Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Hardware Encryption (eDrive) on Maximus X Hero 1003 and Evo 960 anybody?

KeksimusMaximus
Level 8

‎04-02-2018 08:09 AM - last edited on ‎03-05-2024 07:34 PM by Community Admin

Have anybody sucesfully enabled Hardware encryption on Maximus X Hero 1003 bios using Samsung EVO 960 as OS boot drive (encrypted drive).

Im fighting over it for several days already and everything i do fails. There are few conditions to meet:
- System needs to be Windows 8/10 Pro
- Windows needs to be in UEFI mode
- eDrive compilant SSD
- SATA ports in AHCI mode (no RAID)
- BIOS needs to run UEFI version 2.3.1 with EFI_STORAGE_SECURITY_COMMAND_PROTOCOL enabled (sent mail to customer suport, waiting for reply)


This is the guide i followed: http://www.ckode.dk/desktop-machines/how-to-enable-windows-edrive-encryption-for-ssds/ but steps are pretty much same in various places:

Have OS on other physical disk than EVO 960
Have drive in uninitalised state (diskpart clean)
Install Samsung Magician, in data security switch "Encrypted drive" to "ready to enable"
In Secure Erase create bootable tool
Reboot PC, launch Secure Erase
After secure erase, reboot PC and go straight to bios, set bios to UEFI boot only, enable secure boot, load default keys, set to Windows UEFI, disable CSM (compatability mode)
Reboot PC and start Windows install in UEFI mode
When install done, enable BitLocker for non-TPM systems (gpedit.msc), verify that system is in UEFI mode (msinfo32)
Attempt to enable drive encryption with BitLocker

And this is where issue happens, every time i redo every step on the list (including PSID reset so every time i Begin drive encryption is disabled and i switch it to "ready to enable") BitLocker like a stubborn idiot offers me only Software encryption (the dreaded screen where it asks wheter i want to encrypt whole drive or just used space).

For ****s and gigle s i tried to enable hardware encryption when my EVO was used as storage drive... and it worked. The problems Begin when drive is used as OS drive.

Anybody got experience with this?
Dargus Maximus
~Explorer ~Engineer ~Guide
My Youtube channel - PC modding, streaming, gaming
Labels:
0 Kudos
14,101 Views
28 REPLIES 28

PerpetualCycle
Level 13

‎04-26-2018 12:09 PM

Nevermind

ROG Dark Hero Z790 | 13900KS @5.7 GHz | g.skill 2x48GB 6800 MT/s | ROG Strix 4070 Ti | EK Nucleus 360 Dark | 6TB SSD/nvme, 16TB external HDD | 2x 1440p | B&W 606 S3 speakers, Martin Sub, Audiolab 7000A amp| Fractal North XL case
0 Kudos

Outontheporch
Level 7

‎05-04-2018 01:30 PM

bump.
0 Kudos

FurballTheGreat
Level 7
In response to Outontheporch

‎11-03-2020 02:14 PM

I have hit the same issue that you guys reported previously. It is definitely a bug in the BIOS and is definitely present on ASRock boards or at least the Z370 Pro 4. I do however have something new to contribute to the discussion. There is a workaround of sorts....

If you use Samsung Magician to look at the drive encryption status after a clean install and before enabling BitLocker, if the drive was properly initialised during install it will report an encryption status of "Encrypted" if however it has failed as it does on ASUS boards it will report "Ready to Encrypt" still. Something is going wrong during the installation of Windows and it is specific to the BIOS in these boards.

The work around is:

  • Perform the secure erase or PSID reset (if drive is already encrypted). This works fine on all boards I have including the ASUS board
  • Place the NVME drive in a machine with a working BIOS such as an ASRock Z370 Pro 4 based system.
  • Start Windows install but when the first reboot in the installation process is reached. Power off the machine.
  • Move the NVME drive to the target ASUS motherboard based machine.
  • Let the Windows install complete
  • Run "manage-bde -on c: -fet hardware" from an administrator powershell prompt



If you are curious you can install Samsung Magician before enabling BitLocker to observe the Encryption status being "Encrypted". As this works I am convinced this is a bug in the ASUS bios which screws up the initialisation of the drive.

I have opened a support request with ASUS and Samsung. Its a painful process as neither seems to be particularly on the ball!
0 Kudos

FurballTheGreat
Level 7
In response to FurballTheGreat

‎11-03-2020 02:20 PM

I should also add there is a separate problem with Windows 10 2004/20H2 where the enable bitlocker command will fail. This is not related to the BIOS issue as I have repeated this on three different setups using both Samsung NVME & SATA drives and Motherboards by Lenovo, ASRock and ASUS.

If you use Win 10 1903 or 1909 it should work for you. One can upgrade once Bitlocker is installed. Again I am still look for a solution to this.
0 Kudos

moritzjt
Level 7

‎05-04-2018 02:03 PM

Have you tried turning it off and on again? jk

BitLocker supports OPAL 2.0 as well - maybe you could PSID the drive and try setting things to OPAL mode and see if BitLocker can manage that instead of edrive?

Let me know if it works - I'm planning on getting a Samsung 960 EVO as well and want to use SED on Maximus VIII Gene that has no TPM header 😉
0 Kudos

Outontheporch
Level 7
In response to moritzjt

‎05-27-2018 06:46 PM

moritzjt wrote:
Have you tried turning it off and on again? jk

BitLocker supports OPAL 2.0 as well - maybe you could PSID the drive and try setting things to OPAL mode and see if BitLocker can manage that instead of edrive?

Let me know if it works - I'm planning on getting a Samsung 960 EVO as well and want to use SED on Maximus VIII Gene that has no TPM header 😉


I don't think Bitlocker supports OPAL (to my knowledge). Other software supposedly does, like WinMagic, but I don't want to pay that kind of $$$ without any assurance it will work.
0 Kudos

applantern
Level 7
In response to Outontheporch

‎06-21-2018 03:20 AM

I just tried enabling (discrete TPM) hardware encryption on Win 10 UEFI boot drive Samsung EVO 960 M.2 with Asus Z370-A BIOS 0805 dated 2018.05. Still does not work.
0 Kudos

Outontheporch
Level 7

‎05-27-2018 06:45 PM

Still waiting Asus
0 Kudos

Outontheporch
Level 7

‎07-06-2018 03:14 PM

Bump again. I'd at least like to hear from someone on Asus' side that they are aware of the issue and are looking into it at the very least.
0 Kudos

vslee
Level 7

‎07-11-2018 12:14 PM

Looks like Lenovo has already solved this issue for their users. It is comfirmed working on the following Lenovo systems (see links below):

Lenovo ThinkPad X1 Carbon 5th Gen

Lenovo T480s (confirmed here)

Samsung is now waiting for Asus to contact both Samsung and AMI (or the bios manufacturer) so that Asus can solve the problem for their own users as well
0 Kudos