Enhanced Self-Encrypting Drive Support: Previously, support for OPAL compliant self-encrypting drives was limited to a specific list of approved drives. This limitation was, and still is, due to variations in the way that drive manufacturers implement the OPAL specification with regards to drive locking. If you want ZENworks Full Disk Encryption to use drive locking, you must use one of the drives on the approved list (see ZENworks 11 SP4 Full Disk Encryption Self-Encrypting Drive Support) or use a self-tested drive that works (see ZENworks 11 SP4 Full Disk Encryption Self-Encrypting Drive Compatibility Testing).
With this release, ZENworks Full Disk Encryption also supports OPAL 2.0 compliant self-encrypting drives that are not drive-locking compatible. It does this by using pre-boot authentication with software-based encryption. In this mode, the ZENworks PBA does not implement drive locking; the drive remains unlocked (but hardware encrypted) at all times. To compensate for the drive being unlocked, ZENworks Full Disk Encryption applies software encryption to the drive, adding a second layer of encryption to the drive’s native hardware encryption.
For more information, see ZENworks 11 SP4 Full Disk Encryption Deployment on Self-Encrypting Drives.