Compatible Opal v2-compliant drives for Symantec Endpoint Encryption Drive Encryption 11.2 and 11.3

book

Article ID: 172490

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

This article lists the Opal drives that are compatible with Symantec Endpoint Encryption Drive Encryption 11.2 and 11.3:

  • Opal v2-compliant drives
  • Microsoft eDrive support – Opal v2-compliant drives

Note: All systems must be running Windows 8 or greater and boot in UEFI mode.

Update History

Update Version Release date

Added compatibility with the following Opal v2-compliant drives on Dell and Lenovo systems:

  • Kingston SUV500/240G
  • Kingston SUV500MS/240G
  • Kingston SUV500M8/240G
11.2.1 MP1 March 29, 2019

Added compatibility with the following OEM vendor and computer model for supported Opal v2-compliant drives:

  • HP EliteBook 850 G4

Added compatibility with the following Opal v2-compliant drives:

  • Micron MTFDDAV256TBN-1AR15ABHA
  • Sandisk SD9TN8W-256G-1006
11.2.0 MP1 September 21, 2018

 

Resolution

Symantec Endpoint Encryption 11.2 and 11.3 Compatible Opal Drives

Whitelist for Opal v2-compliant drives

The following two tables comprise the whitelist for Opal v2-compliant drives for Symantec Endpoint Encryption Drive Encryption 11.2 and 11.3:

  • Table 1: Supported OEM vendors and computer models
  • Table 2: Supported disk vendors and drives models
OEM vendor Computer model

Table 1: Supported OEM vendors and computer models

Dell All laptop models                                     
HP EliteBook 850 G2
  EliteBook 850 G4
  EliteBook 8570p
  EliteBook Folio 1040 G1
  EliteBook Folio 1040 G2
  EliteBook Revolve 810 G3
  ProBook 4540s
Lenovo All laptop models

In addition to the computers listed in the table, any computer is supported that has these required protocols:

  • ATA_Passthru
  • Secure Storage

Table 2: Supported drive vendors and models

Vendor

Drive model

Firmware

Intel

SSDSC2BF

LTVI

SSDSC2BF

LUDI

SSDSC2BF

TG20

SSDSC2BF120A5

TG20

SSDSC2BF180A5L

LTVI

SSDSC2BF180A5L

LUDI

Kingston

SKC300S

600ABBF0

SUV500/240G

003056RA

SUV500MS/240G

003056RA

SUV500M8/240G

003056RA

Micron

M600_MTFD

LN01

M600_MTFD

MU03

MTFDDAV

M1T4

MTFDDAV256MAZ

*

MTFDDAV256TBN-1AR15ABHA

*

MT (Micron)


 

 

M600_MTFD

LN01

M600_MTFD

MU03

MTFDDAV

 

MTFDDAV256MAZ

*

Samsung

SSD_840_EVO_120GB_mSATA

EXT41B6Q

SSD_840_EVO

EXT0

SSD_840_EVO

EXT41B6Q

SSD_850_EVO

EMT01B6Q

SSD_850_EVO

EMT21B6Q

SSD_850_EVO

EMT4

SSD_850_EVO_250G

EMT01B6Q

SSD_850_EVO_M.2

EMT21B6Q

SSD_850_PRO_256G

EXM02B6Q

SanDisk

SanDisk_SD7UB3Q128G1122

*

SanDisk_SD7UB3Q256G1122

*

SD7TB3Q

*

SD7TB3Q-256G-100

*

SD7TN3Q-256-100

*

SD7UB3Q

*

SD8TB8U-512G-100

*

SD8TB8U256G1001

*

SD8TB8U-256G100

*

SD8TB8U512G1001

*

SD8TN8U-512G-100

*

SD8TN8U512G1001

*

SD8TN8U-256G-100

*

SD8TN8U256G1001

*

SD9TN8W-256G-1006

*

SK

hynix_SC300_SED

2002

hynix_SC300_HFS2

2010

ST (Seagate)

ST500LM020-1G116

SM73

ST500LM020-1G1162

SM73

* = any firmware

 

For an Opal v2-compliant drive to be hardware encrypted:

  • The drive must appear on the whitelist, and
  • Drive Encryption must be able to provision the drive in Global Range Mode, if it is not in Single User Mode.

Otherwise, the drive is software encrypted.

Whitelist for Microsoft eDrive-support Opal v2-compliant drives

The following two tables comprise the whitelist for Microsoft eDrive support - Opal v2-compliant drives for Symantec Endpoint Encryption Drive Encryption 11.2 and 11.3:

  • Table 3: Supported OEM vendors and computer models
  • Table 4: Supported disk vendors and drive models

Table 3: Supported OEM vendors and computer models

Dell All laptop models                                     
HP EliteBook 850 G2
  EliteBook 8570p
  EliteBook Folio 1040 G1
  EliteBook Folio 1040 G2
  EliteBook Revolve 810 G3
  ProBook 4540s
Lenovo All laptop models

 

Table 4: Supported disk vendors and drive models

Disk vendor Drive model Firmware
Intel SSD_Pro_2500 *
Samsung SSD_840_EVO_mSATA *
*All firmware is automatically supported for
Microsoft eDrive support - Opal v2-compliant drive
   

For a Microsoft eDrive-support Opal v2-compliant drive to be hardware encrypted:

  • The drive must appear on the whitelist, and
  • Default partitions must be created during a default Microsoft Windows installation. when multiple partitions exist on a drive, the number of ranges must be properly mapped with the number of partitions.

Otherwise, the drive is software encrypted.

Symantec Endpoint Encryption Drive Encryption provides software-based encryption on unsupported laptops or if provisioning fails.

Client administrators can encrypt Opal v2-compliant drives using the Drive Encryption Administrator Command Line. The status command output for a hardware-encrypted drive differs, depending on how the drive was provisioned:

  • A hardware-encrypted Opal v2-compliant drive shows that the whole disk is encrypted.
  • A hardware-encrypted Microsoft eDrive support - Opal v2-compliant drive shows that only the C drive is encrypted.

Hardware Encryption characteristics/behavior

For unsupported laptops, or if provisioning fails, Symantec Endpoint Encryption Drive Encryption provides software-based encryption.

Client administrators can encrypt Opal v2-compliant drives using the Drive Encryption Administrator Command Line. The status command output for a hardware-encrypted drive differs, depending on how the drive was provisioned:

  • A hardware encrypted Opal v2-compliant drive shows that the whole disk is encrypted.
  • A hardware encrypted Microsoft eDrive support - Opal v2-compliant drive shows that only the C drive is encrypted.

Manually adding Opal drives certified as compatible between releases of Symantec Endpoint Encryption Drive Encryption

Drive Encryption software uses registry entries to identify which drives are whitelisted. When Symantec releases a new version of Endpoint Encryption, Symantec updates the whitelist and populates the registry entries as part of the release. If Symantec tests and approves Opal drives between releases, Symantec updates the whitelist in this KB, but you must populate the new registry entries. You only need to do this if you are interested in using one or more of those drives. You will know when Symantec updates the whitelist by subscribing to this KB article.

To learn how to create the registry entries that identify an Opal drive as whitelisted, see article TECH235480.