How to Enable SSD Hardware Encryption - Windows BitLocker
Рет қаралды 7,474
Күн бұрын
@KarolMurawski Жыл бұрын
For NVMe disks, you do NOT need to disable Block SID Support. Al least I didn't have to. From what I've read, Block SID Support is not supported in NVMe anyway. Besides that great tutorial - thanks.
@floriang.9616 Жыл бұрын
This tutorial helped me a lot, thank you very much. I was struggling with the Samsung 990 pro drama but after nearly 5 months of waiting it worked with the newest filmware.
@stefan_es 8 ай бұрын
Please tell me. If you follow these instructions, will there be no decrease in SSD performance?
@RogerCold009 5 ай бұрын
@@stefan_esno, performance is the same with hardware encryption, only windows software encryption is heavy
@flexxxxer 4 ай бұрын
@@stefan_es yes, around 1%. software encryption has impact around 4-6%, hardware encryption designed of possibility to speed up encryption via, you know, hardware :)
@Andrey.Alexandru 5 ай бұрын
i went to magician, set the drive to ready to enable, cleared the disk and reinstalled the system, came back to magician and still see the "ready to enable" status. i have tpm , UEFI boot, ssd 970 evo plus. Why do i still see ready to enable??
@flexxxxer 4 ай бұрын
you have installed a system on the disk on which you are trying to turn on hardware encryption? if the answer is not, then this is expected: you need to install a system on the disk on which you are going to turn on encryption, use bitlocker in the mode of hardware encryption is permissible only for the system disk. if the answer is yes, i recommend checking the hardware version of the disk equipment through samsung magician.
@Andrey.Alexandru 4 ай бұрын
@flexxxxer i resolved it by turning my both ssds to ready to enable, then secure erased them both from bios and reinitialized both disks. The system is also on an encrypted ssd. Now my system is hardware encrypted on both disks.
@Andrey.Alexandru 13 күн бұрын
how to do it on corsair mp 700 pro ?
@indemonic 5 ай бұрын
Excellent tutorial. Just a question, I understand that in the whole process you will have to perform TWO installations of Windows 11 Pro. What happens if you have an OEM license, will it work in both installations? Should it only be activated in the second (final) installation? Thank you a lot!
@flexxxxer 4 ай бұрын
the liensium key is sewn into the firmware and will be applied as many times as the system will be reinstalled. I have a sad experience installing Windows Pro while the bios was sewn OEM key for Windows Home because of which I could not put Pro - the version rolled back to the one whose key (Home) is sewn in the firmware :)
@incandescentwithrage 2 жыл бұрын
Thanks, helped me out today. Worked perfectly
@quantumkalifa7708 Жыл бұрын
Hi and thanks for this awesome tutorial. I have 1 question that i don't understand (maybe more in the future). If i have PTT (tpm 2.0) at min 5:26 why i have to check "allow bitlocker without a compatible tpm"?
@flexxxxer Жыл бұрын
you can uncheck if you want in case when you use tpm
@stefan_es 8 ай бұрын
Please tell me. If you follow these instructions, will there be no decrease in SSD performance? Otherwise, with regular encryption, the performance decrease is quite serious
@indemonic 5 ай бұрын
Actually, hardware encryption is better than software encryption in terms of speed.
@VicharB 11 ай бұрын
I kinda still find it hard to grasp the soup of TPM, SED, FDE & Bitlocker for Windows, i.e how do I do SED (Samsung 990 Pro) with hardware encryption (no loss of speed) and that of Bitlocker (enable/disable); my dream is to have hardware FDE (using SED feature&) on Linux; currently I have Elitebook with TPM 2.0 and OPAL option (which I didn't enable) in BIOS and I have just simply enabled DriveLock feature. Man its a mess/complicated!!!
@flexxxxer 4 ай бұрын
LUKS2 encryption in most heavy mode gives very nice speeds, maybe 10% loss but its FOSS software and encryption. i was surprised. literally i recommend to forget about FDE over TCG OPAL and use LUKS2 instead.
@BhaktaRobin 16 сағат бұрын
Samsung users: Make sure to create a secure erase usb drive before you do this video. activate hardware encryption in samsung magician, then boot from secure erase usb stick and do erase and only then follow this video. otherwise it will not work! I also encountered problem of not being able to create the secure erase usb on a standard user account running magician. strange error that device does not support it despite the hdd supporting the featture
@b.c.2177 2 жыл бұрын
Thank you, very nice instruction! I have ThinkPad P16s (new, one of the latest models) and Samsung 990 PRO 2 Tb. I followed your instruction but did not succeed to get hardware based encryption working. After turning in S. Magician Encrypted Drive to "Ready to enable", it keeps this status after clean Windows 11 installation, so it does not change to "Enabled". The system requirements are UEFI 2.3.1. On my laptop I see UEFI BIOS version: N3BET51W 1.29. How to know if it supports hardware based encryption? Windows does not allow to activate support for hardware encryption in Command Prompt? it returns an error and says that my device does not support hardware based encryption. BitLocker does just software based encryption.
