Location:
State:
Carrier
Country
Status

Bitlocker turned itself off, Samsung Magician Says Encryption enabled


Getting h/w encryption on my laptop has been a bit of a nightmare, but I thought I had it working.... Here is what I did:

  • Installed M.2 Samsung 850 evo drive
  • Installed samsung magician, and set Encryption to Ready to Enable.
  • Removed existing HDD
  • Ran samsung secure erase from DVD.
  • Installed Win10
  • Installed Samsung Magician (It said Encryption enabled, finally!)
  • Turned on Bitlocker. It did not prompt me for how much of the drive to encrypt, which (I was told) means that it is using hardware encryption of the drive.
  • Added the HDD back.
  • Updated all my drivers to latest versions for my laptop (Asus GL552VW), including Intel RST drivers (14.x)


After doing all that I just noticed that BitLocker is turned off on my C: drive (the m.2 drive)! I looked in Magician and it still says Encryption is enabled. So I went into Bitlocker to turn it on again for the drive. But now it is prompting me to encrypt used space, or whole disk, which means it isn't using h/w encryption.

What am I doing wrong here? Do I need to enable Secure Boot in BIOS? I have read that the Intel RST drivers can cause problems, but I thought that was only with older versions? Is IRST still an problem?

Edit: When I look in the Disk Management took, I see the C: partition of Disk 1 says: NTFS(Bitlocker Encrypted)., But in Bitlocker Drive Encryption tool it says it is off. Manage-BDE -status c: says that there is no encryption. Really confused now.

There are a list of requirements for hardware based encryption here - doesn't look like secure boot is required: How to Enable BitLocker Hardware Encryption with SSDs Helge Klein
For data drives:
The drive must be in an uninitialized state.
The drive must be in a security inactive state.

If the drive is used as a startup drive the following apply additionally:
The computer must always boot natively from UEFI.
The computer must have the Compatibility Support Module (CSM) disabled in UEFI.
The computer must be UEFI 2.3.1 based and have the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL defined.
I only use bitlocker with software based encryption though so can't add to what they say I'm afraid but some of the comments look interesting.

Thanks. I used that guide to get to where I am.... Man I really don't want to have to reinstall windows....

The software based encryption only reduces performance by a couple of percent (I don't honestly notice it).

I can't answer your question though - hopefully some who uses it can. Sorry about that.

I just read some of the comments from the sight you sent me. It seems that the RST drivers may be breaking bitlocker again maybe.

I can confirm the problem is IRST drivers. Just did a clean install, enabled bitlocker (h/w encryption was detected). As soon as I installed the IRST drivers and rebooted BL was turned off. When I went turn on BL again, I got the software encryption prompt. So I guess for now I'll live without the IRST drivers.

Intel doesn't seem to really care:
Intel RST BitLocker eDrive Win10 conflicts |Intel Communities

That's an interesting link, thanks - I'll try to remember it in case I get new SSD...

I guess you could consider using storage spaces if you want a sort of software RAID and Intel RST doesn't work with bitlocker....

Bitlocker turned itself off, Samsung Magician Says Encryption enabled