Factory Encrypted Drives

Applies To: Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2

You can install Windows® 8 and Windows Server® 2012 on factory-encrypted drives, also known as encrypted hard disk drives (eHDD). A factory-encrypted drive is a drive that is capable of full-disk encryption.

By default, when you install Windows® 8 and Windows Server® 2012 on a factory-encrypted drive, Windows automatically encrypts the drive by using Trusted Computing Group (TCG) and IEEE 1667 transport encryption standards.

Requirements

To install Windows® 8 and Windows Server® 2012 onto a factory-encrypted drive, use the following:

  1. Firmware: UEFI version 2.3.1 that has been configured to use the EFI storage security protocol.

  2. Hardware: a hard disk drive that is capable of using TCG and IEEE 1667 transport encryption standards.

Using other encryption standards

To use another encryption standard on your drive, you must first disable the automatic drive provisioning that Windows provides. To do this on a new installation, set the Microsoft-Windows-EnhancedStorage-Adm/TCGSecurityActivationDisabled Unattend setting to true. For more information, see the Windows® Unattended Setup Reference.

See Also

Other Resources

Hard Drives and Partitions