Solved

SSD and bitlocker hardware encryption

Posted on 2014-01-29
7
7,855 Views
Last Modified: 2014-02-04
I have a Samsung SSD 840 EVO with updated firmware which should work with Windows 8.1 to enable bitlocker to use hardware encryption. (Trying this on an HP8300)

I followed the instructions in the Samsung Software (Magician) which requires a secure erase, then loaded Windows 8.1 from a UEFI boot (this worked and I could confirm that Windows was booted from UEFI).

But when I went to install bit locker, it asked if I wanted to encrypt the entire drive, or part of it.  Per other sites, this is a sign that software encryption is going to happen.
And this link describes the process working with the Samsung SSD.
http://superuser.com/questions/700009/samsung-evo-840-ssd-and-bitlocker

This describes eDrives and Bitlocker using hardware encryption.
http://www.anandtech.com/show/6891/hardware-accelerated-bitlocker-encryption-microsoft-windows-8-edrive-investigated-with-crucial-m500

HP support does not know much about this.
Anyone have experience with this?  What standard do I ask HP if they have met?
0
Comment
Question by:dakota5
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 39819439
I don't understand what your question is? The drive either is or not encrypted with bitlocker.
0
 

Author Comment

by:dakota5
ID: 39819681
Bit locker can either use its own software encryption, or the built in hardware encryption of the drive.  That was explained in the two links I provided.
Hardware encryption is preferred-- much better performance (no software overhead).
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 500 total points
ID: 39820087
Sorry, hardware encryption will not be much better but slightly better. Please see some benchmarks. Are you sure that using hardware encryption, there will be only the option to encrypt that whole drive? I doubt that very much as many people don't even want that to happen and would like to have the option.

If I were you, I would encrypt c: and afterwards use the manage-bde.exe command line to see the status (if it's hard- or soft encrypted).
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Accepted Solution

by:
dakota5 earned 0 total points
ID: 39821555
Got this working, now.
The answer is that the Bios-based HP DriveLock must be disabled.
OS management of the TPM chip must be enabled.
I also entered a setup password so that I could enable the three sub-choices under OS management of the security device-- this eliminates the need for physical presence screens when Windows 8.1 wants to make a change.

Must have current (updated) firmware in the Samsung SSD, the updated version of Samsung's Magician software.
You prepare the SSD for OS encryption in Samsung Magician software (choice to the far right.  Not Class 0 security and not TCG Opal).

This choice creates a bootable CD that you use to wipe the Samsung SSD, which prepares it to load an SED aware OS like Windows 8.1
Load Windows 8.1
Go to Bit locker.  The choices are different (no choice of partial encryption).
Select encrypt drive.  Reboot and it is encrypted immediately.

Check/confirm that hardware encryption is enabled using the command
manage-bde -stats c:
This will confirm hardware encryption.

This links shows the screens you will see.
http://www.anandtech.com/show/6891/hardware-accelerated-bitlocker-encryption-microsoft-windows-8-edrive-investigated-with-crucial-m500

farther down in the above-- someone describes the process for samsung ssd
page 4, dec 24 2013

As for benchmarks, the Anandtech article shows BitLocker software encryption causing a 14% decrement in performance on PCMark7, and a 29% decrement on Peak Performance.

BitLocker hardware encryption (using the intrinsic encryption of the SSD) should have a negligible effect on performance (the Anandtech article shows it having a negligible effect on the Crucial brand SSD)
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39822482
Fine that you found it. No need to assign points to me as I haven't contributed much, yet.
The amount of performance loss due to not using the drive's own thing is debatable. Artificial benchmarks, as you found some, are only one part of the story. I doubt that you will feel a performance loss somewhere between 14 and 29%.

Anyway, what you should be aware of: self encrypting drives pose risks that other's don't. Read https://www1.informatik.uni-erlangen.de/filepool/projects/sed/seds-at-risks.pdf
0
 

Author Comment

by:dakota5
ID: 39822958
McKnife--
Interesting article.  Thanks for posting the link.
0
 

Author Closing Comment

by:dakota5
ID: 39831986
I accepted my own comment because I found the answer through my own trial and error research.  The other contributors did not provide the answers, though one did mention the command manage-bde (that I also found on my own) that allows a user to confirm that they have bit locker running using hardware encryption.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question