Okay better to be safe than sorry right?

I just like to take advantage of available software/hardware that I paid for to make full use of it hence why I am on these forums and asking on how to use them. Maybe on your software/hardware you like to do things differently to me however I like to do whatever with mine as its my right you know what I mean but then again its your decision your right to help me on these forums.

Cheers,

 

[DSzymborski]

Just to answer the initial question, not many mainstream consumer laptops will come with a self-encrypting drive. And any that actually have one is very likely to proclaim it, whether by noting that it's self-encrypting or that it's Opal. Companies like ASUS or MSI are not going to be enthralled with the idea of the inevitable support headaches for entire laptops in the first year when people, mainly people who don't really need it, naturally screw it up.

The practical benefit, of course, depends on the data. Things like your address are astronomically unlikely to be of interest; anyone who wants your address specifically has far easier ways of getting that and to someone stealing a laptop, it's just a random house address and it's not hard to find houses.