1.    28 Jan 2017 #1
    Join Date : Aug 2016
    Posts : 62
    Xp, Vista, 7, 8.1, 10

    How to enable hardware encryption on Samsung SSD 850 EVO w/o UEFI?


    I have an older Dell Inspiron 1750 laptop. I replaced its original spinning HDD with a brand new Samsung SSD 850 EVO drive, that was advertised as supporting hardware encryption. So now I'm trying to enable it.

    Here's what I did:

    1. Installed Windows 10 Pro from OEM disk, no crapware, just Microsoft stuff.

    2. Installed Samsung Magician software from the disc that came with the SSD drive.

    3. (Tried to) enable encryption. (The UI is kinda weird to understand.) I set it to "Encrypted Drive" which for some reason says "ready to enable":



    4. I then ran the BitLocker on drive C:. This laptop doesn't have TPM chip and I had to use a USB stick to unlock it. It took several reboots, but now the drive shows as encrypted:



    5. But now the question is -- does it use hardware or software encryption?

    The Windows Explorer UI doesn't seem to tell me that. So I ran the manage-bde -status c: command and got this:



    Which kinda looks like the hardware encryption is NOT enabled.

    So what am I missing here?

    PS. I keep finding some scarce references online that for the hardware encryption to work, it requires a UEFI (instead of BIOS) which this laptop does not have. It just has an older BIOS. But can I still use hardware encryption without UEFI?

    EDIT: After a suggestion I tried to disable BitLocker and then ran the following command:

    manage-bde -on c: -fet Hardware -startupkey d:

    and got this result:

    Code:
    C:\Windows\system32>manage-bde -on c: -fet Hardware -startupkey d:
    BitLocker Drive Encryption: Configuration Tool version 10.0.14393
    Copyright (C) 2013 Microsoft Corporation. All rights reserved.

    Volume C: [Windows]
    [OS Volume]
    ERROR: An error occurred (code 0x803100b2):
    The drive specified does not support hardware-based encryption.

    NOTE: If the -on switch has failed to add key protectors or start encryption,
    you may need to call "manage-bde -off" before attempting -on again.
      My ComputerSystem Spec
  2.    29 Jan 2017 #2
    Join Date : Oct 2016
    Caledon, Ontario, Canada
    Posts : 4,035
    Windows 10 Pro Build 1703

    According to this article to use E-Drive, which after reading equates to Encrypted drive, you must be UEFI based. Read what should I watch out for when using e-Drive.

    The article within reason explains their different options.

    Access Denied
      My ComputerSystem Spec
  3.    29 Jan 2017 #3
    Join Date : Aug 2016
    Posts : 62
    Xp, Vista, 7, 8.1, 10
    Thread Starter

    Thanks. And yes, I guess I'm stuck with the software-based encryption since the BIOS I have does not support UEFI and Windows 10 BitLocker won't use hardware based encryption because of that, even if the SSD supports it. I just wish they had it documented better -- both in Samsung manual and in their sales page (Amazon) before you buy it.

    But you know, after watching this presentation, I'm kinda thinking that maybe software based encryption is somewhat safer:
    Bypassing of Self-Encrypting Drives – Techniques for Hackers and Forensic Investigators - YouTube
      My ComputerSystem Spec
  4.    30 Jan 2017 #4
    Join Date : Oct 2016
    Caledon, Ontario, Canada
    Posts : 4,035
    Windows 10 Pro Build 1703

    I'm a big believer in encryption but with that said I also know the risks. Had two people on these forums in the last two weeks that had lost access to their data.

    I encrypted data when I take it out of my house and for files on my computer I ensure I have an unencrypted copy safely tucked away.

    It's really important to keep copies of keys outside encryption so you can access. It also important to test your ability to decrypt your data on a alternate machine should your machine meet an untimely demise, like fried motherboard.
      My ComputerSystem Spec
  5.    30 Jan 2017 #5
    Join Date : Aug 2016
    Posts : 62
    Xp, Vista, 7, 8.1, 10
    Thread Starter

    Yes, all you need to save (with BitLocker) is Identifier and Recovery Key. The former is used to ID the drive if you have several, and the latter is a form of your private key for decryption. Both can be easily tucked away into your favorite password manager. I personally use LastPass.

    Also make sure to watch the video I linked to above. It proves that even a full disk encryption can be bypassed in some cases. Pretty unnerving stuff though.
      My ComputerSystem Spec
  6.    30 Jan 2017 #6
    Join Date : Oct 2016
    Caledon, Ontario, Canada
    Posts : 4,035
    Windows 10 Pro Build 1703

    I use password safe and as I don't use cloud I keep a copy outside my encrypted data when its offsite.
      My ComputerSystem Spec

 


Similar Threads
Thread Forum
Can't enable Over Provisioning on Samsung SSD
It seems that I can't enable Over Provisioning on my Samsung 500GB EVO. I got W10 x64 along with Ubuntu installed. I shrinked 50GB (10%of the SSD) from the partition and I still can't get this thing enabled. 111963 111964
Drivers and Hardware
UEFI firmware settings SAMSUNG
Hello all, My system specs are the following: Windows 10 Enterprise 64-bit UEFI Bios Phoenix BIOS version and drivers are updated, also confirmed by Slimdrivers. Samsung Series 5 ULTRA 530U4C-S02PT Also: It is an hybrid drive, 1TB HDD & 24GB SSD...
Drivers and Hardware
Bitlocker turned itself off, Samsung Magician Says Encryption enabled
Getting h/w encryption on my laptop has been a bit of a nightmare, but I thought I had it working.... Here is what I did: Installed M.2 Samsung 850 evo drive Installed samsung magician, and set Encryption to Ready to Enable. Removed existing...
AntiVirus, Firewalls and System Security
Solved Should I enable UEFI Boot in BIOS before Win 10 install?
I built a computer back in 2009 with an Intel DP55KG motherboard running Windows 7. So, I am getting ready for a fresh Windows 10 install and I noticed that back in 2009 I never enabled the UEFI boot mode. Would it be recommended to enable it this...
Installation and Upgrade
Bitlocker hardware encryption cannot be activated on Win10 10586/1511
Hey, I'm having an issue with enabling hardware encryption with Bitlocker using Windows 10 build 10586 on a clean install with a Samsung 850 SSD. The encryption worked flawlessly before. I've spent hours and attempted multiple solutions and...
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 14:36.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums