As users of Windows 7 consider moving to Windows 8.1 or Windows 10, a new BitLocker feature is available that should be considered. Nicknamed "eDrive," "Encrypted Hard Drive," or "Encrypted Drive," the feature provides the ability for BitLocker to take advantage of the hardware encryption capabilities of compatible drives, instead of using software encryption. Hardware encryption provides benefits over software encryption in that encryption activation is near-immediate, and real-time performance isn’t impacted.
eDrive is Microsoft's implementation of managed hardware-based encryption built on the TCG Opal framework and IEEE-1667 protocols. It is implemented a bit differently from how third-party Independent Software Vendors (ISVs) implement and manage Opal-compatible drives. It is important to understand the differences as you evaluate your data protection strategy and solution.
eDrive information on the internet is relatively sparse currently. Here are a couple of resources from Intel that will help get you started:
- Video: http://www.intel.com/content/www/us/en/solid-state-drives/ssd-pro-2500-series-edrive-enabling-video.html
- Document: http://www.intel.com/content/dam/www/public/us/en/documents/solution-briefs/ssd-pro-2500-series-edrive-solutions-blueprint.pdf
And here are a couple of tools from Intel that will be useful when working with the Intel® SSD Pro 2500 Series:
If you're going to do research on the internet, I've found that "Opal IEEE 1667 BitLocker" are good search terms to get you started.
A special note to those who want to evaluate eDrive with the Intel® SSD Pro 2500 Series: the Intel-provided tool to enable eDrive support only works on "channel SKUs." Intel provides SSDs through the retail market (channel) and directly to OEMs (the maker/seller of your laptop). Support for eDrive on OEM SKUs must be provided by the OEM. Channel SKUs can be verified by looking at the firmware version on the SSD label, or with the Intel® SSD Toolbox or Intel® SSD Pro Administrator Tool. Firmware in the format of TG## (TG20, TG21, TG26, etc…) confirms a channel SKU, and the ability to enable eDrive support on the Intel® SSD Pro 2500 Series.
Take a look at eDrive, or managed hardware-based encryption solutions from ISVs such as McAfee, WinMagic, Wave, and others.
As always, I look forward to your input on topics you would like covered.
Thanks for your time!