Win10Pro, SSD hardware encryption. How do I enable it?

Windows 10 on Lenovo hardware
Post Reply
Message
Author
slowmail
Posts: 2
Joined: Wed Jun 14, 2017 1:39 am
Location: Tokyo, JP - Earth

Win10Pro, SSD hardware encryption. How do I enable it?

#1 Post by slowmail » Wed Jun 14, 2017 1:56 am

I recently received an X270, with Win10Pro, Hardware dTPM, and 1TB Solid State Drive, PCIe-NVMe OPAL2.0.

Is it possible to enable bitlocker on the boot drive with hardware encryption? If so, how do I enable it? I have been trying to, but it seems to only use software encryption...
(am able to reformat the laptop if required...)

w0qj
Senior Member
Senior Member
Posts: 680
Joined: Fri Jun 11, 2004 9:53 pm
Location: Hong Kong

Re: Win10Pro, SSD hardware encryption. How do I enable it?

#2 Post by w0qj » Wed Jun 14, 2017 4:20 am

There was a similar discussion regarding hardware encrypted SSD and OPAL encryption here:
viewtopic.php?f=62&t=123463

We note that your SSD is an original OEM OPAL 2.0 compliant SSD and using Win10 Professional 64-bit,
which in theory should support hardware encrypted SSD.

Anyone else able to help?
Daily Driver: X1 Carbon 4th Gen (X1C4): i7-6600U 2.6GHz; 16GB DDR3 1866 MHz; 1TB PCIe-NVMe SSD; 14" WQHD 2560x1440; LTE EM7455 Mobile Broadband; Win7 Pro 64bit
Current Thinkpads: X1C4 | X1C3 | X250 | X230 | T410
Retired Thinkpads: T42 | 560 (circa 1996)
~~IBM Thinkpad era computer bag !

Puppy
Senior ThinkPadder
Senior ThinkPadder
Posts: 2377
Joined: Sat Oct 30, 2004 4:52 am
Location: Prague, Czech Republic

Re: Win10Pro, SSD hardware encryption. How do I enable it?

#3 Post by Puppy » Wed Jun 14, 2017 4:27 am

Note that all modern SSDs use hardware encryption by default with random generated stored key you don't know about. This helps to erase the drive easily just by rewriting the key by another random one. Using good old SATA HDD password feature in BIOS you can protect the key that makes overall good and easy security option. More technical details here https://jbeekman.nl/blog/2015/03/lenovo ... -password/
ThinkPad (1992 - 2012): R51, X31, X220, Tablet 8

RealBlackStuff
Admin
Admin
Posts: 18044
Joined: Mon Sep 18, 2006 5:17 am
Location: Mt. Cobb, PA USA
Contact:

Re: Win10Pro, SSD hardware encryption. How do I enable it?

#4 Post by RealBlackStuff » Wed Jun 14, 2017 7:48 am

Someone should maybe ask the above jbeekman to figure out how to remove the obnoxious wifi whitelist!

slowmail
Posts: 2
Joined: Wed Jun 14, 2017 1:39 am
Location: Tokyo, JP - Earth

Re: Win10Pro, SSD hardware encryption. How do I enable it?

#5 Post by slowmail » Thu Jun 15, 2017 11:41 am

Thanks for the replies.

I spent a day trawling the net, and arrived at the following conclusion: Win10Pro Bitlocker is not able to use hardware encryption with this drive. :(

For Bitlocker to use hardware encryption, the drive needs to support IEEE-1667 (aka 'edrive').
The Samsung PM961 drive that comes with this laptop does not appear to support this standard.

To use hardware encryption with this drive, some other software is required (eg: WinMagic's SecureDoc, sedutil, or similar.).

Also, Samsung's Magician software, which is used to enable the 'encrypted drive' flag in Samsung SSDs "does not support an OEM SSD product". (source).

Post Reply
  • Similar Topics
    Replies
    Views
    Last post

Return to “Windows 10”

Who is online

Users browsing this forum: No registered users and 1 guest