Self-Encrypting Drives

To configure volume encryption settings for Self-Encrypting drives, edit the Volume Encryption action of the Full Disk Encryption rule.

The disk encryption setting Allow Self-Encrypting Drives (SED) hardware functionality lets Full Disk Encryption probe and use SED disks that comply with the OPAL standard. If a compatible system and disk are detected, Full Disk Encryption uses the hardware encryption on the disk instead of the traditional software encryption.

When using SED drives, do not change the default settings for Encrypted disks and volumes. The required settings are:

• Encrypt all visible disk volumes

  • Boot protect hidden disk volumes

    • Encrypt hidden disk volumes

When SED encryption is in effect on a client computer, the Drive Information in the Encryption Status of the client shows SED added to the volume name. You can see this in the Client UI and in the Computer Details > Full Disk Encryption in SmartEndpoint.

• AES encryption is always used with SED drives.

• You cannot use custom volume encryption with SED drives. The client overrides custom volume configuration.

• Manage SED drives in the same way as software-encrypted drives.

For SED Requirements, see the Release Notes for your Endpoint Security client version. Either search the Web for the release notes, or:

1. Open the Endpoint Security Homepage .

2. Go to Detailed Information per Release > Detailed Client Releases Information.

3. Find the row for your client version.

4. In the Additional information column, click Documentation.

5. Click the link to the Release Notes.