ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Compatible Opal v2-compliant drives for Symantec Endpoint Encryption Drive Encryption 11.1.x

book

Article ID: 161498

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

This article lists the Opal drives that are compatible with Symantec Endpoint Encryption Drive Encryption 11.1.3 (recommended), 11.1.2 (deprecated), 11.1.1 (deprecated), and 11.1.0 (deprecated). The Opal drives are listed in two whitelists:

  • Opal v2-compliant drives
  • Microsoft eDrive support – Opal v2-compliant drives

Note: All systems must be running Windows 8 or greater and boot in UEFI mode.

Update History

The following table lists the changes from v 11.1.1 to v 11.1.2.

Update Version Release date
Added support for the Micron 1100 EEFD Opal v2-compliant drive running firmware version N001  on Lenovo systems.
 
11.1.3 July 26, 2017

Added support for these Opal v2-compliant drives:

Table 1: OEM vendor

Vendor: Model

  • HP: EliteBook Revolve 810 G3

Table 2: Supported drive vendors and models

Vendor: Model / Firmware

  • SanDisk: SanDisk_SD7UB3Q128G1122 / *
  • SanDisk: SanDisk_SD7UB3Q256G1122 / *
  • SanDisk: SD7TN3Q-256-100 / *
  • SanDisk: SD8TB8U-512G-100 / *
  • SanDisk: SD8TB8U256G1001 / *
  • SanDisk: SD8TB8U-256G100 / *
  • SanDisk: SD8TB8U512G1001
  • SanDisk: SD8TN8U-512G-100 / *
  • SanDisk: SD8TB8U512G1001 / *
  • SanDisk: SD8TN8U-256G-100 / *
  • SanDisk: SD8TN8U256G1001 / *
  • SK: hynix_SC300_SED / 2002
  • SK: hynix_SC300_HFS2 / 2010
11.1.2 (deprecated) January 18, 2017

 

Resolution

Symantec Endpoint Encryption 11.1.2 Compatible Opal Drives

Versions 11.1.2 and 11.1.1 are combined into a single list, with the Update History table showing the changes.

Whitelist for Opal v2-compliant drives

The following two tables comprise the whitelist for Opal v2-compliant drives for Symantec Endpoint Encryption Drive Encryption 11.1.2:

  • Table 1: Supported OEM vendors and computer models
  • Table 2: Supported disk vendors and drives models
OEM vendor Computer model

Table 1: Supported OEM vendors and computer models

Dell All laptop models                                     
HP EliteBook 850 G2
  EliteBook 8570p
  EliteBook Folio 1040 G1
  EliteBook Folio 1040 G2
  EliteBook Revolve 810 G3
  ProBook 4540s
Lenovo All laptop models

In addition to the computers listed in the table, any computer is supported that has these required protocols:

  • ATA_Passthru
  • Secure Storage

Table 2: Supported drive vendors and models

Vendor

Drive model

Firmware

Intel

SSDSC2BF

LTVI

SSDSC2BF

LUDI

SSDSC2BF

TG20

SSDSC2BF120A5

TG20

SSDSC2BF180A5L

LTVI

SSDSC2BF180A5L

LUDI

Kingston

SKC300S

600ABBF0

Micron

M600_MTFD

LN01

M600_MTFD

MU03

MTFDDAV

M1T4

MTFDDAV256MAZ

*

MT (Micron)


 

 

M600_MTFD

LN01

M600_MTFD

MU03

MTFDDAV

 

MTFDDAV256MAZ

*

Samsung

SSD_840_EVO_120GB_mSATA

EXT41B6Q

SSD_840_EVO

EXT0

SSD_840_EVO

EXT41B6Q

SSD_850_EVO

EMT01B6Q

SSD_850_EVO

EMT21B6Q

SSD_850_EVO

EMT4

SSD_850_EVO_250G

EMT01B6Q

SSD_850_EVO_M.2

EMT21B6Q

SSD_850_PRO_256G

EXM02B6Q

SanDisk

SanDisk_SD7UB3Q128G1122

*

SanDisk_SD7UB3Q256G1122

*

SD7TB3Q

*

SD7TB3Q-256G-100

*

SD7TN3Q-256-100

*

SD7UB3Q

*

SD8TB8U-512G-100

*

SD8TB8U256G1001

*

SD8TB8U-256G100

*

SD8TB8U512G1001

*

SD8TN8U-512G-100

*

SD8TN8U512G1001

*

SD8TN8U-256G-100

*

SD8TN8U256G1001

*

SK

hynix_SC300_SED

2002

hynix_SC300_HFS2

2010

ST (Seagate)

ST500LM020-1G116

SM73

ST500LM020-1G1162

SM73

* = any firmware

 

For an Opal v2-compliant drive to be hardware encrypted:

  • The drive must appear on the whitelist, and
  • Drive Encryption must be able to provision the drive in Global Range Mode, if it is not in Single User Mode.

Otherwise, the drive is software encrypted.

Whitelist for Microsoft eDrive-support Opal v2-compliant drives

The following two tables comprise the whitelist for Microsoft eDrive support - Opal v2-compliant drives for Symantec Endpoint Encryption Drive Encryption 11.1.1:

  • Table 3: Supported OEM vendors and computer models
  • Table 4: Supported disk vendors and drive models

Table 3: Supported OEM vendors and computer models

Dell All laptop models                                     
HP EliteBook 850 G2
  EliteBook 8570p
  EliteBook Folio 1040 G1
  EliteBook Folio 1040 G2
  EliteBook Revolve 810 G3
  ProBook 4540s
Lenovo All laptop models

 

Table 4: Supported disk vendors and drive models

Disk vendor Drive model Firmware
Intel SSD_Pro_2500 *
Samsung SSD_840_EVO_mSATA *
*All firmware is automatically supported for
Microsoft eDrive support - Opal v2-compliant drive
   

For a Microsoft eDrive-support Opal v2-compliant drive to be hardware encrypted:

  • The drive must appear on the whitelist, and
  • Default partitions must be created during a default Microsoft Windows installation. when multiple partitions exist on a drive, the number of ranges must be properly mapped with the number of partitions.

