dakota5
asked on
SSD and bitlocker hardware encryption
I have a Samsung SSD 840 EVO with updated firmware which should work with Windows 8.1 to enable bitlocker to use hardware encryption. (Trying this on an HP8300)
I followed the instructions in the Samsung Software (Magician) which requires a secure erase, then loaded Windows 8.1 from a UEFI boot (this worked and I could confirm that Windows was booted from UEFI).
But when I went to install bit locker, it asked if I wanted to encrypt the entire drive, or part of it. Per other sites, this is a sign that software encryption is going to happen.
And this link describes the process working with the Samsung SSD.
http://superuser.com/questions/700009/samsung-evo-840-ssd-and-bitlocker
This describes eDrives and Bitlocker using hardware encryption.
http://www.anandtech.com/show/6891/hardware-accelerated-bitlocker-encryption-microsoft-windows-8-edrive-investigated-with-crucial-m500
HP support does not know much about this.
Anyone have experience with this? What standard do I ask HP if they have met?
I followed the instructions in the Samsung Software (Magician) which requires a secure erase, then loaded Windows 8.1 from a UEFI boot (this worked and I could confirm that Windows was booted from UEFI).
But when I went to install bit locker, it asked if I wanted to encrypt the entire drive, or part of it. Per other sites, this is a sign that software encryption is going to happen.
And this link describes the process working with the Samsung SSD.
http://superuser.com/questions/700009/samsung-evo-840-ssd-and-bitlocker
This describes eDrives and Bitlocker using hardware encryption.
http://www.anandtech.com/show/6891/hardware-accelerated-bitlocker-encryption-microsoft-windows-8-edrive-investigated-with-crucial-m500
HP support does not know much about this.
Anyone have experience with this? What standard do I ask HP if they have met?
I don't understand what your question is? The drive either is or not encrypted with bitlocker.
ASKER
Bit locker can either use its own software encryption, or the built in hardware encryption of the drive. That was explained in the two links I provided.
Hardware encryption is preferred-- much better performance (no software overhead).
Hardware encryption is preferred-- much better performance (no software overhead).
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Fine that you found it. No need to assign points to me as I haven't contributed much, yet.
The amount of performance loss due to not using the drive's own thing is debatable. Artificial benchmarks, as you found some, are only one part of the story. I doubt that you will feel a performance loss somewhere between 14 and 29%.
Anyway, what you should be aware of: self encrypting drives pose risks that other's don't. Read https://www1.informatik.uni-erlangen.de/filepool/projects/sed/seds-at-risks.pdf
The amount of performance loss due to not using the drive's own thing is debatable. Artificial benchmarks, as you found some, are only one part of the story. I doubt that you will feel a performance loss somewhere between 14 and 29%.
Anyway, what you should be aware of: self encrypting drives pose risks that other's don't. Read https://www1.informatik.uni-erlangen.de/filepool/projects/sed/seds-at-risks.pdf
ASKER
McKnife--
Interesting article. Thanks for posting the link.
Interesting article. Thanks for posting the link.
ASKER
I accepted my own comment because I found the answer through my own trial and error research. The other contributors did not provide the answers, though one did mention the command manage-bde (that I also found on my own) that allows a user to confirm that they have bit locker running using hardware encryption.