@flexxxxer 2 жыл бұрын
us.community.samsung.com/t5/Monitors-and-Memory/990-Pro-Encrypted-Drive-hardware-BitLocker-not-working/m-p/2452974 this is a known issue. just wait for ssd firmware update month or two
@b.c.2177 2 жыл бұрын
@@flexxxxer Thank you! This gives me hope. I found also a program called Opal Lock (free), which offers OPAL hardware encryption. Do you know it? Unfortunately, at the moment I can not use it, because there is a bag on second step of setting up. I contacted the support and they are working on fixing the issue. I admit that the reason for the inability to complete the setup in this program may be the same that does not allow you to configure encryption with BitLocker
@a7md0_ Жыл бұрын
Same issue with 990 Pro, Samsung Support simply ignored me
@ShogaTatsuki 7 ай бұрын
I tried this with both of my Samsung 970 EVO Plus and 870 EVO. When running the first command, it says hardware encryption isn't supported even tho I turned it on via Samsung Magician already.
@flexxxxer 4 ай бұрын
you need to watch tutorial first and go over all steps without skipping. you need to install windows on ssd where you wanna to enable hardware encryption AFTER enabling switch on that drive inside samsung magician. please, watch tutorial more closely :)
@San37815 Жыл бұрын
Can you add letters and symbols in edition to numbers with enhanced pin?
@flexxxxer Жыл бұрын
yes, you can, policy name which allows to use not only digits for pin is "Allow enhanced PINs for startup" (you can find it in group policy editor)
@jeverett0902 2 жыл бұрын
What does the undecrypted partition table look like after set up? Does it take up the entire drive, or still show regular partitions like normal software encryption bitlocker? Is the password set to get into the hardware encrypted drive, and would that password work if used in a different machine, or is the password just a pin to get into the tpm which has the real hardware decryption key?
@flexxxxer 2 жыл бұрын
1 - kzbin.info/www/bejne/mniag4Sdd7BjkNE here about how disk partitions look after enabling SED encryption. in short, the userdata section is unreadable and not copyable and unmountable, while the efi sections and other service sections (pre-boot software and etc) that do not store user data are available 2 - didn't quite understand your question 3 - kzbin.info/www/bejne/mniag4Sdd7BjkNE here about the details of implementing SED encryption through the TCG Opal standard. in short, yes, tpm module can be called a module that plays the role of a pre-boot authenticator mechanism. that is, if you encrypted the drive via bitlocker/manage-bde (hardware or software encryption is not important) and added the TPM+PIN mechanism to protection, then when transferring the encrypted drive to another computer/laptop with a different TPM module, go through the authentication process using a PIN will not work (PIN from neither the old TPM nor the new TPM will work) - and this is reproducible in practice (you can try it yourself - I tried it and it works like that)
@camillo7800 2 жыл бұрын
Hello, I am having trouble running hardware encryption on several laptops. But I don't want to format the disks. Is there any way to force hardware encryption without clean disk and reinstalling the operating system?
@flexxxxer 2 жыл бұрын
no way to do this without clean system installation.
@bobtree4583 Жыл бұрын
Damn why is this so complicated. It’s like they don’t want us to use the features they built in and we paid for
@flexxxxer Жыл бұрын
many things in our lives are not easy, this is the reality. and it's not that someone specifically wants you not to use the functionality for which you paid ... but in general you have not yet seen how LUKS is configured under linux :D
@indemonic 5 ай бұрын
Complicated? 😂It is a ~7min tutorial. There are process that requires tutorials of more than 30 min with dozens of steps (many of them using the CMD terminal).
@jonasdeejee890 Жыл бұрын
did you notice any performance loss after enabling hardware encryption?
@flexxxxer Жыл бұрын
yes, around 1%. software encryption has impact around 4-6%, hardware encryption designed of possibility to speed up encryption via, you know, hardware :)
@jonasdeejee890 Жыл бұрын
@@flexxxxer that difference makes hardware encryption really worth it, though I hate having to reinstall Windows. Good your tutorial exists, I find no documentation on how to enable it on the Samsung website
@alexnilev7779 Жыл бұрын
Hi. How can i enable this protection without TPM(i have TPM) only with Password(PIN) ? For i can easy move drive to other computer and use only password
@flexxxxer Жыл бұрын
yes ofc
@flexxxxer Жыл бұрын
see documentation from Microsoft: learn.microsoft.com/en-us/windows-server/administration/windows-commands/manage-bde-protectors
The Provoked Prawn
Рет қаралды 1,2 МЛН
Daniel LaBelle
Рет қаралды 136 МЛН