1,854 questions
Need Advice Enabling Bitlocker Hardware Encryption with Windows 10 Pro & Samsung 980 Pro
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 84%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
JDU
6
Reputation points
I've spent countless hours trying to enable hardware encryption when turning on Bitlocker on my Windows 10 Pro operating system drive: A Samsung 980 Pro. I've read everything I can find on the internet on this topic. I'm hoping someone here can help me get over the finishing line.
Here's where I'm at:
Intel NUC12 Extreme with fully updated BIOS and UEFI Secure Boot turned on. Intel support confirmed to me that the installed BIOS is UEFI 2.8 which supports EFI_STORAGE_SECURITY_COMMAND_PROTOCOL
BIOS has Intel PTT Opal 2.0 compliant firmware TCP
I did a fresh install of Windows 10 Pro from USB media created from Microsoft website a few days ago
My OS drive is a Samsung 980 Pro which supports eDrive / hardware encryption
I installed Samsung Magician and set my drive to "Encrypted Drive Ready To Enable".
Then I used GParted to wipe all partitions from the drive and after that did a fresh install of Windows 10 Pro.
At that point, MSINFO was showing Un-allowed DMA capable bus/device(s) detected on the Device Encryption Support row.
After much experimenting, I found that adding strings for PCI TO PCI BRIDGE and ISA BRIDGE to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DmaSecurity\AllowedBuses key fixed the "Un-allowed DMA capable bus/device(s) detected" error and the "Device Encryption Support" status in MSINFO is now "Meets Prerequisites".
Then I edited the Bitlocker Group Policy for Operating System Drives so that "Configure use of hardware-based encryption for operating system drives" is set to "Enabled" and "Use Bitlocker-software based encryption when hardware encryption is not available" is not enabled. The idea here being I don't want Bitlocker to silently turn on software encryption... I only want Bitlocker to turn on if it can use hardware encryption.
But... whenever I try to turn on Bitlocker for my OS drive (Samsung 980 Pro), it starts "verifying that your PC meets its system requirements" and then gives me the error message: "Bitlocker did not revert to using Bitlocker software encryption due to group policy configuration". Meaning it was unable to use the hardware encryption of the Samsung 980 Pro.
I'm hoping someone might be able to tell me what to try next. I've run out of ideas. MSINFO says my system "Meets Prerequisites" for Device Encryption Support, I have no DMA conflicts being reported, and I enabled encryption in Samsung Magician, so what gives?
Here are the results of BDE Status: Disk volumes that can be protected with BitLocker Drive Encryption:
Volume C: [] [OS Volume]
Size: 930.90 GB
BitLocker Version: None
Conversion Status: Fully Decrypted
Percentage Encrypted: 0.0%
Encryption Method: None
Protection Status: Protection Off
Lock Status: Unlocked
Identification Field: None
Key Protectors: None Found
Windows for business Windows Client for IT Pros Devices and deployment Other
Windows for business Windows Client for IT Pros Devices and deployment Configure application groups
Sign in to answer