Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Beginner
2,341 Views

Hardware encryption on P4510 series drives?

Hello,

I'm evaluating the Intel P4510 series drives for an application where we'll need encryption on Linux. I've ordered in a few 2TB drives, and was planning to kick the tires on hardware encryption to determine impacts to drive performance. The software implementations for encryption like LUKS2 will be too slow for my application.

Could you please confirm that the P4510 series support TCG Opal 2.0, as indicated on the product brief? The brief calls out TCG Opal 2.0, but has a footnote saying that all management features are not implemented, and alludes to them possibly being implemented after product launch. This marketing material is misleading at best.

If Opal 2.0 is not supported, what hardware encryption is supported, and could you please point me to instructions for setting it up? Thank you.

Regards,

Mike

0 Kudos
10 Replies
Highlighted
Community Manager
26 Views

Hi Mike,

 

 

Thank you for posting in the Intel® communities.

 

 

I understand that you would like to know if Opal 2.0 is supported in the Intel® SSD DC P4510 Series. Please let me investigate on this before confirming it to you. I'll post an update as soon as possible.

 

 

Have a nice day.

 

 

Regards,

 

Diego V.
0 Kudos
Highlighted
Community Manager
26 Views

Hi Mike,

 

 

I've got confirmation that Opal 2.0 is not supported in the Intel® SSD DC P4510 Series, however it will be supported in future releases. Currently the drives that support Opal are the ones from the Professional family: https://ark.intel.com/# @ProfessionalSSDs https://ark.intel.com/# @ProfessionalSSDs

 

 

The Intel® SSD DC P4510 Series has AES-256 encryption, but you would have to use a software to use this feature.

 

 

I hope this information clarifies your concern.

 

 

Have a nice day.

 

 

Regards,

 

Diego V.

 

0 Kudos
Highlighted
Beginner
26 Views

Hi Diego,

Thanks for your prompt response.

Do you have any information on software options to enable the hardware encryption on Linux? We do not need to boot off of an encrypted P4510 drive. Our use case is that we would have a different boot drive using LUKS2 software encryption, as we don't care about throughput on the boot drive. We would have several of the P4510 drives connected to the system for high-throughput and encrypted streaming writes / reads. We just need some way to set the hardware encryption key for the P4510 drives.

As a small footnote to supporting TCG Opal 2.0, the product brief[1] says that "All manageability features are not available at the time of the product release but will be available in future maintenance release. Please refer to product specification for details about feature description and availability." We're prepared to make a pretty large purchase of these drives if they can support TCG Opal 2.0 as advertised, or can at least be usable for hardware encryption of some sort on Linux. If the product roadmap requires an NDA, we are more than willing to sign that document. Otherwise, we'll have look around to other vendors to fill this need.

[1] https://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/dc-p4510-series-brief.pd... https://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/dc-p4510-series-brief.pd...

Regards,

Mike

0 Kudos
Highlighted
Community Manager
26 Views

Hi Mike,

 

 

I understand.

 

 

Please let me investigate and see what I can find about this that may help you.

 

 

I'll contact you back as soon as possible.

 

 

Regards,

 

Diego V.

 

0 Kudos
Highlighted
Community Manager
26 Views

Hi Mike,

 

 

After investigating on your concern about the encryption requirements, I was confirmed that AES-256 encryption is indeed a feature included in the Intel® SSD DC P4510 Series, however it cannot be enabled or disabled. It is actually built in to the ASIC of the product. It encrypts any data that goes through the ASIC before it is sent out of the ASIC and written to the media.

 

 

On the other hand, according to your description above: "We just need some way to set the hardware encryption key…", our interpretation is that you would like to customize the encryption key in some way. Unfortunately, this is not possible. The key can only be changed through a secure erase process, but the drive firmware is the one that generates the new encryption key. This is not something that can be customized or edited in any way.

 

 

I hope you find this information helpful.

 

 

Have a nice day.

 

 

Regards,

 

Diego V.
0 Kudos
Highlighted
Beginner
26 Views

Hi Diego,

Maybe I'm not understanding the P4510 encryption functionality correctly. What protection does hardware encryption provide if there is no way to set the key? The essence of TCG Opal 2.0, which was advertised as a feature on this drive, is that it allows you to set the encryption keys in a standardized manner.

Regards,

Mike

0 Kudos
Highlighted
Community Manager
26 Views

Hi Mike,

 

 

I understand, however Opal is not currently supported on this drive. It's expected to be included in future releases but in the current one, there is no Opal support.

 

 

The information above is referring to the current encryption method the drive has, which is built-in and enabled by default. It's not possible to disable it, or to edit the encryption key in any way as that's handled directly by the firmware.

 

 

I hope this clarifies better this information.

 

 

Regards,

 

Diego V.
0 Kudos
Highlighted
Community Manager
26 Views

Hi Mike,

 

 

I was wondering if there is anything else, besides what we have already discussed about the Opal support or the encryption the Intel® SSD DC P4510 Series uses, that I can help you with.

 

 

Regards,

 

Diego V.
0 Kudos
Highlighted
Beginner
26 Views

No, but thank you for reaching out. I'm pretty disappointed in the misleading datasheet on Opal 2.0 support on these drives.

0 Kudos
Highlighted
Community Manager
26 Views

Hi Mike,

 

 

I understand you. I'll forward your feedback about the information in the documentation so that the proper team can take a look at it.

 

 

Regards,

 

Diego V.

 

0 Kudos