Policy based control over hardware encryption

Idea ID 2783261

Policy based control over hardware encryption

It has been more and more frustrating to try to find out what hardware encryption (OPAL) drives work with FDE.

I would like to see that you can control with policy would the FDE engine try to use software or HW based encryption. You could define default policy without HW encryption and if seen that certain drives/laptop models work ok, you could enable it HW encryption afterwards (if possible) or vice versa.

I have discussed about this with support earlier but just in case.. 😉
1 Comment
Absent Member.
Absent Member.
This has been implemented with ZCM 11.4: https://www.novell.com/documentation/zenworks114/zen11_fde_policies/data/bvy68br.html "... Enable software encryption of Opal compliant self-encrypting drives: When enabled, this option does the following to OPAL 2.0 compliant self-encrypting drives: - Prevents the ZENworks Pre-Boot Authentication (PBA) mechanism from initiating the drive’s locking feature. This allows the ZENworks PBA to work with ALL OPAL 2.0 compliant self-encrypting drives, not just the drives that are known to be drive-locking compatible with ZENworks Full Disk Encryption. - Applies software encryption to the drive, adding a second layer of encryption to the drive’s already hardware-encrypted contents. ..."
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.