Enabling Bitlocker Full Disk Encryption on a drive w 2 partitions?

I have posted to bring to your attention that your drive has
Samsung 970 EVO Plus NVMs SSD with V-NAND, 1TB | Samsung UK
Encryption Support
AES 256-bit Encryption (Class 0)TCG/Opal IEEE1667 (Encrypted drive)

I do not know if you have enabled it but if so you need to be aware of the special precautions that may be necessary before proceeding with Bitlocker

This may be of some help
Solved: 970 EVO+ BitLocker OS Drive - Not Working - Samsung Community - 1169847

AND this tutorial from this site
Guidance for configuring BitLocker to enforce software encryption

You will note that Windows 10 after 1809 is not listed but that MAY be because of the date of the tutorial
I suggest you check if necessary with https://www.tenforums.com/members/brink.html

He will I am sure know.

I would urge caution before you proceed, and would NOT proceed unless you have a full image made of course before you do so, just in case you do encounter problems - I do not think they are likely, but I have read reports of problems with these Self Encrypting drives.
I DO NOT think yours is unless it is so set.

As regards the actual question = although D is a partition on the drive I thought you could right click and on the context menu choose - Turn Bitlocker on.

I do not know if you have used Bitlocker before but may I urge you to ensure you have your Bitlocker Recovery key
Backup BitLocker Recovery Key in Windows 10

I have seen so many problems posted over the years with Bitlocker - from people who have not had the recovery key - backed up

Macboatmaster said:

I do not know if you have enabled it but if so you need to be aware of the special precautions that may be necessary before proceeding with Bitlocker

^^ This. Half the help forums on the internet would cease to exist if it wasn't for unsuspecting users who have dabbled with Bitlocker, and it's all ended in tears.


Before you do anything, make sure you have a backup of your data and created an image of your system.

I agree

I would urge caution before you proceed, and would NOT proceed unless you have a full image made of course before you do so, just in case you do encounter problems

Bitlocker will do a whole drive encryption on C, and see D as a separate drive, if I understand you correctly.

idgat said:

^^ This. Half the help forums on the internet would cease to exist if it wasn't for unsuspecting users who have dabbled with Bitlocker, and it's all ended in tears.

Before you do anything, make sure you have a backup of your data and created an image of your system.

@PODxt

The only "precaution" to worry about is making sure you save your BitLocker key. And before you get started on encrypting the drive BitLocker will ask where you want to save the key. By default, the key's placement choice will be your Microsoft Account, if using one. You also have other storage options other than the drive being encrypted.

The penalty for losing the key is wiping the drive and losing all its contents since you can't access it without a key (or password). And Microsoft won't help in the matter of lost BL Keys for security reasons.

Anyway, I use BitLocker all the time without issue. Not sure where the boogyman stories are coming from other than the FUD of those fearful of using it. I use it to encrypt the entire drive, though you can also just encrypt partitions. If you encrypt a partition or non-OS drive you'll be given the opportunity to create a Password. If you encrypt the OS drive, the only option is a key.

And while it's always a good idea to backup, the encryption is silent and non-destructive or performance hindering. I currently have two drives in my system encrypted including the OS drive and there is no performance hit.

Again, don't lose your BL key or you'll end up wiping the drive and losing the info.

Hope this clarifies.

PODxt said:

Thank you for your input. I am not a new bitlocker user and know I have to keep recovery keys.

There is a difference in security between partition encryption and full drive encryption (FDE).
Please read Is full disk encryption per disk or per partition? - Information Security Stack Exchange

I already used bitlocker successfully with FDE but this was on another computer while doing a clean install of Windows 10 and there was no partition. Just C. Easy.

Here I have C and D belonging to the same physical drive (the Samsung SSD). And no, I haven't enabled the Samsung encryption option nor the AMD one. I want to use bitlocker. With FDE, not with partition encryption.

So, is it possible to enable bitlocker with FDE on a partitioned drive or am I stuck with partition encryption?

I'm not particularly sure of your question. I will say the disks I've encrypted using BitLocker have been whole disks (non partitioned) - that would be my 512gig NVMe OS drive (C), and a 2TB backup drive (I). All the drives in my system are only SSD/NVMe drives.

So if by Full Drive Encryption you mean the entire physical disk is using BitLocker yes, that would be true of both my C and I drive. If you're asking will the whole disk (FDE) be encrypted if it is partitioned using BitLocker, I'm not sure, but will reason no as BitLocker sees each partition as an individual drive as shown in the image below.....



As you see each drive has it's own encryption option. Doe it encrypt the whole (FDE) drive internally, I can't tell without trying it and actually testing the entire drive. Something I not will to go through. The disk housing the OS (C-drive) is NOT partitioned, neither is I-drive. Only F & G are created partitions from a 2TB drive.

Hope that clarifies.