A drive (HDD, SSD, NVMe…) can be encrypted in three different ways:

  • Encryption via software: the machine’s OS (e.g. Windows via BitLocker) encrypts the content of the drive, but otherwise the drive does not have any encryption itself.
    • Blancco Drive Eraser can erase these drives without a problem since it overrides the machine’s original OS.
  • Encryption via hardware: the drive encrypts itself and does not require the machine’s OS or any other utility. The drive has an encryption mechanism that does not depend on the machine’s OS, such drive usually supports the Sanitize Crypto Erase command which—if executed—changes the encryption key of the drive rendering its content nonsensical and any existing data unrecoverable. These drives are also known as self-encrypting drives or SED.
    • Blancco Drive Eraser can erase these drives without any major issue, these drives can also be erased using erasure standards that execute the Sanitize Crypto Erase command (e.g. “NIST 800-88 Purge”, “Blancco SSD Erasure”, “Cryptographic Erasure”).
  • Encryption via a combination of software and hardware: the drive supports a special locking/encrypting security feature that needs to be enabled via a utility provided by the drive manufacturer. One of the most popular is the OPAL security feature that locks/encrypts a drive to prevent any unauthorized person from accessing the data, it can be enabled either by the computer manufacturer or by the computer owner. These drives can also be called self-encrypting drives or SED.
    • Since version 6.8.0, Blancco Drive Eraser can detect ATA drives supporting the OPAL security feature. In case the OPAL feature is supported and disabled, BDE can erase these drives via any supported erasure standard or via an OPAL cryptographic erasure. In case the OPAL feature is supported and enabled, the drive should first be unlocked using another utility, more information about how to remove an OPAL lock in this article.