tag:blogger.com,1999:blog-6556570756580888640.post2252998662692490501..comments2022-12-10T03:26:37.738-07:00Comments on ~sstahlman/: Hardware FDE with Intel SSD 330 on Intel DH67BL MotherboardSeth Stahlmanhttp://www.blogger.com/profile/16904131485109317609noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-6556570756580888640.post-87753992507428753952014-09-20T04:16:42.025-06:002014-09-20T04:16:42.025-06:001) You should be safe with UEFI, and you won't...1) You should be safe with UEFI, and you won't need a boot partition, as such, instead, you need the layout EFI likes. See this SU thread for some information you'll find helpful: http://superuser.com/questions/496026/what-is-the-difference-in-boot-with-bios-and-boot-with-uefi Linux should work just dandy with it enabled.<br /><br />2) The BIOS will freeze the drive no matter whether you're faking SATA in Legacy mode or not; there's really no reason to set it at IDE mode, unless you were using some braindead tools that don't seem to work well with AHCI. (hdat2/mhdd, depending on the hour and status of livestock sacrifices.) Remember, the drive is only 'frozen' as far as doing ata commands like secure erase and the other security (password) commands. Unless you're doing those, it won't affect you. (And if you do want to do them, on this system, you have to unplug the drive and plug it back in, or wait until bios is done with post to plug it in)<br /><br />3. You can modify, but my understanding is when you go to flash, it'll fail, and also, the boot block (if not flashed) will refuse to complete loading the bios main because it's not signed. It's worse on some new HP tablets, this whole thing: some really lame ass companies (Cough. Intel. Cough) seem to be in the habit of locking down employee devices, such that bios access is locked, and no boot devices allowed, so no way to even flash the system --- which won't load any .efi files not signed. Just nasty. I'm not an advanced user at all; just poking around in the dark. I thought it'd be stupid to try to do something like truecrypt on an SSD that had hardware encryption, and was miffed there was no way of using it on a desktop, hence this blog post figuring out a way. Seth Stahlmanhttp://sstahlman.blogspot.comnoreply@blogger.comtag:blogger.com,1999:blog-6556570756580888640.post-45793839282210167622014-09-20T00:06:21.867-06:002014-09-20T00:06:21.867-06:00As far as I know, there isn't any way to easil...As far as I know, there isn't any way to easily deal with that behavior; I didn't get to the point of modding the BIOS, since my understanding is this one is signed. Intel's position on this seems to be "To hell with the customer" and it's pretty aggravating. However, you shouldn't need to care about any of this just to format it as GPT and install Linux; snag Hiren's or use any Linux boot disc(?). <br /><br />What I wanted was to have a password enabled, which this board doesn't allow, unless you go through the gyrations I outlined. Short of actually hacking on the BIOS, the only way to bypass the freeze lock is to disconnect and reconnect the drive after the system is booted.<br /><br />Edit: I looked at your question in the forum. No, you don't need to worry about this at all. The FROZEN prevents the drive from having a hdd password set; the logic is that unpleasant sorts can't set a hdd password and then have easy ransomware. The drive in the frozen state also won't allow a SECURE ERASE, which in the case of this drive, means it 'loses' the previous encryption key and creates a new one (assuming we can trust Intel's engineers to tell the truth, the data's always encrypted). This all has nothing to do with normal operation of the drive; the only reason you'd care about this is if you were trying to do what I did, and have a hard drive password set on this board. Seth Stahlmanhttps://www.blogger.com/profile/16904131485109317609noreply@blogger.comtag:blogger.com,1999:blog-6556570756580888640.post-4919426944162855662014-09-19T22:33:39.724-06:002014-09-19T22:33:39.724-06:00Hi @Seth. your post is very helpful. I have a 2012...Hi @Seth. your post is very helpful. I have a 2012 July bought Intel DH67CL1 mainboard with BIOS updated to latest available release(160). I enabled "UEFI" mode. I have a Intel 330 series 180GB SSD which is connected to the system and need to format GPT and install Linux. But, hdparm shows that although it is not "locked" , but "frozen". from what I get, it is BIOS which security freeze the SSD drive each time it detects SSD. I have once secure erased and "unfrozen" the SSD, but got frozen again on next boot. it is impractical, you know - to remove and reconnect SSD each time to skip BIOS/UEFI(what I understands) . Will you help me how to deal with this BIOS? is there a custom modified BIOS/UEFI with more options including SSD freeze enable/disable options and others. very few actually understands my query when I asked in some computer forums. thank you. <br />BTW, please find my queries here:<br />https://communities.intel.com/thread/55049<br />http://www.neowin.net/forum/topic/1229567-ssd-info-shows-frozen-state-after-secure-erasing-also-shows-frozen-bios-problem/?p=596578565<br />Abraham Muvattupuzhahttp://faithfreedom.orgnoreply@blogger.com