The secure erase USB is MBR, and the Hades Canyon (Intel NUC) doesn't support legacy boot. Had to swap SSD to other computer.
Problem 2: Enabling Device Encryption to get hardware encryption Bitlocker fails to work.
Install Samsung magician
Set Device Security (Not opal, not class 0, but the last one)
Create Samsung Secure Erase USB
Put USB + SSD in other machine
Secure Erase SSD
Put SSD back
Try enable Bitlocker, get software window (all or used), should be instant.
Solved! Go to Solution.
so while the 970 supports the hardware encryption, manufactures at the time dont with the nvme drive and will need a future bios update for this to take place.
for the time being you'll have to to use the software encryption method
so we are in december and these hardware encrypted advertised ssds still cant do hardware encryption like they said. Anyone who managed to fix this and get it to use hardware encryption with bitlocker?Can it even be fixed with some firmware update rather than a motherboard hardware change?
As I wrote in the 960 Pro thread, hardware encryption using Bitlocker is working fine on my ThinkPad X1 Gen 5 with a 970 Pro.
I suspect that it will work on all ThinkPads of the same and later generations (e.g. T470, X1 Gen 6 etc).
To clear things up, as mentioned by the other users, the drives are capable of hardware encryption. However, if your motherboard does not allow the drive to complete the hardware encryption, then you can't encrypt. The motherboard has to recognize the M.2 drive has being "hardware encryptable" in the first place. Only the BIOS can do this, if your system is not allowing to start the encryption then the BIOS needs to be updated or changed by the manufacturer so that it works. If they can't provide a change, then you must get a motherboard that is known to be able to encrypt M.2 drives.
Google search got me here. So here goes. Don't know if this still holds true. It's now April 2019. You don't want to use hardware encryption. It isn't any good. You want to use software encyrption. They talked about this on a Security Now (Steve Gibson, Leo Laporte) episode sometime back. Here's an article link. https://www.howtogeek.com/fyi/you-cant-trust-bitlocker-to-encrypt-your-ssd-on-windows-10/
Did you read the paper from the Radbud people yourself?
Look at the weasel words in the abstract: "...we found that many hardware implementations have critical security weaknesses..."
In fact, deep in the paper, the researchers said that the Samsung 850 evo using TCG Opal past all the tests. They did not test the 970 as is was not out then, but I would be surprised if Samsung engineers allowed a regression to creep in.
The BIOS's may never support hardware encryption on nvme drives, however you don't need it. See sedutil for a software solution to setting the password for the encryption key. No special BIOS support is required.