SSD manufacturers have released Self Encrypting Disks (SEDs) which use
hardware encryption on the disk.
OS agnostic, and should generally be faster than software based encryption like
However, I could not clarify if such a disk, and encryption, if used, would always require a password prompt upon reboot.
As I understand it, the password / key for these SEDs is generally stored inside a special
ATA password field in
OS boots, the disk looks to this password / key and decrypts, and remains decrypted as long as
OS is in session. But am not sure whether it prompts the user for a password and does a match upon reboot or decrypts without any intervention..
Currently, I require the disk to not require any password prompt upon system boot, it should take it from the
BIOS. I know that if the PC gets stolen, then data is exposed, but at least I want to ensure that disk theft will not cause data exposure.
If this is not possible, that a
SED will always ask for a password prompt when
OS boots, would it help if the
key be placed in a
TPM instead, assuming that is possible, not sure if it would make a difference though.