Is it possible to enable Bitlocker hardware encryption (on a Samsung pro SSD) without having to re-install Windows 10 pro?
A similar question was asked here but was too vague and closed.
Asked
Active
Viewed 8,560 times
1 Answers
1
Its possible but there are some requirements you must first fulfill.
- Your motherboard must support your boot drive being hardware encrypted. This appears only to be a problem on laptop motherboards as far as I can tell and when the boot drive is NVME. So, the manufacturer must explicitly support self encrypted NVME boot drives, otherwise nothing you try will work, even formatting and re-installing windows will not work.
- The drive must be provisioned to make use of hardware encryption. You can provision your drive on another computer too. In the case of a Samsung drive, Samsung provides tools to enable "Encrypted Drive". After enabling this feature, their tool should report "Encrypted Drive - Enabled".
Steps
Note: Before you begin make sure your drive is completely decrypted (if you were using BitLocker).
- Clone your source drive to another drive as a backup.
- Verify that your backup works by booting up from it.
- Format and provision your source drive for hardware encryption.
- Clone your backup drive to your source drive and boot up Windows.
- Update your group policy to force Bitlocker hardware encryption only
- Enable Bitlocker on your source drive. If it succeeds and starts encrypting you are good. If it fails, its likely that the drive does not support hardware encryption or your motherboard is not setup for hardware encryption or does not support the configuration you are using.
Warnings
- You may very likely have to invest a lot of time getting this to work. So be prepared for that.
- You may need to do research on how to provision a drive on your computer and may need to make changes to your bios and or run special PowerShell scripts.
user986363
- 201