Product: Intel "SolidStateDrive, 320 Series"
Specific part#: SSDSA2CW160G* (160GB capacity), part# not important b/c problem covers all SSD's - unfortunately even new "[secure] 320 series" ?
Two problems uncovered (which probably limit Intel sales!).
Let me first state two Questions (short), then go onto Explanation (lengthy):
1) HOW CAN THESE BE ADVERTISED with SECURITY BEING ITS STRONG POINT, WHEN SETTING "ATA PASSWORD" TURNS OUT TO BE EXCEEDINGLY RISKY (DESTROYS DEVICE!)? 2) CAN INTEL 'SSD TOOLBOX' LET CUSTOMER SET "ATA PASSWORD", OUTSIDE of BIOS (when BIOS lacks such feature)? =====
Explanation: Please assure your Technical knowledge is deep enough b/c to avoid bloating this Post, I provide minimum explanations for a subject some sales folks keep confusing with another (people who use cheapo computers, have no clue BIOS/PowerOn password has no relation to Harddisk/ATA Password [ATApass in turn exists in 2 forms: Master & Supervisor]) - so would help if an engineer or technically-inclined customer(s) or enthusiasts respond to following: If you use computers for serious business (in my case design engineering, financials/etc. storing secrets) rather than "pictures, music" or similar waste; you are likely using either or both protections: a) Encryption (Software or Hardware types) and/or b) Harddisk aka "ATA Password" (been part of ATA Command Set since mid 1990's, professionals know).
"Intel 320series" products Hardware Encryption (aka Self, Built-In) is utterly useless without setting up a "Harddisk/ATApassword". But it appears to be: ** extremely dangerous ** ==> dueto violation of ATA standard on SSD's side causing SSD self-destruct or host computer hang with subsequent need for massive complete restoration (for a Terabyte sized system nobody wants the nightmare). Is Intel correcting this critical issue making new "320" series security not only useless but also self-destructive?
ATA Password can be set in most business/hi-end laptops BIOS'es simply because they don't hide such functionality; cheaper/consumer laptops & most desktops hide it to deny 'idiot-customers' [who only use computers for entertainment], tho manufacturers like Intel , HP or Asus may offer also on consumer laptops & business desktop Mobos. But it appears despite emulating Harddrives, SSD's even "Intel320" advertised as specifically secure and implying the usage of ATA Password, are killed when password is really used - READ BELOW WHY!: If we can't safely use ATA Password, what's the point of Encryption (other than deterring an unlikely thief who instead of stealing SSD as one piece, desolders/steals individual flashmemory chips from it and solders into another controller (or Logically probes them) - being encrypted they can't be read, but why bother when Thief can simply unplug/steal entire SSD in 5 seconds, w/o ATApassword the encryption would be meaningless and SSD can be plugged into another computer!?). So we cannot trust secret data to an SSD - even one of the finest/securest on the market Intel320 - unlike a regular Harddrive in a computer whose BIOS allows such password? I am getting a headache b/c it means SSD can't be used for anything beyond simple boot-up device, at least not in Professional or Corporate environment. You wouldn't secure your Games, Grandma's photos or worry about someone stealing p 0 r n collection; but for anything more serious - you lose sales because unlike Harddrives, passwording SSD is dicey.
FIRST CHECK THIS OUT (WEBLINK):
INTEL'S OWN WARNING LAST UPDATED IN MARH 2011; HERE: http://www.intel.com/support/ssdc/hpssd/sb/CS-030724.htm
also similar warning surfaced earlier at this link:
Confirmed by numerous users on public Forums you may not be aware of. You can enable ATA Pass on Intel320 or competing SSD's like on a regular harddrive, nothing bad happens at first; but wait afterwards - you better never change or disable it or move SSD to another computer or other normal actions people need - b/c your data/money might die if you try. Just moving storage device like Harddrive or SSD to a new computer is a basic, frequently needed task. BUT WORST OF ALL - simple entering computer into Standby and returning back, or any power cycle like Turn on/of - system may hang often w/permanent data loss. I use Standby mode profusely and turning computer on/off is obviously a everyone's common action, so using SSD Security is effectively impossible - unless you willing to take chances!
