cancel
Showing results for 
Search instead for 
Did you mean: 
userysQp40iejl
Asteroid

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION

Oops, for OS I meant:

 

OS: Microsoft Windows 10 Pro revision 1803 (build 17134, "RS4" / "April 2018 Update")

 

Anyway, it's the very latest production Windows 10 revision.

 

 

Reply
Loading...
GoNz0
Asteroid

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION

I see my post has been deleted again, Samsung you are refusing to tell us what you have told BIOS manufacturers, this is pathetic just like the way you withold PSID revert software insisiting we RMA the drives.

Reply
Loading...
Anonymous
Not applicable

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION

Hello GoNz0,

 

We have already explained the process and our policies. There are multiple post by you in this thread and the PSID revert tool thread you started. We are aware of your concerns at this point. However, if you continue to make post that are no longer for troubleshooting, technical advice or new issues or continue to make post for these topics that have already been acknowledged, you will be banned permanently. We apologize for the inconvenience, but as stated previously Samsung cannot provide a solution for your BIOS, as we are not the BIOS manufacturer and cannot help you modify or change a product that is not ours.

Reply
Loading...
userr3hji25nue
Asteroid

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION
Hello Ricky,

I do understand your need to keep a clean discussion on the forum, but this time Gonzo has a point: he requires TECHNICAL assistance.

Setting aside that hardware encryption on a NVMe drive is advertised in your product, and not on Dell/Lenovo...'s websites, he's asking you "what does - from a technological point of view - your product need in order to work as advertised?"

He's not asking you to offer assistance on his BIOS, he's asking what your product does need.

As hardware encryption is not codified in the NWMe standard (which otherwise would put the blame back to BIOS manufacturers), you're offering a non-standard, additional feature without providing the tools to make it work.

I might be wrong, of course, but as I have a more legal rather than technical background, can you point me to the exact paragraph in the NVMe specifications where NVMe standard is supposed to support hardware encryption? You can find NVMe specs here https://nvmexpress.org/wp-content/uploads/NVM-Express-1_3c-2018.05.24-Ratified.pdf

Because if hardware encryption is not officially supported by the accepted standard, then support for the feature as advertised lies entirely on you, even when it affects other parts

Best,
Duccio
Reply
Loading...
Anonymous
Not applicable

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION

Hello userr3hji25nue,

 

I completely understand, What I've been attempting to convey is that, NVME and hardware encryption are two separate features. Our drives as advertised supports both of these features. However, a few older BIOSes, only support the NVME standard for storage. But, these same BIOSes only offer their security features to drives that use the SATA standard (for example), not the NVME standard. This means that the BIOS needs to be able to see the NVME drive connected and then it should be able to determine that the NVME drive can also use hardware encryption, then let the encryption process start. We cannot provide a modification for a third party BIOS in order to have it be able to make that determination or start the process. The Third party BIOS is not our product. The BIOS manufacturer would have to release an update for those specific older BIOSes, in order for the BIOS to be able to start the start the encryption process for the NVME drive. In short, only the system manufacturer or the BIOS manufacturer can provide guidance or changes in the BIOS.  We are only the drive manufacturer and our product fully supports the standards we advertised and they work as advertised if put in an environment that allows the features to work, as proven previoulsy in this same thread.

Reply
Loading...
Highlighted
Nipperkin
Constellation

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION

Samsungs stance on this is to ignore the customer, delete posts and ban those that have a valid point. You have no reason not to tell the customer what is needed for this to work, instead you ban customers and delete the posts, great customer support.

 

Reply
Loading...
GoNz0
Asteroid

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION

Oh look the ban has been lifted, pathetic attitude but oh well.

 

Anyway, Dell precision laptops support SED on NVMe and guess what, it doesn't work with Samsung drives but fine with other ones.

 

 

Reply
Loading...
Eaton
Constellation

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION

Hello Samsung, do you have any knowledge of any motherboard vendors having released any BIOS updates that fixes this issue? It's been a while. Z390 motherboards are coming soon for the 9th gen Intel processors, so I'm curious if you know those will have the fix baked in.

