[KB7974] OPAL disk encryption for ESET Endpoint Encryption and ESET Full Disk Encryption FAQ

Issue

• OPAL encryption in ESET Endpoint Encryption (EEE) and ESET Full Disk Encryption (EFDE)
• List of tested OPAL-compatible disks

Solution

OPAL encryption FAQ

1. What is OPAL?

Full disk encryption (FDE) used to be a software-only solution. A hardware-based encryption standard emerged in the form of the OPAL Security Subsystem Class, commonly referred to as OPAL.

2. What are the benefits of OPAL FDE?

• • Hardware encryption has no negative impact on the performance of systems
  • Encrypting a system with OPAL encryption is immediate and does not require waiting for it to finish
  • Hardware-based encryption is very secure
  • Easier to set up

3. Will my system support OPAL FDE?

An OPAL 2.0+ compliant drive is expected to be supported. If you are unsure whether your system will support OPAL, obtain a UEFI diagnostic log, send a copy of this log file to ESET Technical Support for verification.

4. What are the minimum requirements for OPAL FDE?

To perform full disk encryption on a system utilizing OPAL, the system must meet the following requirements:

• • The drive must support TCG OPAL 2.0
  • The system must boot from UEFI (UEFI 2.3 or greater)
  • The system UEFI must support EFI_STORAGE_SECURITY_COMMAND_PROTOCOL or a pass-through protocol for the appropriate bus type: EFI_ATA_PASS_THRU_PROTOCOL, EFI_SCSI_PASS_THRU_PROTOCOL, EFI_NVME_PASS_THRU_PROTOCOL
  • The system must have ESET Endpoint Encryption (EEE) version 5.0 or later, managed by ESET Endpoint Encryption Server (EEES) version 3.0 or later, or ESET Full Disk Encryption (EFDE) installed

5. Can I use the machine's TPM as well as OPAL?

TPM is an authentication method independent of the encryption method. Therefore, you can use both OPAL and TPM.

List of tested OPAL-compatible disks

Disks that are compatible with OPAL FDE: