You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

A drive (HDD, SSD, NVMe…) can be encrypted in three different ways:

  • Encryption via software: the machine’s OS (e.g. Windows via BitLocker) encrypts the content of the drive, but otherwise the drive does not have any encryption itself.
    • Blancco Drive Eraser can erase these drives without a problem since it overrides the machine’s original OS.
  • Encryption via hardware: the drive encrypts itself and does not require the machine’s OS or any other utility. The drive has an encryption mechanism that does not depend on the machine’s OS, such drive usually supports the Sanitize Crypto Erase command which—if executed—changes the encryption key of the drive rendering its content nonsensical and any existing data unrecoverable. These drives are also known as self-encrypting drives or SED.
    • Blancco Drive Eraser can erase these drives without any major issue, these drives can also be erased using erasure standards that execute the Sanitize Crypto Erase command (e.g. “NIST 800-88 Purge”, “Blancco SSD Erasure”, “Cryptographic Erasure”).
  • Encryption via a combination of software and hardware: the drive supports a special locking/encrypting security feature that needs to be enabled via a utility provided by the drive manufacturer. One of the most popular is the OPAL security feature that locks/encrypts a drive to prevent any unauthorized person from accessing the data, it can be enabled either by the computer manufacturer or by the computer owner. These drives can also be called self-encrypting drives or SED.
    • Blancco Drive Eraser cannot erase these drives unless the OPAL security feature is disabled. More information about how to remove an OPAL lock in this article.


  • No labels