[KB7974] OPAL disk encryption FAQ

Issue

• OPAL encryption FAQ
• List of tested OPAL-compatible disks

Solution

OPAL encryption FAQ

1. What is OPAL?

Full disk encryption (FDE) used to be a software-only solution. A hardware-based encryption standard emerged in the form of the OPAL Security Subsystem Class, commonly referred to as OPAL.

2. What are the benefits of OPAL FDE?

• • Hardware encryption has no negative impact on the performance of systems
  • Encrypting a system with OPAL encryption is immediate and does not require waiting for it to finish
  • Hardware-based encryption is very secure
  • Easier to set up

3. Will my system support OPAL FDE?

An OPAL 2.0+ compliant drive is expected to be supported. If you are unsure whether your system will support OPAL, obtain a UEFI diagnostic log, send a copy of this log file to ESET Technical Support for verification.

4. What are the minimum requirements for OPAL FDE?

To perform full disk encryption on a system utilizing OPAL, the system must meet the following requirements:

• • The drive must support TCG OPAL 2.0
  • The system must boot from UEFI (UEFI 2.3 or greater).
  • The system UEFI must support EFI_STORAGE_SECURITY_COMMAND_PROTOCOL or a pass-through protocol for the appropriate bus type: EFI_ATA_PASS_THRU_PROTOCOL, EFI_SCSI_PASS_THRU_PROTOCOL, EFI_NVME_PASS_THRU_PROTOCOL.
  • The system must have ESET Endpoint Encryption version 5.0 or later installed.
  • The system must be managed by an ESET Endpoint Encryption Server, which must be version 3.0 or later.

5. Can I use the machine's TPM as well as OPAL?

TPM is an authentication method independent of the encryption method. Therefore, you can use both OPAL and TPM.

List of tested OPAL-compatible disks

Below is a shortlist of disks that are compatible with OPAL FDE: