- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I'm trying to use BitLocker eDrive hardware encryption, but Intel RST 14.5.0.1081 is confilicting. I know this because when I uninstall RST, it works, but when it's installed it uses software encryption (BitLocker asks if I want to encrypt whole drive or only used portion)
This problem existed with an older version of RST on Windows 8.1 too and was fixed in version 13.2 (not entirely sure of exact version) but seems to be back.
Discussion about the issue earlier: https://forums.lenovo.com/t5/ThinkPad-T400-T500-and-newer-T/T440s-How-to-enable-the-Windows-eDrive-feature/td-p/1364811 T440s: How to enable the Windows eDrive feature? - Lenovo Community
Using Windows 10 x64 and Samsung 850 EVO SSD...
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Replicate same issue.
Complete clean installation of Windows on clean Samsung SSD 850 EVO M.2 500GB (MZ-N5E500BW)
Windows version: Windows 10 Pro, Ver. 1511, Build 10586.104
Hardware encryption works:
manage-bde -status G:
...
Encryption Method: Harware Encryption - 1.3.111.2.1619.0.1.2
...
after installation of
RST driver versions tested: 14.8.0.1042
complete failure
All disk tools freeze like Windows Disk Management, diskpart (can not even enter). Drive show 0 byte out of 0 byte and is not reachable (slow performance).
Reboot with recovery manager and cmd prompt it's possible to remove partition with diskpart.
Reboot back into OS trying to create a new volume/partition with bitlocker result only in software encryption.
Remove RST driver everything goes back to normal.
Harware Encryption works again.
Tried several times now it's consistent.
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Correct. 100% reproducible.
Why is Intel asking users to replicate this issue when it is so well known? No one is going to screw up his working system for you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
+1
-OS: Windows 10 Pro 64-bit, Version 1511, OS Build 10586.420
-CPU: Intel Core i5-5200U
-Motherboard Model: Lenovo ThinkPad T450s
-BIOS Version: 1.24
-Storage devices present (brand and model): Samsung SSD 850 EVO 500GB SATA III
-RAIDs? Which? None.
-RST driver versions tested: 14.6.1.1030 and 14.8.0.1042
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
*crickets*
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you all for your input on this matter.
We are currently handling this scenario, as soon as an update is available, it will be shared here.
My sincere apologies for the inconvenience caused by this.
Regards,
Esteban C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10 months and counting...
I see this thread as the # 2 Google search result when searching "windows 10 edrive" lol.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just another +1, after lots of experimenting, posts 20 and 21 are exactly right. I have just reproduced this with a clean install of Windows 10 Anniversary Update (1607) with everything at the latest update level:
-OS: Windows 10 Pro 64-bit, Version 1607, OS Build 14393.10
-CPU: Intel Core i7 4810MQ
-Motherboard Model: Lenovo ThinkPad W540
-BIOS Version: 2.27
-Storage devices present (brand and model): Samsung SSD 850 EVO 500GB EMT02B6Q
-RAIDs? Which? None.
-RST driver versions tested: 14.8.0.1042
For those of you trying to get this working with a clean install, you may need to do a PSID reset on the drive first, followed by a secure wipe from a DOS boot stick (make this in Samsung Magician). This should return eDrive to "Ready to enable" mode, and Windows 10 will enable it properly during installation. Make sure Secure Boot, UEFI boot mode, AHCI drive access and a wiped TPM are enabled in BIOS as well. If it worked properly, typing "manage-bde -status" into an elevated command prompt will show something like this:
Size: 465.21 GB
BitLocker Version: 2.0
Conversion Status: Fully Encrypted
Percentage Encrypted: 100.0%
Encryption Method: Hardware Encryption - 1.3.111.2.1619.0.1.2
Protection Status: Protection On
Lock Status: Unlocked
Identification Field: Unknown
Key Protectors:
TPM
Numerical Password
After this, installing the Intel RST driver immediately results in Windows no longer recognising the drive as encrypted, even though some system changes will request a recovery key before allowing boot, showing that the drive is in fact encrypted. The RST driver simply interferes with Windows recognising the eDrive, and Protection Status reads "No protection" or something like that. Luckily I was able to go back to a system restore point, since uninstalling RST didn't work.
Pretty clear problem, we've all reproduced it, when will it get fixed?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, Peers:
So I went ahead and tried to replicate this (Bitlocker not activated while RST is installed)
What I did:
1. Clean installation of Windows 10*
2. Installed WiFi and Chipset driver
3. Set Bitlocker up (completely with a password before windows)
4. Installed RST 14.08
5. Restarted the system and checked if Bitlocker was activated, if I pressed the ESC key it would boot to Windows 10*
The outcome:
I was requested with the password from Bitlocker every time I reset the computer.
Not able to reproduce the issue.
If you believe that I did not follow a specific step or a configuration used is different from your systems, please let me know, I am more than willing to attempt more steps in order to get this replicated if possible.
