Thanks for posting your question.
Intel® SSDs use a built-in hardware encryption which is independent from Bitlocker*. As far as I can see, Bitlocker’s requirements just involve having 2 partitions and NTFS in the drive, besides TPM on the board.
I will update this thread if I find more information about this.
Joe-- Is your answer an official reply from Intel? Are you an Intel employee?
I think there is more to it than whether the SSD performs hardware encryption. The Samsung 840 line had a recent firmware upgrade that allowed the hardware encryption to be controlled by BitLocker. Prior to this upgrade, the Samsung SSDs were not compatible with BitLocker hardware encryption.
The SSD needs to pass the encryption key back and forth from the TPM chip for BitLocker to use intrinsic hardware encryption instead of BitLocker's usual software encryption.
I am from Intel and we are researching this. Just to be clear, when you say Bitlocker Hardware Encryption, are you referring to Microsoft* eDrive?
Yes, I am.
It's pretty convenient because encryption/decryption is so fast (immediate).
If you open a command line in windows\system32 and type
manage-bde -status c:
it returns a description of the encryption status which includes a line
Encryption Method: Hardware Encryption - 188.8.131.52.16184.108.40.206
confirming that hardware encryption is being used.
Thank you. We are checking with engineering regarding Microsoft* eDrive support.
To run eDrives with Microsoft BITLocker you need UEFI-Firmware 2.3.1 with support of "EFI_STORAGE-SECURITY_COMMANFD_PROTOCOL".
Do the Mainboards DZ87KTL-75K and DH87MC support this?
Klaus-- I'm a corporate IT person, in a department that is outfitted with HP Compaq Elite 8300 small form factor computers. These computers were delivered a few months ago, and have the firmware that was shipped (HP has no firmware updates listed).
We installed Windows 8.1 enterprise 64 bit (UEFI boot) on Samsung 840 EVO SSDs (having updated the firmware in the SSD) and eDrive hardware encryption worked. Same process and hardware encryption did not work on the Intel SSD.
I'd be happy to get you more information, but I don't know how to answer your question about the Intel Mainboards.
thank you for your answer.
I am planing a desktop-PC for private use with Samsung or INTEL SED. These INTEL-Boards are the only ones I found which support ATA-Security. But do they support eDrive hardware encryption with BITLocker?
I hope joe_intel can answer my question.
Both motherboards you mentioned support UEFI 2.3.1 and eDrives. We are still checking about the SSDs.
We do not currently have drives that support Microsoft* eDrive. Select future models will have support.
I am sorry for the inconvenience.
Thank you for the direct answer.
What about motherboard, chipsets, and BIOSes that support SED (self-encrypting drives)?
Apparently it requires support for the Opal 2.0 specification as well as few other things.