rdwolf
asked on
With new Win 8.1 UEFI laptop with eDrive (SED that meets eDrive) how to tell if BitLocker using the hard drive chip encryption or software
I have a new Win 8 designed laptop with UEFI that I put in a Crucial M500 480 GB SED (Self Encrypting Drive) that is Opal 2 spec and meets IEEE spec. to be an "eDrive" for Windows 8.
I installed Win 8 Pro on my new SSD SED (has encryption in hard drive chips that once turned on does all encryption at hardware level).
I then turned on BitLocker on C: and D: (each 225 approx. on the physical hard drive) and encrypted both. It took about 10 to 15 minutes to complete the BitLocker encryption process doing this.
What I need to know is: Did the BitLocker take control of the SSD SED Drive and is using the hardware encryption built in to the hard drive hardware or is BitLocker still being done in Software like in older hard drives that do not are not SED (eDrives).
I can not locate any status that tells me how BitLocker is doing the encryption. If it is being done in software (like old ways) than that is slower etc. and defeats the purpose of having an SED (eDrive) for the SSD.
I contacted Crucial tech support for their Crucial M500 480 GB drive and they said it sounded like it was using the hardware since it only took about 10 to 15 minutes to encrypt the C and D partitions but since I have a high end i7 with SSD it still may have not taken ownership of the drive and is just doing in software for the BitLocker encryption. They said they did not know how to tell if BitLocker was using hardware or just doing software.
I am sure there must be a way to tell from some system status.
Any help or ideas?? I need to know this.
Thanks,
I installed Win 8 Pro on my new SSD SED (has encryption in hard drive chips that once turned on does all encryption at hardware level).
I then turned on BitLocker on C: and D: (each 225 approx. on the physical hard drive) and encrypted both. It took about 10 to 15 minutes to complete the BitLocker encryption process doing this.
What I need to know is: Did the BitLocker take control of the SSD SED Drive and is using the hardware encryption built in to the hard drive hardware or is BitLocker still being done in Software like in older hard drives that do not are not SED (eDrives).
I can not locate any status that tells me how BitLocker is doing the encryption. If it is being done in software (like old ways) than that is slower etc. and defeats the purpose of having an SED (eDrive) for the SSD.
I contacted Crucial tech support for their Crucial M500 480 GB drive and they said it sounded like it was using the hardware since it only took about 10 to 15 minutes to encrypt the C and D partitions but since I have a high end i7 with SSD it still may have not taken ownership of the drive and is just doing in software for the BitLocker encryption. They said they did not know how to tell if BitLocker was using hardware or just doing software.
I am sure there must be a way to tell from some system status.
Any help or ideas?? I need to know this.
Thanks,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
McKnife, using the Manage-bde command I can clearly see my D: volume is using hardware encryption and C: using software. I changed the BitLocker Group Policy to up the encryption to 256 bit as shown.
I am not worried about the performance on my laptop with software I just want to fully understand how BitLocker works with SED (eDrives) for Win 8.1 for business reasons. Microsoft's doc. on such a config. I mentioned is pretty poor/lacking as I described. The vendor of the SED (Crucial) is also very poor at supporting this config. that even at Level 2 support there they basically can not provide very much info. at all. Pretty disappointed with Crucial support for their M500 SED (eDrive) line as they should now this stuff IMO. but that is okay I am figuring it all out.
I have used SEDs for a while and have used Absolute Secure Drive (ASD) under Win 7 and that works well but the ASD software does not yet support Win 8.1 or UEFI. ASD support says you must put the BIOS in old school non UEFI if I want to use.
I have also tested TrueCrypt (for non SED) fine but there is no support for TrueCrypt so for business clients I do not want to recommend as I would rather have some support org. behind the encryption.
I have also tested Check Point FDE under Win 8.1 and Win 7 for non SED computers with very good success.
I had obtained a SED for my new laptop and wanted to try and fully use the hardware encryption built in and fully understand as mentioned. BitLocker seems the only way to go right now if I want to run Win 8.1 and UEFI... The vendors of SED management are moving a bit slow for Win 8.1 and UEFI (Absolute Secure Drive and Win Magic, etc.) but should have solutions out within 2 to 4 months it seems. As mentioned, my investigation is to fully understand this for my business and my clients for this area.
Thanks for your input.
manage-bde-example-D-hardware-C-.png
I am not worried about the performance on my laptop with software I just want to fully understand how BitLocker works with SED (eDrives) for Win 8.1 for business reasons. Microsoft's doc. on such a config. I mentioned is pretty poor/lacking as I described. The vendor of the SED (Crucial) is also very poor at supporting this config. that even at Level 2 support there they basically can not provide very much info. at all. Pretty disappointed with Crucial support for their M500 SED (eDrive) line as they should now this stuff IMO. but that is okay I am figuring it all out.
I have used SEDs for a while and have used Absolute Secure Drive (ASD) under Win 7 and that works well but the ASD software does not yet support Win 8.1 or UEFI. ASD support says you must put the BIOS in old school non UEFI if I want to use.
I have also tested TrueCrypt (for non SED) fine but there is no support for TrueCrypt so for business clients I do not want to recommend as I would rather have some support org. behind the encryption.
I have also tested Check Point FDE under Win 8.1 and Win 7 for non SED computers with very good success.
I had obtained a SED for my new laptop and wanted to try and fully use the hardware encryption built in and fully understand as mentioned. BitLocker seems the only way to go right now if I want to run Win 8.1 and UEFI... The vendors of SED management are moving a bit slow for Win 8.1 and UEFI (Absolute Secure Drive and Win Magic, etc.) but should have solutions out within 2 to 4 months it seems. As mentioned, my investigation is to fully understand this for my business and my clients for this area.
Thanks for your input.
manage-bde-example-D-hardware-C-.png
ASKER
Thanks for the help
ASKER
I did more tests and found that no matter what I did with my laptop (no TPM) I could not get the BitLocker to use the Crucial M500 SED (eDrive) hardware encryption and only BitLocker Software encryption on my OS (C:) drive.
However, my Data partition (D: in my case) used hardware encryption when I enabled BitLocker on that volume.
After much investigation, I got an answer from a Microsoft Partner forum that you must have a TPM chip to be able to use the hardware encryption on the OS drive. I let them know they do not have enough/any doc. on this that I could find and given by 2015 almost all SSD drives will be SEDs they should have that doc.. They agreed...
Here is the command I used for status and various other options.
> manage-bde -status c:
I ran that command on my Win 8.1 Pro ASUS UEFI laptop with the Crucial M500 480 GB that had BitLocker turned on and got output for both C and D volumes (both on Crucial M500 480 GB) of:
for C:
Volume C: []
Size: 223.86 GB
BitLocker Ver 2.0
Coversion: Fully Encrypted
Percentge Encrypted: 100%
Encryption Method: AES 128
Protection Status: Protection On
Lock Status: Unlocked
Identification field: Unknown
Key Protections:
Password
External key
Numerical Password
From above, I am certain now the encryption is being done in software on my Crucal M500 480 GB since I know your drive does AES 256 etc and above is all BitLocker Software encryption I believe.