This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 50%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Hello,
I was redirected from Microsoft Community because they could not help me with the problem there:
https://answers.microsoft.com/en-us/windows/forum/all/bitlocker-hardware-encryption/5509e84e-af4a-497e-a14e-c6f75fe21963
I trying to enable hardware encrypted disks with bitlocker (one system disk, one partition). We have laptops (different models - Dell 6420, Lenovo T470, Lenovo T14 gen 1 and gen 2, Lenovo Carbon X1 gen 9) with Windows 10 Pro (21H2 witch all current updates). And different SED disks (WD SDBQNTY-256G, Samsung 850 PRO).
I changed the settings “Configure use of hardware-based encryption for fixed data drives” to Enabled in the GPO (in Fixed Data Drives nad Operating System Drivers).
TMP 2.0 is enabled
UEFI is enabled.
I tried with CSM enabled and disabled.
But it still software encrypted.
The only exception to each time the hardware encryption works properly is enabled "ENCRYPTED DRIVE" in Samsung Magican on the Samsung 850 PRO drive and execution Secure Erase and reinstalling Windows.
How I can do hardware encrypted without reinstalling Windows? Let's ignore the pros and cons of hardware encryption as I am fully aware of it.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 77%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
To get an understanding what it takes, please read: https://helgeklein.com/blog/how-to-enable-bitlocker-hardware-encryption-with-ssd/
No way without wiping.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 57.99999999999999%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECF%3C/text%3E%3C/svg%3E)
Hi,
Many sources say that if we do not do wipe, then encryption will be software. Based on my search that there is no way to enable hardware encryption without reinstalling windows.
As far as I know, For different manufacturers and hard drives, Hardware encryption will not be used unless the drive is prepared for it. We may need to use some software just like intel ssd toolbox tools.
It could even be, that you will need to reinstall windows, since with samsung's SSDs, you could not switch to hardware encryption unless you prepare the drive before you install windows.
If the reply is helpful, please Upvote and Accept as answer
Best Regards,
Carl
Hello there,
If your computer has a solid-state drive that says it can handle hardware encryption, BitLocker doesn't do anything at all. BitLocker just trusts the SSD to encrypt your files, abandoning all responsibility.
According to NCSC-NL, BitLocker as bundled with Microsoft Windows relies on hardware full-disk encryption by default if the drive indicates that it can support this.
To determine whether BitLocker is using hardware-based encryption or software-based encryption:
-Run "manage-bde.exe -status" in an administrator command prompt.
-If the "Encryption Method" starts with "Hardware Encryption", then BitLocker is using the self-encrypting disk's hardware-based encryption implementation.
-If the "Encryption Method" states something other than "Hardware Encryption", such as "AES-128" or "XTS AES-256", then BitLocker is using software-based encryption.
------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer--
It is a pity that it is impossible to do without reinstalling the system.
What's the difference between bios disk encryption and bitlocker hardware encryption? I thought it works on the same principle. Because in biose the disk can be encrypted at any time.
Bitlocker offers many, many options: how do you save the recovery password, what encryption type (usedspaceonly vs. full), will you require pre-boot-authentication or not...
DIsk encryption from the bios does not offer anything. Just setup a password, that's all.
But if that's enough for you, why not?
BL in software mode is not that much slower, though, you should test it out - you may decrypt anytime and then use the bios based encryption.
OK Thank You. The topic is probably already exhausted.