How to enable hardware encryption on Samsung SSD 850 EVO w/o UEFI?

  1.    28 Jan 2017 #1

    How to enable hardware encryption on Samsung SSD 850 EVO w/o UEFI?


    I have an older Dell Inspiron 1750 laptop. I replaced its original spinning HDD with a brand new Samsung SSD 850 EVO drive, that was advertised as supporting hardware encryption. So now I'm trying to enable it.

    Here's what I did:

    1. Installed Windows 10 Pro from OEM disk, no crapware, just Microsoft stuff.

    2. Installed Samsung Magician software from the disc that came with the SSD drive.

    3. (Tried to) enable encryption. (The UI is kinda weird to understand.) I set it to "Encrypted Drive" which for some reason says "ready to enable":



    4. I then ran the BitLocker on drive C:. This laptop doesn't have TPM chip and I had to use a USB stick to unlock it. It took several reboots, but now the drive shows as encrypted:



    5. But now the question is -- does it use hardware or software encryption?

    The Windows Explorer UI doesn't seem to tell me that. So I ran the manage-bde -status c: command and got this:



    Which kinda looks like the hardware encryption is NOT enabled.

    So what am I missing here?

    PS. I keep finding some scarce references online that for the hardware encryption to work, it requires a UEFI (instead of BIOS) which this laptop does not have. It just has an older BIOS. But can I still use hardware encryption without UEFI?

    EDIT: After a suggestion I tried to disable BitLocker and then ran the following command:

    manage-bde -on c: -fet Hardware -startupkey d:

    and got this result:

    Code:
    C:\Windows\system32>manage-bde -on c: -fet Hardware -startupkey d:
    BitLocker Drive Encryption: Configuration Tool version 10.0.14393
    Copyright (C) 2013 Microsoft Corporation. All rights reserved.

    Volume C: [Windows]
    [OS Volume]
    ERROR: An error occurred (code 0x803100b2):
    The drive specified does not support hardware-based encryption.

    NOTE: If the -on switch has failed to add key protectors or start encryption,
    you may need to call "manage-bde -off" before attempting -on again.
      My ComputerSystem Spec

  2. Caledon Ken's Avatar
    Posts : 11,136
    Windows 10 Pro x64 Build 1803
       29 Jan 2017 #2

    According to this article to use E-Drive, which after reading equates to Encrypted drive, you must be UEFI based. Read what should I watch out for when using e-Drive.

    The article within reason explains their different options.

    Access Denied
      My ComputerSystem Spec

  3.    29 Jan 2017 #3

    Thanks. And yes, I guess I'm stuck with the software-based encryption since the BIOS I have does not support UEFI and Windows 10 BitLocker won't use hardware based encryption because of that, even if the SSD supports it. I just wish they had it documented better -- both in Samsung manual and in their sales page (Amazon) before you buy it.

    But you know, after watching this presentation, I'm kinda thinking that maybe software based encryption is somewhat safer:
    Bypassing of Self-Encrypting Drives – Techniques for Hackers and Forensic Investigators - YouTube
      My ComputerSystem Spec

  4. Caledon Ken's Avatar
    Posts : 11,136
    Windows 10 Pro x64 Build 1803
       30 Jan 2017 #4

    I'm a big believer in encryption but with that said I also know the risks. Had two people on these forums in the last two weeks that had lost access to their data.

    I encrypted data when I take it out of my house and for files on my computer I ensure I have an unencrypted copy safely tucked away.

    It's really important to keep copies of keys outside encryption so you can access. It also important to test your ability to decrypt your data on a alternate machine should your machine meet an untimely demise, like fried motherboard.
      My ComputerSystem Spec

  5.    30 Jan 2017 #5

    Yes, all you need to save (with BitLocker) is Identifier and Recovery Key. The former is used to ID the drive if you have several, and the latter is a form of your private key for decryption. Both can be easily tucked away into your favorite password manager. I personally use LastPass.

    Also make sure to watch the video I linked to above. It proves that even a full disk encryption can be bypassed in some cases. Pretty unnerving stuff though.
      My ComputerSystem Spec

  6. Caledon Ken's Avatar
    Posts : 11,136
    Windows 10 Pro x64 Build 1803
       30 Jan 2017 #6

    I use password safe and as I don't use cloud I keep a copy outside my encrypted data when its offsite.
      My ComputerSystem Spec


 

Related Threads
It seems that I can't enable Over Provisioning on my Samsung 500GB EVO. I got W10 x64 along with Ubuntu installed. I shrinked 50GB (10%of the SSD) from the partition and I still can't get this thing enabled. 111963 111964
UEFI firmware settings SAMSUNG in Drivers and Hardware
Hello all, My system specs are the following: Windows 10 Enterprise 64-bit UEFI Bios Phoenix BIOS version and drivers are updated, also confirmed by Slimdrivers. Samsung Series 5 ULTRA 530U4C-S02PT Also: It is an hybrid drive, 1TB HDD & 24GB SSD...
Getting h/w encryption on my laptop has been a bit of a nightmare, but I thought I had it working.... Here is what I did: Installed M.2 Samsung 850 evo drive Installed samsung magician, and set Encryption to Ready to Enable. Removed existing...
I built a computer back in 2009 with an Intel DP55KG motherboard running Windows 7. So, I am getting ready for a fresh Windows 10 install and I noticed that back in 2009 I never enabled the UEFI boot mode. Would it be recommended to enable it this...
Hey, I'm having an issue with enabling hardware encryption with Bitlocker using Windows 10 build 10586 on a clean install with a Samsung 850 SSD. The encryption worked flawlessly before. I've spent hours and attempted multiple solutions and...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 17:20.
Find Us