(This is not an attempt to discuss the necessity/reliability/security of Bitlocker. ) If i buy a new laptop with an M2 slot and no SATA connector, and have no other computer with an M2 slot available, how do i prepare it for hardware encryption? (If the SSD supports it.) In the past I've just hooked up the new SSD to another computer with Windows installed, but I'm curious if this is needed. I'm not talking about enabling Bitlocker, but the required step before that, like I did with my Samsung 850 Evo in Samsung Magician. Can I enable hardware encryption from, say, a USB drive? Like some kind of bootable software, or third party software via Command Prompt before installing Windows (Shift + F10). Not talking about Windows To Go. Also, does the enabling of hardware encryption (still) need brand specific software, or has it become standard somehow? Does all SSD's still need to be enabled for hardware encryption manually, or have they become enabled by default when sold new?
If you have a windows PE bootable ISO you could boot a portable windows, install samsung magician and enable hardware encryption (check win10xpe project on google). If you don't have it, it's easier to install windows twice. Enable hardware encryption still requires brand specific software. There are some reports that if you set an HDD password in BIOS, the encryption will be enabled but I haven't tested that. As far as I know, all costumer SSDs are sold with hardware encryption disabled by default so that you can read your data on any device without having to input any security key. As an alternative, you could just use software encryption. You will have better security (some ssd's have poor security implementations with known exploits) and ease of deployment (install windows and activate bitlocker) at a cost of minimal performance impact, but if you have a powerful cpu that should not be a problem.
The "HDD Password" feature seems to be mostly appearing on laptops. Pretty sure most desktop motherboards miss it, and that's what is basically having "Class 0" encryption in Magician is, I believe. Also, the HDD Password is a different feature than BIOS Admin Password.
That contradicts what I just did. After I have enabled encryption, but before I've turned on Bitlocker, I can still open files on the SSD if I connect it to a different computer.
as stated previously turn on your new computer, and install Windows on the M2 SSD i prefer to partition into smaller size... mine is 1TB and partitioned to 3 300 (est) size, 1= os 2= backup 3=data. and you can then turnon for the partition you want to protect very simple i use a sample of commands -status Spoiler PS C:\WINDOWS\system32> manage-bde -status BitLocker Drive Encryption: Configuration Tool version 10.0.18845 Copyright (C) 2013 Microsoft Corporation. All rights reserved. Disk volumes that can be protected with BitLocker Drive Encryption: Volume C: [Enterprise] [OS Volume] Size: 499.74 GB BitLocker Version: None Conversion Status: Fully Decrypted Percentage Encrypted: 0.0% Encryption Method: None Protection Status: Protection Off Lock Status: Unlocked Identification Field: None Key Protectors: None Found Volume E: [Work] [Data Volume] Size: 225.79 GB BitLocker Version: None Conversion Status: Fully Decrypted Percentage Encrypted: 0.0% Encryption Method: None Protection Status: Protection Off Lock Status: Unlocked Identification Field: None Automatic Unlock: Disabled Key Protectors: None Found Volume O: [] [Data Volume] Size: 205.28 GB BitLocker Version: None Conversion Status: Fully Decrypted Percentage Encrypted: 0.0% Encryption Method: None Protection Status: Protection Off Lock Status: Unlocked Identification Field: None Automatic Unlock: Disabled Key Protectors: None Found Volume D: [] [Data Volume] Size: 533.70 GB BitLocker Version: None Conversion Status: Fully Decrypted Percentage Encrypted: 0.0% Encryption Method: None Protection Status: Protection Off Lock Status: Unlocked Identification Field: None Automatic Unlock: Disabled Key Protectors: None Found Volume F: [Video] [Data Volume] Size: 309.03 GB BitLocker Version: None Conversion Status: Fully Decrypted Percentage Encrypted: 0.0% Encryption Method: None Protection Status: Protection Off Lock Status: Unlocked Identification Field: None Automatic Unlock: Disabled Key Protectors: None Found Volume I: [Scripts] [Data Volume] Size: 87.07 GB BitLocker Version: None Conversion Status: Fully Decrypted Percentage Encrypted: 0.0% Encryption Method: None Protection Status: Protection Off Lock Status: Unlocked Identification Field: None Automatic Unlock: Disabled Key Protectors: None Found Volume M: [USB_STRELEC] [Data Volume] Size: 14.42 GB BitLocker Version: None Conversion Status: Fully Decrypted Percentage Encrypted: 0.0% Encryption Method: None Protection Status: Protection Off Lock Status: Unlocked Identification Field: None Automatic Unlock: Disabled Key Protectors: None Found Volume N: [My Passport Gold] [Data Volume] Size: 1862.98 GB BitLocker Version: None Conversion Status: Fully Decrypted Percentage Encrypted: 0.0% Encryption Method: None Protection Status: Protection Off Lock Status: Unlocked Identification Field: None Automatic Unlock: Disabled Key Protectors: None Found Volume G: [ISO] [Data Volume] Size: 306.82 GB BitLocker Version: None Conversion Status: Fully Decrypted Percentage Encrypted: 0.0% Encryption Method: None Protection Status: Protection Off Lock Status: Unlocked Identification Field: None Automatic Unlock: Disabled Key Protectors: None Found Volume H: [Games] [Data Volume] Size: 315.67 GB BitLocker Version: None Conversion Status: Fully Decrypted Percentage Encrypted: 0.0% Encryption Method: None Protection Status: Protection Off Lock Status: Unlocked Identification Field: None Automatic Unlock: Disabled Key Protectors: None Found Volume L: [Programs] [Data Volume] Size: 289.23 GB BitLocker Version: None Conversion Status: Fully Decrypted Percentage Encrypted: 0.0% Encryption Method: None Protection Status: Protection Off Lock Status: Unlocked Identification Field: None Automatic Unlock: Disabled Key Protectors: None Found Volume J: [UUPs] [Data Volume] Size: 70.83 GB BitLocker Version: None Conversion Status: Fully Decrypted Percentage Encrypted: 0.0% Encryption Method: None Protection Status: Protection Off Lock Status: Unlocked Identification Field: None Automatic Unlock: Disabled Key Protectors: None Found PS C:\WINDOWS\system32> Spoiler manage-bde -status manage-bde -lock D: -fd = lock manage-bde -off D: = decrypt manage-bde -unlock D: -pw manage-bde -protectors [{-get|-add|-delete|-disable|-enable|-adbackup|-aadbackup}] <Drive> manage-bde -protectors -delete D: manage-bde -protectors -disable D: manage-bde -protectors manage-bde -protectors Disable-BitLocker -MountPoint "D:" Suspend-BitLocker -MountPoint "C:" -RebootCount 0 Suspend-BitLocker -MountPoint "D:" per volume Disable-BitLocker -MountPoint "C:" all volume PS C:\>$BLV = Get-BitLockerVolume PS C:\>Disable-BitLocker -MountPoint $BLV auto unlock PS C:\>Enable-BitLockerAutoUnlock -MountPoint "E:"
I think you also need to set a password without which enabling encryption is practically no different than no encryption.e.g.earlier wd my passport ultra portable hdd came with hardware encryption so it was enabled by default but as long as one does not set a password they can be used with any pc.