I added the RST report for you to verify the version of RST used in the system, as well as a screenshot of the device with Bitlocker activated.
The drive used has HW encryption AES 256 bit (Intel® SSD 535 Series) which is the drive I have access now that has this feature.
Windows 10* Pro (Build 10240)
Intel® NUC Kit NUC6i7KYK (not a 4th gen CPU but the RST version used is the same)
Please provide me with your feedback about my tests.
Regards,
Esteban C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Esteban, thanks for trying to replicate this issue. Maybe you could try with a newer build of Windows? I have seen on a possibly related thread https://social.technet.microsoft.com/Forums/en-US/5607cd34-725e-4f2b-b786-f5ee67b9aa9e/windows-10-1607-hardware-bitlocker-edrive-wake-from-sleep-issue here that issues with Bitlocker and hardware encryption may have only appeared in more recent builds. I have reproduced the issue under Windows 10 Pro 14393.51. I can see Bitlocker is working as expected for you, can you paste the output of "manage-bde.exe -status" as well?
Leon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
strophy:
Thank you for the answer, I am currently updating Windows 10*
Will keep you updated.
Regards,
Esteban C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, Peers:
Got TH update (10586) and was able to get the password prompt first thing after turning the device on.
Attempted to use recovery and then use "skip this drive" option to see if I was able to boot without entering the password (no luck replicating this).
I am currently getting Build 1607-Build 14393
Will keep you updated with my findings.
Any additional steps to replicate this would be awesome to have!
Regards,
Esteban C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Need to confirm you are actually using eDrive HW encryption and not SW encryption.
In a command prompt with admin elevation, run "manage-bde -status" and post the output.
1. Windows key + X
2. Command Prompt (Admin)
3. C:\WINDOWS\system32>manage-bde -status
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, moneytree:
My apologies, I forgot to include that in my last answer!
Regards,
Esteban C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You're not using eDrive (hardware encryption). You're using software encryption. Note the differences below from a machine properly using eDrive.
Please Google on how to properly use eDrive for your device or maybe ask an Intel engineer.
Platform requirements include (not an exhaustive list):
UEFI boot
Support for UEFI 2.3.1 (Class II no CSM/Class III) and have EFI_STORAGE_SECURITY_COMMAND_PROTOCOL defined
Windows must be installed on encrypted hard drive in an uninitialized, security inactive state
Drive must be attached to non-RAID controllers
---
BitLocker Drive Encryption: Configuration Tool version 10.0.14393
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: []
[OS Volume]
Size: 465.21 GB
BitLocker Version: 2.0
Conversion Status: Fully Encrypted
Percentage Encrypted: 100.0%
Encryption Method: Hardware Encryption - 1.3.111.2.1619.0.1.2
Protection Status: Protection On
Lock Status: Unlocked
Identification Field: Unknown
Key Protectors:
TPM
Numerical Password
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I gave up and made a video demonstration:
Part 1 is with the standard Microsoft Driver:
Part 2 is the same steps with the Rapid Storage driver:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, w123dal:
Thank you very much for the videos provided, they are indeed explicative.
I would like to get this scenario reviewed in order to further assist you.
Already gathered up the information provided by you and will be giving you an answer as soon as possible.
Regards,
Esteban C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Esteban,
the important part about getting a drive working in eDrive mode is that it must be uninitialised and in eDrive ready mode before you start. This usually means doing a secure erase, and possibly also a PFID reset. Both of these require special tools and a separate computer. You can't just install Windows over the top of whatever was on the drive before, or you will get software encryption and won't be able to reproduce the bug we are describing. I'm looking forward to the result of the review!
Great videos, w123dal!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for that information strophy, I will keep it handy for the tests to be performed.
Regards,
Esteban C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, strophyWe are currently investigating this matter, just wanted to inform you about this.
I will keep you informed
Thanks
Esteban C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Esteban, thanks for the update. You guys at Intel should probably reach out to Microsoft as well, there is some seriously weird stuff going on with Bitlocker recently so it might all be related. See here for the thread: https://social.technet.microsoft.com/Forums/en-US/5607cd34-725e-4f2b-b786-f5ee67b9aa9e/windows-10-1607-hardware-bitlocker-edrive-wake-from-sleep-issue Windows 10 1607 - Hardware BitLocker (eDrive) Wake from Sleep Issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, Peers:
Thank you all for the collaboration about this matter, I will recommending the MS contact to the department in charge.
Regards,
Esteban C
 
					
				
				
			
		
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page