Community
cancel
Showing results for 
Search instead for 
Did you mean: 
MBerm
Beginner
3,179 Views

BitLocker hardware encryption in Windows 8

Jump to solution

Does the Intel 520 Series SSD work with BitLocker to use the drive's intrinsic hardware encryption, instead of BitLocker's software encryption. We are testing a number of SSDs with Windows 8.1.

Some drives do this-- the encryption/decryption is immediate and offloads the encryption process from the CPU. I've gotten the Samsung 840 EVO line to do this, but not the Intel 520 Series.

Is BitLocker hardware encryption not supported by the Intel 520 Series drives? If not, which series Intel SSDs do support BitLocker hardware encryption?

Thank you.

Tags (1)
0 Kudos
1 Solution
Jose_H_Intel1
Employee
226 Views

We do not currently have drives that support Microsoft* eDrive. Select future models will have support.

I am sorry for the inconvenience.

View solution in original post

13 Replies
Jose_H_Intel1
Employee
226 Views

Thanks for posting your question.

Intel® SSDs use a built-in hardware encryption which is independent from Bitlocker*. As far as I can see, http://windows.microsoft.com/en-us/windows-vista/hardware-requirements-for-bitlocker-drive-encryptio... Bitlocker's requirements just involve having 2 partitions and NTFS in the drive, besides TPM on the board.

I will update this thread if I find more information about this.

MBerm
Beginner
226 Views

Joe-- Is your answer an official reply from Intel? Are you an Intel employee?

I think there is more to it than whether the SSD performs hardware encryption. The Samsung 840 line had a recent firmware upgrade that allowed the hardware encryption to be controlled by BitLocker. Prior to this upgrade, the Samsung SSDs were not compatible with BitLocker hardware encryption.

The SSD needs to pass the encryption key back and forth from the TPM chip for BitLocker to use intrinsic hardware encryption instead of BitLocker's usual software encryption.

Jose_H_Intel1
Employee
226 Views

I am from Intel and we are researching this. Just to be clear, when you say Bitlocker Hardware Encryption, are you referring to Microsoft* eDrive?

MBerm
Beginner
226 Views

Hi-

Yes, I am.

It's pretty convenient because encryption/decryption is so fast (immediate).

If you open a command line in windows\system32 and type

manage-bde -status c:

it returns a description of the encryption status which includes a line

Encryption Method: Hardware Encryption - 1.3.111.2.1619.0.1.2

confirming that hardware encryption is being used.

Jose_H_Intel1
Employee
226 Views

Thank you. We are checking with engineering regarding Microsoft* eDrive support.

KDick1
Beginner
226 Views

Hi,

additional question:

To run eDrives with Microsoft BITLocker you need UEFI-Firmware 2.3.1 with support of "EFI_STORAGE-SECURITY_COMMANFD_PROTOCOL".

Do the Mainboards DZ87KTL-75K and DH87MC support this?

MBerm
Beginner
226 Views

Klaus-- I'm a corporate IT person, in a department that is outfitted with HP Compaq Elite 8300 small form factor computers. These computers were delivered a few months ago, and have the firmware that was shipped (HP has no firmware updates listed).

We installed Windows 8.1 enterprise 64 bit (UEFI boot) on Samsung 840 EVO SSDs (having updated the firmware in the SSD) and eDrive hardware encryption worked. Same process and hardware encryption did not work on the Intel SSD.

I'd be happy to get you more information, but I don't know how to answer your question about the Intel Mainboards.

KDick1
Beginner
226 Views

Tom2,

thank you for your answer.

I am planing a desktop-PC for private use with Samsung or INTEL SED. These INTEL-Boards are the only ones I found which support ATA-Security. But do they support eDrive hardware encryption with BITLocker?

I hope joe_intel can answer my question.

Jose_H_Intel1
Employee
226 Views

Both motherboards you mentioned support UEFI 2.3.1 and eDrives. We are still checking about the SSDs.

Jose_H_Intel1
Employee
227 Views

We do not currently have drives that support Microsoft* eDrive. Select future models will have support.

I am sorry for the inconvenience.

View solution in original post

MBerm
Beginner
226 Views

Joe--

Thank you for the direct answer.

DGrap1
Beginner
226 Views

What about motherboard, chipsets, and BIOSes that support SED (self-encrypting drives)?

Apparently it requires support for the Opal 2.0 specification as well as few other things.

See http://forums.crucial.com/t5/Solid-State-Drives-SSD-Knowledge/System-Requirements-for-M500-Hardware-... System Requirements for M500 Hardware Encryption - Crucial Community

Jose_H_Intel1
Employee
226 Views

Intel® motherboards supporting SED or Hard Drive password are listed in this article:

http://www.intel.com/support/motherboards/desktop/sb/CS-034023.htm Desktop Boards; Hard disk drive password support

Reply