cancel
Showing results for 
Search instead for 
Did you mean: 
userqW8vNpR3Zm
Asteroid

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION

I've had an interesting "accident" with my computer offering strange insights into the eDrive/Bitlocker trouble of NVMe drives.

I have two disks in my PC, a 950 PRO SSD and a 960 EVO M2. On both there is Windows 10 installed. The 950er is eDrive enabled and Bitlocker encrypted. The I had encrypted the M2 Windows partition as secondary drive which is working fine (using automatic unlocking!). But then I cannot boot into it. Enabling Bitlocker as booted drive does not work as subject to the thread.

 

Now these days I had a crash on my 950er Windows after resuming from hibernation, I had to reboot and then I discovered that Windows Bitlocker was completely deactivated and could not activate it again the regular way.

Then I switched the boot priority and thought I could boot into M2 Windows but I forget about the encryption.

But surprise surprise, I could boot into it (without entering PIN) and in the Bitlocker settings I saw, that C: partition was Bitlocker encrypted (eDrive). How could that be? I thought this was impossible.

 

Then after detaching the 950er from power, attaching it again and booting finally Windows Bitlocker asks for the recovery key to restore Bitlocker on hardware encrypted drive. And the "damage" was repaired.

 

IMHO the M2 eDrive functionality cannot be a big thing.

But I really don't know what happened here.

Reply
Loading...
Highlighted
userysQp40iejl
Asteroid

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION

I'm pleased to report that I got eDrive HW encryption working with my Samsung 970 PRO 512GB SSD paired with my ASRock Z390 Phantom Gaming-ITX/AC motherboard!  Smiley Very Happy

 

I reused the same 970 PRO stick for my previous report posted a few months ago.  This SSD was already properly enabled for eDrive using Samsung Magician utility, and has a working copy of Windows 10 Pro 1803 installed.  I just installed this SSD into the ASRock Z390 motherboard topside M.2 slot, booted to Windows 10, and immediately got BitLocker to enable eDrive encryption for C:.  I've tested warm boot and cold boot of this system after BitLocker got enabled and there are no bootup issues.  Manage-bde confirmed hardware encryption in effect with C:.

 

This ASRock Z390 motherboard has the latest BIOS (P1.20) installed, and TPM 2.0 is enabled.

 

Reply
Loading...
z3razerviper
Constellation

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION

Hello sorry but I have a really stupid question and I cant find the answer anywhere on google. How do I find out if my mainboard supports edrive on nvme? It works with sata just fine. I am running an asus x99e-ws

Reply
Loading...
userHCDeAL3jza
Constellation

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION

It does not work on any Asus boards and it is unkown whether they will release a bios update to fix it. Most likely the x99e-ws is so old it probably doesn't get any more bios updates anyways. 

Reply
Loading...
userQ3I7iS1L5k
Constellation

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION

i have the latest z390 tuf gaming asus and it fails to enable hw encryption on 970 pro no matter if is boot or secundary drive. After trying for 3 days i gave up and enabled software encryption. Is sad that asus havent fixed this in their new series  even tho the problem is years old.

Reply
Loading...
userjI7KwDHFo6
Astronaut

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION

I raised a trouble ticket with Asus over this and they responded after about a month saying that they had zero plans of fixing this.

 

At this point Asus has no intention of ever fixing this, at least until more people make noise about it.  If you are interested in this feature, I'd suggest you go to their support page and raise a trouble ticket or return the board and get something else (ASROCK supposedly supports this).  

 

https://rog.asus.com/forum/showthread.php?101157-Hardware-Encryption-(eDrive)-on-Maximus-X-Hero-1003...

 

 

Reply
Loading...
userqW8vNpR3Zm
Asteroid

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION

@userjI7KwDHFo6 wrote:

I raised a trouble ticket with Asus over this and they responded after about a month saying that they had zero plans of fixing this.

 

At this point Asus has no intention of ever fixing this, at least until more people make noise about it.  If you are interested in this feature, I'd suggest you go to their support page and raise a trouble ticket or return the board and get something else (ASROCK supposedly supports this).  

 

https://rog.asus.com/forum/showthread.php?101157-Hardware-Encryption-(eDrive)-on-Maximus-X-Hero-1003...

 

 


I have an ASUS Board (Crosshair Hero VI) and I quarrel more than half a year with ASUS support about this issue and I gave up. I think raising a trouble ticket is simply pure waste of time. I told them not to buy any ASUS products any more.

 

Is it sure that ASRock supports edrive in the meantime? Maybe I decide to change the board.

Reply
Loading...
userqW8vNpR3Zm
Asteroid

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION

For my ASUS Board (Crosshair Hero VI) there is a new BIOS available since 30th November 2018. But the problem with NVME hardware encrypted boot drive is still not solved. It is simply ridicolous. ASUS is not willing to fix this.

Reply
Loading...
userzNhrxNJvRj
Astronaut

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION

Try loading an older version of Windows 10 to enable hardware through bitlocker after the appropriate procedure of enable in magician, secure erase, and fresh UEFI install.

 

https://community.spiceworks.com/topic/1764724-hp-drive-encryption-and-windows-10-anniversary-update

Reply
Loading...
tox1c90
Constellation

Re: HOW TO MANAGE ENCRYPTION OF 960 PRO

JUMP TO SOLUTION

Beware of Asrock, at least when you have a Z370 board!

Their latest UEFI updates for these boards which also include a newer Intel SATA rom completely kill the compatibility with hardware encrypted (SATA) drives.

 

If you update for example a Z370 Pro4 to UEFI 3.30 and have ANY hardware encrypted (Bitlocker edrive) SATA drive connected, the board WILL NOT POST!

 

It is enough to just have such a drive connected for the UEFI to fail. It is not related to the boot drive. You can't even access UEFI setup in that case. You will quickly see the Asrock logo followed by immediate black screen and it does not respond to any keystrokes anymore. 

 

Only workaround is to disconnect all Sata drives which have Bitlocker hardware encryption enabled. 

If I disable Bitlocker before updating the UEFI, it does post and boot without problem. 

If I enable Bitlocker again, black screen and no post. 

Tried it with different SSDs and Sata ports, does not change anything. 

 

I talked to Asrock support about this, and they told me that they were in fact able to reproduce this issue.

They told me the only possibility for these boards after doing the UEFI update is to DISABLE Bitlocker edrive hardware encryption, otherwise the UEFI will not post and it is thus impossible to boot.

 

See the original response from Asrock below. I was really surprised about such a statement. Initially I thought there might have been a misunderstanding, because I couldn't imagine they are really telling me something like "just don't use it anymore, it does not work", so I asked them again if they are serious about that. But they confirmed that statement and said they can't do anything about it. 

 

@Asrock support wrote:
Hello,
 
feedback from BIOS department:
 
After checking and experimenting, we get below conclusion regarding hardwareencryption Bitlocker.
If the system is under encrypted status, it cannot boot into Windows again when restart system.
Only re-install OS or remove encrypted HDD and then able to boot properly.
 
So, please decrypted hardware encryption before shut down or restart system.
Then system is able to work normally.
 
best regards,
 
ASRock Support

ASRock Europe B.V.

Bijsterhuizen 1111

6546 AR Nijmegen

The Netherlands

www.asrock.com
Reply
Loading...