How To: Switch to Software Encryption on Solid-State Drive



Updated November 2024: Stop getting error messages and slow down your system with our optimization tool. Get it now at this link
  1. Download and install the repair tool here.
  2. Let it scan your computer.
  3. The tool will then repair your computer.

In response to a recently discovered vulnerability in hardware-based encryption in solid-state drives, Microsoft recommends that when you use BitLocker to protect a solid-state drive, you switch from hardware encryption to software encryption.

Hardware encryption features are often highly acclaimed selling points for Solid State Drives (SSDs), which are marketed to enterprise users and increasingly to average consumers as concerns about privacy and identity theft increase. These self-encrypting drives (SEDs) contain a dedicated AES coprocessor that is used exclusively for drive encryption. This has the dual purpose of isolating encryption tasks from other drive operations to increase security, and eliminating overhead from either the main drive controller or the system CPU since neither the data is to be encrypted nor decrypted as needed – making encryption a resource neutral operation.

Microsoft’s BitLocker feature encrypts all data on a drive. When you run BitLocker on a Win10 system with a solid-state drive with built-in hardware encryption, BitLocker relies on the capabilities of the self-encrypting drive. If the drive does not have hardware self-encryption (or you are using Win7 or 8.1), BitLocker implements software encryption that is less efficient but still enforces password protection.

The hardware-based error of self-encryption appears to be present on most, if not all, self-encrypting drives.

Microsoft’s solution is to decrypt any SSD that implements self-encryption and then re-encrypt it with software-based encryption. Performance is compromised, but data is protected by software, not hardware.

Many SSDs do not implement encryption properly.

Even if you enable BitLocker encryption on a system, Windows 10 may not really encrypt your data. Instead, Windows 10 may rely on your SSD, and the encryption of your SSD can easily be interrupted.

That’s the conclusion of a new article by researchers at Radbound University. They’ve rebuilt the firmware of many solid-state drives and found a variety of “hardware encryption” issues with many SSDs.

The researchers tested Crucial and Samsung drives, but we wouldn’t be surprised if other manufacturers had major problems. Even if you don’t have any of these specific drives, you should be worried.

November 2024 Update:

You can now prevent PC problems by using this tool, such as protecting you against file loss and malware. Additionally, it is a great way to optimize your computer for maximum performance. The program fixes common errors that might occur on Windows systems with ease - no need for hours of troubleshooting when you have the perfect solution at your fingertips:

  • Step 1 : Download PC Repair & Optimizer Tool (Windows 10, 8, 7, XP, Vista – Microsoft Gold Certified).
  • Step 2 : Click “Start Scan” to find Windows registry issues that could be causing PC problems.
  • Step 3 : Click “Repair All” to fix all issues.

Download Now

In other words, the SSD hardware encryption is not secure. In addition, BitLocker users are exposed to this problem because BitLocker uses the hardware encryption scheme of the SSD by default.

The researchers tested and confirmed that the following SSDs were affected:

  • Crucial (Micron) MX100, MX200, MX300 internal hard disks
  • Samsung T3 and T5 portable (external) disks
  • Samsung 840 EVO and 850 EVO internal hard disks (when ATA security in High mode is used)

To switch to BitLocker software encryption

Administrators can switch the encryption method to software when BitLocker uses the hardware encryption capabilities of a drive on a Windows computer.

BitLocker cannot automatically switch to software encryption when a drive uses hardware encryption. The required process includes enabling software encryption by default, decrypting the drive, and encrypting with BitLocker.

Microsoft points out that when you change the encryption method, it is not necessary to format the drive or reinstall software.

The first thing to do is to enforce the use of software encryption using Group Policy.

  1. Open the Start menu.
  2. Enter gpedit.msc.
  3. Go to Computer Configuration > Administrative Templates > Windows Components > Bitlocker Drive Encryption.
  4. For the system drive, open Operating system drives and double-click Configure use of hardware-based encryption for operating system drives.
  5. For fixed date drives, open Fixed Data Drives and double-click Configure use of hardware-based encryption for Fixed Data Drives.
  6. For Removable Disks, open the Removable Disks option and double-click Configure use of hardware-based encryption for removable disks,
  7. Set the required policies to Disabled. A value of disabled forces BitLocker to use software encryption for all drives, including those that support hardware encryption.

This setting applies to new drives that you connect to your computer. BitLocker does not apply the new encryption method to drives that are already encrypted.

https://www.computerworld.com/article/3319736/bitlocker-on-self-encrypted-ssds-blown-microsoft-advises-you-switch-to-software-protection.html



Expert Tip: This repair tool scans the repositories and replaces corrupt or missing files if none of these methods have worked. It works well in most cases where the problem is due to system corruption. This tool will also optimize your system to maximize performance. It can be downloaded by Clicking Here

Scroll to Top