Issue

• OPAL encryption FAQ
• List of tested OPAL-compatible disks

Solution

OPAL encryption FAQ

1. What is OPAL?
   1. Full disk encryption (FDE) used to be a software-only solution. A hardware-based encryption standard emerged in the form of the OPAL Security Subsystem Class, commonly referred to as OPAL.
2. What are the benefits of OPAL FDE?
   • Hardware encryption has no negative impact on the performance of systems
   • Encrypting a system with OPAL encryption is immediate and does not require waiting for it to finish
   • Hardware-based encryption is very secure
   • Easier to set up

3. Will my system support OPAL FDE?

   1. An OPAL 2.0+ compliant drive is expected to be supported. If you are unsure whether your system will support OPAL, obtain a UEFI diagnostic log, send a copy of this log file to ESET Technical Support for verification.

4. What are the minimum requirements for OPAL FDE?

   • To perform full disk encryption on a system utilizing OPAL, the system must meet the following requirements:
   • The drive must support TCG OPAL 2.0
   • The system must boot from UEFI (UEFI 2.3 or greater).
   • The system UEFI must support EFI_STORAGE_SECURITY_COMMAND_PROTOCOL or a pass-through protocol for the appropriate bus type:  EFI_ATA_PASS_THRU_PROTOCOL, EFI_SCSI_PASS_THRU_PROTOCOL, EFI_NVME_PASS_THRU_PROTOCOL.
   • The system must have ESET Endpoint Encryption version 5.0 or later installed.
   • The system must be managed by an ESET Endpoint Encryption Server, which must be version 3.0 or later.

5. Can I use the machine's TPM as well as OPAL?

   1. TPM is an authentication method independent of the encryption method. Therefore, you can use both OPAL and TPM.

List of tested OPAL-compatible disks

Below is a shortlist of disks that are compatible with OPAL FDE: