I have updated to Dni7_0060 bios version with no luck booting to my Samsung 970 Pro NVMe M.2 ssd after performing the steps to enable eDrive. The drive just reverts to software encryption each time. Here are the steps I took:
At this point I can verify that hardware encryption is working via a "bde-manage -status" command.
So everything is fine until I reboot. After that the drive encrypts via software encryption only.
Does anyone have any suggestions?
I also got similar results with my NUC7i5DNHE running 0060 BIOS. My Samsung 970 PRO 512GB NVMe SSD underwent eDrive enabling via Samsung Magician while paired with my ASRock Z390 Phantom Gaming-ITX/AC motherboard, and got BitLocker HW encryption properly enabled with C: OS partition carrying Win10 1803 (RS4) as verified with the manage-bde utility. I then turned off the BitLocker encryption and moved the 970 PRO SSD to my NUC7i5DNHE, and tried to enable BitLocker encryption for C: there, and it basically didn't work. I got the "how much do you want to encrypt" prompt which is a giveaway that BitLocker is about to do software encryption.
Separately, I'm a bit surprised by how you managed to run Secure Erase on a 970 PRO SSD after it has been enabled for eDrive by Samsung Magician. I always run into an error that says Secure Erase is not supported, even after booting from the USB flash drive prepared by Magician. I thought the Secure Erase lockout is actually by design, not a bug, so I'm wondering whether the eDrive enabling for your 970 PRO SSD was actually completed. It should be easy to check within Samsung Magician.
Also, I have never encountered any scenario where the BitLocker encryption is initially confirmed as being in HW (via manage-bde -status command), but then changes to software encryption after a reboot. Can there be some mechanism at play that systematically replaces HW encryption with software encryption for BitLocker without user interaction? If so, this will easily cause more confusion as to why HW encryption does not stick on a given system.
I should have stated that the drive showed "Ready to enable" before performing the Secure Erase. After, it showed "Enabled." Does that make more sense?
Someone at the following link had a similar issue of being switched from hardware to software encryption, except with the 960 Pro NVMe drive:
What is your opinion on the matter?
I have already done the jumper method going back to BIOS ver 0053. See I had slow SSD speed, roughly half, of what it should be. So tried 0060 jumper method first, didn't work, no speed increase. Repeated it 4 times. No success. Finally went back to BIOS v0053 w/jumper method and speed problem fixed. Then went through all of the BIOS updates one, by one without jumper method.
Since discovering eDRIVE problem, tried the jumper method with BIOS v 0060 without success.
I will try again this weekend, but pretty sure what the outcome will be.
I just got my NUC7i5DNHE to support eDrive HW encryption with BitLocker for my Samsung 970 PRO 512GB NVMe PCIe M2. SSD. BIOS is 0060, so I can confirm Intel's claim that this BIOS has fixed eDrive support for NVMe SSDs.
Note: The Samsung NVMe SSD (960 PRO, 960 EVO, 970 PRO, 970 EVO, etc.) must have Encrypted Drive set to "Enabled" via Samsung Magician utility. The default Encrypted Drive state of "Ready to Enable" as shipped from Samsung factory will NOT support HW encryption with BitLocker.
Here's a procedure to get eDrive working with Samsung NVMe SSDs & Dawson Canyon NUCs:
Thank you for sharing the steps that worked for you. I will follow them this weekend.
One quick question. Did you do anything to the Samsung Secure Erase USB drive? Mine was not recognized, and would not boot, unless "Legacy" was enabled.
Scott, yes, the Samsung Secure Erase USB drive requires "Legacy" enabled and "Secure Boot" disabled for booting, then after the secure erase, "Legacy" needs to be disabled again for Win10 OS clean install into the Samsung NVMe SSD to support eDrive HW encryption properly. I also had to enable "Intel Platform Trust Technology" to get the TPM to show up in Windows to support BitLocker. The F9 default settings of the NUC are not conducive to supporting eDrive HW encryption, and some settings need to be changed manually, and Visual BIOS needs to be entered several times.
My procedure is thus revised as follows:
Your steps worked like a charm. Appreciate your help in solving this issue.
Now would like to dual boot Win10 Pro and Ubuntu with Hardware Encryption enabled. Any chance you have done that also? 😄