Take a look at our
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message
Win10Pro, SSD hardware encryption. How do I enable it?
Win10Pro, SSD hardware encryption. How do I enable it?
I recently received an X270, with Win10Pro, Hardware dTPM, and 1TB Solid State Drive, PCIe-NVMe OPAL2.0.
Is it possible to enable bitlocker on the boot drive with hardware encryption? If so, how do I enable it? I have been trying to, but it seems to only use software encryption...
(am able to reformat the laptop if required...)
Is it possible to enable bitlocker on the boot drive with hardware encryption? If so, how do I enable it? I have been trying to, but it seems to only use software encryption...
(am able to reformat the laptop if required...)
Re: Win10Pro, SSD hardware encryption. How do I enable it?
There was a similar discussion regarding hardware encrypted SSD and OPAL encryption here:
viewtopic.php?f=62&t=123463
We note that your SSD is an original OEM OPAL 2.0 compliant SSD and using Win10 Professional 64-bit,
which in theory should support hardware encrypted SSD.
Anyone else able to help?
viewtopic.php?f=62&t=123463
We note that your SSD is an original OEM OPAL 2.0 compliant SSD and using Win10 Professional 64-bit,
which in theory should support hardware encrypted SSD.
Anyone else able to help?
Daily Driver: (X1E3) X1 Extreme 3rd Gen | mobile broadband (WWAN)
Current Thinkpads: X1E3 | X1E1 | X1C10 | X1C9 | X1C4 | X1C3 | X230
Retired Thinkpads: X250 | T410 | T42 | 560 (circa 1996)
Current Thinkpads: X1E3 | X1E1 | X1C10 | X1C9 | X1C4 | X1C3 | X230
Retired Thinkpads: X250 | T410 | T42 | 560 (circa 1996)
-
- Senior ThinkPadder
- Posts: 2821
- Joined: Sat Oct 30, 2004 4:52 am
- Location: Prague, Czech Republic
Re: Win10Pro, SSD hardware encryption. How do I enable it?
Note that all modern SSDs use hardware encryption by default with random generated stored key you don't know about. This helps to erase the drive easily just by rewriting the key by another random one. Using good old SATA HDD password feature in BIOS you can protect the key that makes overall good and easy security option. More technical details here https://jbeekman.nl/blog/2015/03/lenovo ... -password/
ThinkPad (1992 - 2012): R51, X31, X220
Huawei MateBook 13
Huawei MateBook 13
-
- Admin Emeritus
- Posts: 23825
- Joined: Mon Sep 18, 2006 5:17 am
- Location: Loch Garman, Éire
Re: Win10Pro, SSD hardware encryption. How do I enable it?
Someone should maybe ask the above jbeekman to figure out how to remove the obnoxious wifi whitelist!
Re: Win10Pro, SSD hardware encryption. How do I enable it?
Thanks for the replies.
I spent a day trawling the net, and arrived at the following conclusion: Win10Pro Bitlocker is not able to use hardware encryption with this drive.
For Bitlocker to use hardware encryption, the drive needs to support IEEE-1667 (aka 'edrive').
The Samsung PM961 drive that comes with this laptop does not appear to support this standard.
To use hardware encryption with this drive, some other software is required (eg: WinMagic's SecureDoc, sedutil, or similar.).
Also, Samsung's Magician software, which is used to enable the 'encrypted drive' flag in Samsung SSDs "does not support an OEM SSD product". (source).
I spent a day trawling the net, and arrived at the following conclusion: Win10Pro Bitlocker is not able to use hardware encryption with this drive.
For Bitlocker to use hardware encryption, the drive needs to support IEEE-1667 (aka 'edrive').
The Samsung PM961 drive that comes with this laptop does not appear to support this standard.
To use hardware encryption with this drive, some other software is required (eg: WinMagic's SecureDoc, sedutil, or similar.).
Also, Samsung's Magician software, which is used to enable the 'encrypted drive' flag in Samsung SSDs "does not support an OEM SSD product". (source).
Re: Win10Pro, SSD hardware encryption. How do I enable it?
Bitlocker is software encryption. It is possible to enable both software and hardware encryption in principle. However it is an unnecessary and pointless redundancy. The hardware "decryption" using a passphrase is done preboot. The reason why Bitlocker fails is probably only because of an alteration in the SSD's hardware ID.
-
- Similar Topics
- Replies
- Views
- Last post
-
-
X230 - what SSD will best fit in the WWAN slot?
by br1anstorm » Tue Nov 14, 2023 3:59 pm » in ThinkPad X230-X280 / X390 Series - 15 Replies
- 5811 Views
-
Last post by br1anstorm
Wed Nov 15, 2023 6:17 pm
-
-
- 0 Replies
- 4311 Views
-
Last post by bjain29
Mon Nov 20, 2023 9:28 am
-
-
Thinkpad X1 Yoga Gen 4 SSD compatibility
by bluewaterrocket » Sun Dec 03, 2023 8:24 pm » in ThinkPad Yoga - 1 Replies
- 2884 Views
-
Last post by axur-delmeria
Mon Dec 04, 2023 1:43 am
-
-
-
Heat Sink Thickness for M.2 SSD T440P
by euless » Wed Dec 13, 2023 10:55 pm » in ThinkPad T430-T490 / T530-T590 Series - 0 Replies
- 1709 Views
-
Last post by euless
Wed Dec 13, 2023 10:55 pm
-
Who is online
Users browsing this forum: No registered users and 8 guests