Reply
Loading...
userqW8vNpR3Zm
Asteroid

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION

@userysQp40iejl wrote:

I just experienced first hand how the lack of proper support of NVMe eDrive/HW encryption by motherboard BIOS effectively ruins the ability to use HW encryption on a 970 PRO bootable partition:

 

Tested setup:

Motherboard: ASUS Maximus VIII Hero

BIOS rev: 3802 (latest as of 7/16/2018)

CPU: Intel Core i7-6700K

Memory: 16GB DDR4-2133

SSD: Samsung 970 PRO 512GB

OS: Microsoft Windows 10 Pro revision 1083 (build 17134, "RS5" / "April 2018 Update")

 

* Attached fresh 970 PRO SSD to motherboard M.2 2280 slot

* Attached 850 PRO SATA SSD with bootable Win10 OS to motherboard SATA port

* Booted up system to Win10 with SATA SSD

* Launched Samsung Magician 5.2.1

* Selected 970 PRO SSD and enabled eDrive

* Shut down & disconnected 850 PRO SSD

* Attached bootable USB flash drive (with Win10 OS install files)

* Booted system to Win10 installation first screen

* Selected 970 PRO SSD as OS target drive and completed OS installation

* Booted to Win10 Pro OS from 970 PRO SSD

* Attempted to enable BitLocker encryption for C:

* BitLocker encryption check returns "cannot encrypt C:" error message after system reboot

* 2nd attempt to enable BitLocker encryption for C:, with the encryption check bypassed

* C: got HW encryption:

    "open lock" appears in C: icon

    manage-bde -status C: reports Encryption Method: Hardware Encryption - 1.3.111.2.1619.0.1.2

* KILLER: After restarting OS just a single time, C: is no longer bootable!  Windows bootloader returns "cannot find winload.efi" fatal error.  This installation of Win10 OS into the 970 PRO SSD is completely wasted!

 

My observation of what's going on:

 

The 970 PRO SSD can actually support HW encryption (eDrive) when properly enabled, and Win10 BitLocker can actually do it.  BUT: motherboard BIOS lacks the support to unlock encrypted C: at bootup!

 

So I believe BIOS support is the last critical missing piece to enable 970 PRO SSD to carry bootable & encrypted C: for Win10.

 

Remember for SATA SSDs to be used as encrypted OS startup drive for Windows, there is a UEFI 2.3.1 "EFI_STORAGE_SECURITY_COMMAND_PROTOCOL" requirements on the BIOS, among other requirements.  I suspect there may be something similar for PCIe NVMe SSDs.  Also, any lack of total compliance to IEEE 1667 and specific TCG protocols will also break eDrive support.  However, since I did succeed in getting 970 PRO to enable HW encryption (just cannot restart the OS afterwards!!) while running Win10, I'd guess it is rather unlikely the issue is related with IEEE 1667 or TCG protocol compliance, which leaves just the piece for the BIOS, needed specifically during system startups.

 


I have Motherboard ASUS CROSSHAIR VI Hero and Samsung SSD 850 PRO as well as NVMe 960 EVO.

And that's exactly (point by point) the same setup and procedure I've ran through with same result.

Only last 2 points I've skipped since I never would activate Bitlocker without check to avoid corrupting ths OS installation. And installing latest Samsung's NVMe driver (v3.0) does not make any difference.

 

So the question is, since HW encryption generally seem to work, e.g. using as second drive; why is ASUS not able or willing to fix this in BIOS???

I quarrel heaps of mails with ASUS and Samsung support but each one is pointing to the other without fortcoming. It is simply a shame.

Reply
Loading...
Lucent
Cosmic Ray

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION

I also tried to get hardware Bitlocker working on a 970 EVO and Gigabyte board with TPM and had the same winload.efi error after rebooting. I'm wondering if a PSID revert and fresh double install might help, or it's simply impossible.

Reply
Loading...