NVMe SSD hardware encryption support for BitLocker

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Hi.

Recently I got a new rig with a X570 Taichi motherboard, BIOS ver. 2.11.

I have a Samsung 970 EVO Plus 2TB NVMe drive and I'd like to enable hardware accelerated BitLocker encryption for it. 

The drive itself supports it, but the BitLocker wizard either offers to me to use software encryption or, if I force it to use hardware encryption via Group Policy, tells me that the hardware encryption is not available.

I don't have TPM in my system, but I activated the "Allow BitLocker without a compatible TPM" option in Group Policy editor, so it shouldn't be a problem.

A also enabled Encrypted Drive in Samsung Magician and made a secure erase prior to Windows installation, enabled Secure boot, disabled CSM, so all the conditions for BitLocker hardware acceleration are met but it doesn't work anyway.

I googled for this problem and found this thread on official Samsung Forum - https://us.community.samsung.com/t5/Monitors-and-Memory/970-Pro-M2-cannot-do-hardware-encrypt/td-p/330809 , where people had same problem and it was resolved for them by BIOS update.

So, my question is - Is there anything else I can do to enable BitLocker with hardware encryption on my NVMe drive? Are there any extra steps needed for X570 Taichi to enable it or maybe it will be fixed in following BIOS updates?

I use my rig as a workstation and I need my drive encrypted. I don't want to use software encryption, because it decreases disk performance, especially in random IOPS.

I also tried to use HDD password option (Class 0 encryption) for this drive and it worked, but the implementation of this feature on X570 Taichi is terrible - when I type in my password with my normal typing rate to unlock the drive, some of characters are skipping - for 16 entered characters I get only 13-15 asterisks in the input field, so if I press Enter it says "Invalid password". I need to type very slowly, 1 characters per second or even slower, to make it accept the password, this is ridiculous. 

Moreover, the BIOS asks passwords for each drive in the system, even if all of them use the same passphrase. For example, Dell machines I used before required me to type in password only once in this case.

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
Ultranium Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 25 Oct 2019 Status: Offline Points: 6	Post Options Post Reply Quote Ultranium Report Post Thanks(0) Quote Reply Topic: NVMe SSD hardware encryption support for BitLocker Posted: 25 Oct 2019 at 3:42am
	Hi. Recently I got a new rig with a X570 Taichi motherboard, BIOS ver. 2.11. I have a Samsung 970 EVO Plus 2TB NVMe drive and I'd like to enable hardware accelerated BitLocker encryption for it. The drive itself supports it, but the BitLocker wizard either offers to me to use software encryption or, if I force it to use hardware encryption via Group Policy, tells me that the hardware encryption is not available. I don't have TPM in my system, but I activated the "Allow BitLocker without a compatible TPM" option in Group Policy editor, so it shouldn't be a problem. A also enabled Encrypted Drive in Samsung Magician and made a secure erase prior to Windows installation, enabled Secure boot, disabled CSM, so all the conditions for BitLocker hardware acceleration are met but it doesn't work anyway. I googled for this problem and found this thread on official Samsung Forum - https://us.community.samsung.com/t5/Monitors-and-Memory/970-Pro-M2-cannot-do-hardware-encrypt/td-p/330809 , where people had same problem and it was resolved for them by BIOS update. So, my question is - Is there anything else I can do to enable BitLocker with hardware encryption on my NVMe drive? Are there any extra steps needed for X570 Taichi to enable it or maybe it will be fixed in following BIOS updates? I use my rig as a workstation and I need my drive encrypted. I don't want to use software encryption, because it decreases disk performance, especially in random IOPS. I also tried to use HDD password option (Class 0 encryption) for this drive and it worked, but the implementation of this feature on X570 Taichi is terrible - when I type in my password with my normal typing rate to unlock the drive, some of characters are skipping - for 16 entered characters I get only 13-15 asterisks in the input field, so if I press Enter it says "Invalid password". I need to type very slowly, 1 characters per second or even slower, to make it accept the password, this is ridiculous. Moreover, the BIOS asks passwords for each drive in the system, even if all of them use the same passphrase. For example, Dell machines I used before required me to type in password only once in this case.