Otherwise, the drive is software encrypted.

Symantec Endpoint Encryption Drive Encryption provides software-based encryption on unsupported laptops or if provisioning fails.

Client administrators can encrypt Opal v2-compliant drives using the Drive Encryption Administrator Command Line. The status command output for a hardware-encrypted drive differs, depending on how the drive was provisioned:

  • A hardware-encrypted Opal v2-compliant drive shows that the whole disk is encrypted.
  • A hardware-encrypted Microsoft eDrive support - Opal v2-compliant drive shows that only the C drive is encrypted.

Symantec Endpoint Encryption 11.1.0 Compatible Opal Drives

Whitelist for Opal v2-compliant drives

The following two tables comprise the whitelist for Opal v2-compliant drives for Symantec Endpoint Encryption Drive Encryption 11.1.0:

  • Table 5: Supported OEM vendors and computer models
  • Table 6: Supported disk vendors and drive models

Table 5: Supported OEM vendors and computer models

OEM vendor Computer model
Dell Latitude E5450                                              
Lenovo All laptop models

Table 6: Supported disk vendors and drive models

Disk vendor Drive model Firmware
Intel SSDSC2BF120A5 TG20
  SSDSC2BF180A5 TG20
  SSDSC2BF180A5L LTVI
  SSDSC2BF180A5L LUDI
Kingston KINGSTON_SKC300S 600ABBF0
Micron Micron_M600_MTFD MU03
  Micron_M600_MTFDDAV256MBF MU03
  MTFDDAV256MAZ M1T4
  Micron_1100_EEFD N001
Samsung Samsung_SSD_840_EVO_120GB_mSATA EXT41B6Q
  SSD_850_EVO_250G EMT01B6Q
  SSD_840_EVO_M.2 EMT21B6Q
  SSD_850_PRO_256G EXM02B6Q
  SSD_840_EVO_1TB EXT0CB6Q
  SSD_850_EVO_250GB_mSATA EMT41B6Q
Sandisk SanDisk_SD7UB3Q128G1122 X2180300
  SanDisk_SD7UB3Q256G1122 X2170300
  SD7TB3Q-256-100 X2180306
ST (Seagate) ST500LM020-1G1162 SM73

Notes:

  • For a supported Opal v2-compliant drive to be hardware encrypted, Drive Encryption must be able to provision the drive in Global Range Mode if it is not in single User Mode. Otherwise, Drive Encryption provides software encryption.
  • For unsupported laptops, or if the Drive Encryption provisioning of an Opal v2-compliant drive fails, Drive Encryption provides software encryption.
  • When you view the encryption status of hardware encrypted Opal v2-compliant drives using the Administrator Command Line, the whole disk appears encrypted.

Whitelist for Microsoft eDrive-support Opal v2-compliant drives

The following two tables comprise the whitelist for Microsoft eDrive support - Opal v2-compliant drives for Symantec Endpoint Encryption Drive Encryption 11.1.0:

  • Table 7: Supported OEM vendors and computer models
  • Table 8: Supported disk vendors and drive models

Table 7: Supported OEM vendors and computer models

Lenovo ThinkPad T540p                                       
  ThinkPad W540p
  ThinkPad X240

Table 8: Supported drive vendors and models

Vendor Drive model Firmware
Intel SSD Pro 2500 *
Samsung SSD 840 EVO mSATA *
Sandisk   *
*All firmware is automatically supported for
Microsoft eDrive support - Opal v2-compliant drive

In addition to a drive appearing on the Microsoft eDrive support - Opal v2-compliant drives whitelist, for an Opal v2-compliant eDrive to be hardware-encrypted:

  • Default partitions must be created during a default Microsoft Windows installation. When multiple partitions exist on a drive, the number of ranges must be properly mapped with the number of partitions.
  • Drive Encryption must be able to provision the drive in Global Range Mode, if it is not in Single User Mode.

Otherwise, the drive is software-encrypted.

Hardware Encryption characteristics/behavior

For unsupported laptops, or if provisioning fails, Symantec Endpoint Encryption Drive Encryption provides software-based encryption.

Client administrators can encrypt Opal v2-compliant drives using the Drive Encryption Administrator Command Line. The status command output for a hardware-encrypted drive differs, depending on how the drive was provisioned:

  • A hardware encrypted Opal v2-compliant drive shows that the whole disk is encrypted.
  • A hardware encrypted Microsoft eDrive support - Opal v2-compliant drive shows that only the C drive is encrypted.

Manually adding Opal drives certified as compatible between releases of Symantec Endpoint Encryption Drive Encryption

Drive Encryption software uses registry entries to identify which drives are whitelisted. When Symantec releases a new version of Endpoint Encryption, Symantec updates the whitelist and populates the registry entries as part of the release. If Symantec tests and approves Opal drives between releases, Symantec updates the whitelist in this KB, but you must populate the new registry entries. You only need to do this if you are interested in using one or more of those drives. You will know when Symantec updates the whitelist by subscribing to this KB article.

To learn how to create the registry entries that identify an Opal drive as whitelisted, see article TECH235480.