Hello! I'd like to encrypt my laptop drive, but due to performance concerns, only if I can do so by using hardware disk encryption. Windows 10 BitLocker doesn't clarify the mode of operation before set up. I have the following: Windows 10 Pro A TPM 2.0 module UEFI boot (I believe - it's a mid-high end laptop from late 2016) No explicit mentions to disk encryption in the BIOS A SanDisk X300 (OEM) drive with (reportedly) Self-Drive-Encryption (but perhaps it isn't an Encrytped Hard Drive). How can I ensure that I incur in no important performance penalties by enabling encryption? I've looked but I can't find instructions that are clear enough to me on how to do it. Thanks!
wow, very nice! thanks! is that switch documented somewhere? it doesn't say how it fails when it does.
My previous experience with hardware encryption was pretty negative, though I admit it was some time ago. In my deployments (I am the imaging person at work) I just use software encryption. The link I gave is one of MS's various pages on bitlocker.
Only the X300s support the IEEE 1667 protocol which allows BitLocker to use Get Silo Capabilities to pass limited security protocols that conform to a very limited amount of native TCG Opal 2 security-subsystem commands. Pure Opal 2 security-subsystem control grants hundreds of security features, but using the IEEE 1667 protocol with the Get Silo Capabilities, BitLocker is able to pass those commands allowing for Security Protocol Discovery, Programmatic TPer reset, SID Authority and UID.LockingSP. For a free option that works for all Opal 2.0 drives, you can use something like SedUtil. Though its PBA (pre-boot authorization) is very simplistic (then again, so is BitLocker's), it works flawlessly. Or connect to my network server and I'll deploy the godly WinMagic to your device for complete key management But yeah, sorry, X300 is not eDrive compatible.