Cheer up - Intel's 3 main competitors suffer from same plague now, but they don't advertise security feature as heavily as "Intel 320 Series" or they explicitly say "No". One solution which may or may not work, is backing up (Imaging) entire SSD, then issue Secure Erase command in Intel SSDToolbox which somehow implies changing/disabling password, then restoring whole thing again on same or new computer, then playing with password again - a major annoyance unheard of with regular Harddrives. A regular Harddrive ATA password can be changed instantly (if you're the owner and know old), also all you need to move to a new computer is disable it prior on original machine. Try that with SSD even Intel320 - you might be locked up forever, you're likely to lose a lifetime of data (whole drive) + maybe Operating System.
Trust me I ran a massive research which led me to rumors enabling ATA password on a competing SSD does the above behavior, I got Intel320 instead - I love Intel for other reasons (technical/reliability specs, thorough testing), but too bad it turns out to be identical problem, which means your SSD's controller/firmware still doesn't comply with ATA Security Xtension for practical use. Looks good on datasheet or advertising, but can't be used conveniently. Who wants to wipe out and restore their system, should they change a password or move to another computer? Okay maybe it's tolerable (maybe someone likes to sit thru 1Terabyte monster restorations), but the point is sometimes SSD is crashed even if NOT changing ATA password - just setting that Password in itself turns out to be risky for SSD (not Harddrives).
======= **) Second question is simple:
As professionals know, while business/hi-end laptops do have; some consumer laptops and many desktops don't have Harddisk/ATA Password option in their BIOS (do NOT confuse with PowerOn/BIOS/Supervisor pass present in most even cheapo computers - but completely unrelated & worthless, can be reset by kids in minutes!). There's a way to "hack" with special utilities, into emulating what BIOS supposed to offer in terms of harddisk/ATApassword (set, disable/change when owner needs, etc.) - but obviously it's not normal, it's like swimming in Tuxedo - very few people had been successful or posses knowledge, many caused perma-damage. So the question is:
DOES INTEL "SSD TOOLBOX" ALLOW SETTING THIS PASSWORD, OUTSIDE of BIOS (when BIOS lacks such feature)?
That would be so SO GREAT, another competitor's Forums are buzzing about it but I only go with Intel and we want it in Intel SSD Toolbox. Intel historically has had the best data integrity specs & track record, even if it's not always fastest, for us reliability is more important, I DON'T CARE for competitors' SSD esp. b/c Sandforce's implementation of AES Encryption is partially wrong!, we need this password thing for Intel 320 Series even if BIOS lacks that option, please.
Yes I know what was in "IntelSSD Toolbox" in earlier version - no ATA Password for sure (Secure Erase or BIOS/PowerOn password have nothing todo with it); I could install an update and recheck or Google or answers since SSD Toolbox specs don't say it clearly; but right now sitting on a pile of work and 3 new computers (for CAD design) awaiting my free time later, and Googling didn't clear it up - just wanted to know how to set ATA password if BIOS doesn't offer!
I got a Netbook also, some of world's best (HP DM1Z) perfect, except if someone steals which is ridiculously easy for a tiny laptop of Notepad thickness, I am dead. It's got Intel320 300GB drive full of emails, drawings, finances/banks. Its BIOS doesn't let me set "Harddisk Password", it does have 'PowerOn/BIOS supervisor" password but as explained above that one is totally not what we discuss here (ATA Password)- so if SSD is removed by Thief, it can be read in another computer. Not to mention even if I set such password, it can ruin Intel320 but at least to know SSD Toolbox can set it outside BIOS would be a partial relief.
======= P.S. You might be wondering if I am too stupid to use "Software FDE" (Full Disk Encryption) instead of all the above (Hardware Encryption + ATApassword)? Sorry, but I know all about it. Soft Encryption - typically FDE (e.g. BitLocker, TrueCrypt, PGP) as opposed to Hard Encryption w/coupled "ATA Password", is outside the scope of this Message (too long) - it maybe perfect for Harddrives but only for specific cases and has ISSUES with SSD's especially with those which already encrypt in hardware (Intel320, Sandforce). Not for people like us, too long to explain why.
I do run FDE ("BitLocker" flavor) on one machine only (b/c it's got regular Harddrives (WesternDigital RE4 series) & very powerful i7-2600 w/AES encryption accelerator), but really: We just want plain good old "ATA Password" to work - I've been using it w/Harddrives since 1998!, seems an easy wish but SSD manufacturers give us hell! Precluding your sales/profits to expand into more professional, corporate market, beyond "speedy bootup and gaming" stuff.