Help on how to crypt sata or nvme disk

Discussion in 'Windows 10' started by burnix, Apr 19, 2019.

  1. burnix

    burnix MDL Novice

    Jan 4, 2011
    46
    2
    0
    Hello community.

    I need some help, before i'm coming crazy.

    Can someone have a to do list to make that i can have the option "cypher my device" (sorry it's a french to english traduction) appearing in "parameters" on win10

    Basically, i need to know how to use win10 integrated cryting function to encrypt a new disk on new laptop.

    The computer was tpm 2.0, the disk was tgc-opal compliant.

    A big thanks to people that can help me.
     
  2. stayboogy

    stayboogy MDL Addicted

    May 1, 2011
    758
    130
    30
    what exactly do you want to encrypt? just the windows partition? the whole hard drive? fresh windows set up or already preconfigured?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    3,339
    659
    120
    sounds like he wants to encrypt hes entire HD
     
  4. TigTex

    TigTex MDL Member

    Oct 5, 2009
    172
    144
    10
    You are searching for Windows bitlocker. It's available on windows 10 pro on any device and windows 10 home if tpm and secure boot are enabled and the system supports hardware level encryption,
    Use "manage-bde" or control panel to manage bitlocker.
     
  5. kaljukass

    kaljukass MDL Expert

    Nov 26, 2012
    1,423
    492
    60
    Im wonder about your answers and suggestions!
    You may not have noticed that there was written:
    "The computer was tpm 2.0, the disk was tgc-opal compliant."
    Therefore, probably he is talking about the TCG Opal stands.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. TigTex

    TigTex MDL Member

    Oct 5, 2009
    172
    144
    10
    If the ssd has hardware level encryption enabled, bitlocker will use it for minimal impact on system performance. Some ssds require that you use a tool (ex. samsung magician) to enable the security feature and only then you can enable bitlocker.
    1. enable ssd hardware encryption feature with the tools provided by your ssd manufacturer. some ssd's will wipe itfself when you do this
    2. install windows (if needed)
    3. enable bitlocker. search for "bitlocker" on windows PRO, ultimate or enterprise editions (vista/7/8/10). save the recovery key!
    There are some known security vulnerabilities on some hardware encrypted ssds. For those cases, software encryption might be a better option
     
  7. pcnavarra

    pcnavarra MDL Senior Member

    Nov 13, 2017
    254
    64
    10
    You must buy the OEM SSD or nvme from the manufacturer eg HP, Dell, Acer, etc... a retail SSD drive won't work.
     
  8. burnix

    burnix MDL Novice

    Jan 4, 2011
    46
    2
    0
    I'm going to try this.

    But i have (at work) surface tablet that just purpose encript drive as an option of windows, without use bitlocker, so it's near like "macnavarra" said "use drive provided by manufacturer".

    Stupidly i have supposed that if i have computer tmp 2.0 and SSD TCG OPAL i can use/have the native functionnality on win10 Pro, and dont use bitlocker.

    thanks for your reply, i'm going to search information, but it's difficult to find precise answers.

    Last thing : can you confirm me that bitlocket use hardware encryption of SSD (tgc opal or aes 256).
     
  9. sebus

    sebus MDL Guru

    Jul 23, 2008
    6,048
    1,857
    210
    There is no automatic encryption on any version of Windows.
    That would be pure madness. One ALWAYS needs a recovery key.

    And automatically there is NO WAY to provide such key to user!

    Ofcourse Bitlocker can be USER initiated (unless you are running in Enterprise environment with MBAM, where it is really automatic)

    Seems like some of you heard the term, but not idea what it means...