BitLocker came enabled by default on my out-of-the-box windows configuration of a Thinkpad X1 Carbon 5th Generation that I got last month (SDD is a Samsung 1TB PCIe-NVMe OPAL2 MZ-VLB1T0 HALR-000L7).
My questions are:
- If you have an OPAL self-encrypting drive, doesn't it make sense to use the native hardware-encryption with BIOS HDD password versus software-encryption for performance reasons?
- Is there any security disadvantage to disable BitLocker if the HDD password is set in the BIOS for the OPAL drive? (i.e. the SSD stays encrypted, right?)
- If the above are the case, why is BitLocker software-encryption enabled in the out-of-the-box factory installation state?
I note the default-installed BitLocker because it seems to me from the commercial website that all the disk drive options available for the X1 Carbon 5th Gen seem to be OPAL drives. That is, the drives are self-encrypting hard drives and should be protected if an HDD password is setup in the BIOS (at least according to Lenovo staff in a prior post here).
However, since these drives are not "Encrypted Hard Drives for Windows" (IEEE 1667 compliant), it is not possible to have Windows use BitLocker with hardware-encryption (I confirmed this on my machine by trying to enforce hardware-encryption on a new BitLocker encryption).
So I'm just confused that, given the software-encryption performance penalty, why would BitLocker be enabled in the default factory installation conditions (and considering a previous X1 Carbon 5th gen I had ordered earlier in the year did NOT come with BitLocker on by default). I want to make sure I am not compromising security if I disable BitLocker...
Thanks in advance to any Lenovo staff that can answer!
lenovo forum...
ما را در سایت lenovo forum دنبال می کنید
برچسب : نویسنده : lenovo1 بازدید : 356 تاريخ : پنجشنبه 21 دی 1396 ساعت: 10:43
