I’ve been looking for enterprise nvme drives supporting TCG OPAL spec and while I do find a few (ex: intel p4510) it seems like every single manufacturer has elected to make both SED and non-SED versions of the same drive so you end up having to find a very specific SKU.
when looking in eBay it’s nearly impossible to find the SED-enabled variants.
whhhyyy?
I am reasonably confident most enterprises skipped the SED versions and just used software encryption because they didn’t want to deal with key management and passwords at boot time at the device level across 24 drives per server. And I’d guess that means few of them were sold and therefore few of them are being ewasted.
Is that the answer to my question or is it something else?
to me a self-encrypting drive is fabulous because it means if I have a hardware failure I don’t have to give a shit what was on the drive. And it means I can easily double encrypt my data (SED + software encryption) with no performance penalty compared to using exclusively software encryption, which protects me from any possible TCG OPAL exploits (of which I currently only know one).
I know I can get what I want from consumer drives but I can’t get sriov or namespace support from consumer drives.
when looking in eBay it’s nearly impossible to find the SED-enabled variants.
whhhyyy?
I am reasonably confident most enterprises skipped the SED versions and just used software encryption because they didn’t want to deal with key management and passwords at boot time at the device level across 24 drives per server. And I’d guess that means few of them were sold and therefore few of them are being ewasted.
Is that the answer to my question or is it something else?
to me a self-encrypting drive is fabulous because it means if I have a hardware failure I don’t have to give a shit what was on the drive. And it means I can easily double encrypt my data (SED + software encryption) with no performance penalty compared to using exclusively software encryption, which protects me from any possible TCG OPAL exploits (of which I currently only know one).
I know I can get what I want from consumer drives but I can’t get sriov or namespace support from consumer drives.