Jump to content
Corsair Community

MP510 2TB AES 256-bit Encryption?


Recommended Posts

The big question...does the MP510 drive support hardware encryption of any kind? The Corsair MP510 spec sheet states "Encryption: AES 256-bit Encryption":

 

https://www.corsair.com/eu/en/Categories/Products/Storage/M-2-SSDs/Force-Series-MP510/p/CSSD-F1920GBMP510#tab-tech-specs

 

Two questions: (1) What does Corsair mean when they say "Encryption: AES 256-bit Encryption"; and (2) Does the Phison E12 controller support TCG Opal?

 

On question (1), assuming this is not TCG-OPAL but is some other kind of hardware encryption, does anyone have any idea how to enable this mysterious "AES 256-bit Encryption" feature? There seems to be zero discussion, instructions, or any mention anywhere of anyone enabling hardware encryption on the MP510.

 

On question (2), scattered across the Internet are claims that the Phison E12 supports hardware encryption via TCG Opal. However, I have not been able to find a single report of anyone actually enabling TCG Opal preboot encryption on a Phison E12 drive (either with NVME Class 0 encryption, as supported by newish Lenovo Thinkpads, or via SEDutil preboot authentication).

 

There is one comment I found regarding enabling TCG Opal via SEDutil that mentions the MP510 that states "Most drives mention AES-256 somewhere on their spec sheet, but that doesn't mean they are TCG Opal compliant. The Corsair MP510 definitely is not detected as Opal-capable by sedutil.":

 

 

This comment is very interesting, particularly because Phison, via its spec sheet for the E12 controller makes encryption claims, interestingly stating "Self Encrypting Function (Optional):AES, TCG Opal, TCG Pyrite":

 

https://www.phison.com/images/products_datasheet/Embedded-PCIe_PS5012-E12.pdf

 

What does "Optional" mean in "Self Encrypting Function (Optional):AES, TCG Opal, TCG Pyrite"?

 

Also, the comment above "The Corsair MP510 definitely is not detected as Opal-capable by sedutil." may have been written regarding an older version of Phison E12 firmware. The original firmware version (12.1) is now updated to 12.3 - perhaps some form of encryption has been enabled in a firmware version after 12.1? In the case of the MP510, even though Corsair has not officially released the 12.3 firmware update, it is available in the dark corners of the Internet.

 

Does anyone have answers to these questions? I would love to get some kind of hardware encryption enabled on the MP510. it is beyond ridiculous that the MP510 spec sheet says "Encryption: AES 256-bit Encryption" but there is absolutely zero information regarding how to enable hardware encryption.

Edited by CottageDefeat
Link to comment
Share on other sites

Vaporware? The answer to the question, "Does the MP510 drive support hardware encryption of any kind, even though the Corsair MP510 spec sheet states "Encryption: AES 256-bit Encryption?" is...

 

...vaporware???

 

Seriously, no answer to this question???

Edited by CottageDefeat
Link to comment
Share on other sites

I wish I could have gotten that far with my MP510...I couldn't get the NVME formatted in my Windows 10 machine. After trying scores of recommendations from this board and others, I'm finally sending it back under the assumption it's defective. As I read this and other posts, I'm beginning to think it's an over-hyped dud.
Link to comment
Share on other sites

  • Administrators

Update: I bumped into a subject matter expert who said that encryption is drive internal, i.e. between controller and NAND, and that bitlocker / 3rd party encryption would be up to the user of the drive. OPAL is not available for the MP510.

 

Take this with a grain of salt as I could be misinterpreting what they said. Contacting the support team would be the appropriate next step for product support.

Edited by Technobeard
Link to comment
Share on other sites

Update: I bumped into a subject matter expert who said that encryption is drive internal, i.e. between controller and NAND, and that bitlocker / 3rd party encryption would be up to the user of the drive. OPAL is not available for the MP510.

 

Take this with a grain of salt as I could be misinterpreting what they said. Contacting the support team would be the appropriate next step for product support.

 

Thanks for the response. But, that makes no sense and can't be the answer. That makes no sense.

Link to comment
Share on other sites

  • 1 month later...
  • 2 weeks later...
Directly from our DRAM/SSD team (paraphrased a bit):

 

The MP510 doesn't support hardware encryption. AES 256-bit Encryption refers to software encryption, specifically Windows Bitlocker.

 

Thank you for providing the answer that everyone knows to be true.

 

You need to contact the marketing department and have them drop the "Encryption: AES 256-bit Encryption" claim, as shown here:

 

https://www.corsair.com/us/en/Categories/Products/Storage/M-2-SSDs/Force-Series-MP510/p/CSSD-F1920GBMP510#tab-tech-specs

 

...because the answer is that the drive isn't encrypting anything, but relying on third party software encryption, the drive does not have "Encryption: AES 256-bit Encryption".

 

This would be analogous to a car company advertising a car as "self driving". Yet, when you ask how the car drives itself, the car company says, "well, it is self driving if there is a driver in the car driving it. So long as our car has a driver in it driving the car, it is self driving."

Link to comment
Share on other sites

  • 2 months later...
Directly from our DRAM/SSD team (paraphrased a bit):

 

The MP510 doesn't support hardware encryption. AES 256-bit Encryption refers to software encryption, specifically Windows Bitlocker.

 

This is misinformation as it has nothing to with BitLocker.

 

NVMe drives that claim AES encryption without OPAL usually refer to ATA Security command support. There is a utility called NVMe ATA Security which lets you configure the ATA password on NVMe drives. If your BIOS doesn’t support NVMe ATA passwords you cannot boot directly from the drive and must unlock it from another boot disk, or use it as a data drive after unlocking it in the OS.

 

From the factory, the data is always encrypted using a key derived from a blank password, so the encryption is always “on”. Setting the ATA password re-encrypts the key based on the new password.

 

This is true of all manufacturers with similar AES-only drives and is just ignorance on the part of the marketing department. There are also AES & OPAL (but not IEEE 1667) drives which don’t work with BitLocker hardware encryption and fallback to software encryption. These drives can be unlocked on UEFI systems using SED Util or commercial OPAL software. If the drive supports IEEE 1667 as well it can be used with BitLocker hardware encryption and is usually marketed as eDrive compliant.

Edited by Monstieur
  • Like 1
Link to comment
Share on other sites

  • 3 months later...

I recently wen through this same process with a Corsair MP600 SSD I purchased because it said it had hardware AES encryption support. It does not, the encryption is "between the controller and the NAND", what use is that? In case someone tries to desolder the NAND and use it with another controller?

 

This marketing is dishonest. During the Covid-19 outbreak with many people working from home and being required to use encryption --this is not secure, there is no password, no anything. This drive will mount anywhere and no files will appear encrypted to the OS.

Link to comment
Share on other sites

×
×
  • Create New...