Got myself a new 1TB Crucial MX200 SSD today. This is a Self Encrypting Drive like my other SSDs. When I tried enabling BitLocker on it as I usually do, I noticed that it was asking me about how to encrypt the drive and taking more time with the encryption than I have seen in the past with SED drives that support the TCG OPAL standard.
Something was not right. So I went back to Microsoft’s page on BitLocker and SEDs and noticed that one of the requirements was that the drive must be uninitialized! Damn! In the past I usually enable encryption and then copy over data, but today I had copied the data first (thus initializing the drive and creating partitions) and then I was trying toe enable encryption. Obliviously that was a no-go so I had to copy the data out of the drive, uninitialize it, and then turn on BitLocker encryption.
Uninitializing is easy via diskpart
:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
DISKPART> list disk Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 447 GB 1024 KB * Disk 1 Online 931 GB 1024 KB * <--- this is my SED Disk 2 Online 119 GB 0 B Disk 3 Online 931 GB 0 B * Disk 4 Online 465 GB 1024 KB DISKPART> select disk 1 Disk 1 is now the selected disk. DISKPART> list partition Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Reserved 128 MB 17 KB Partition 2 Primary 400 GB 129 MB Partition 3 Primary 531 GB 400 GB DISKPART> clean DiskPart succeeded in cleaning the disk. DISKPART> list partition There are no partitions on this disk to show. DISKPART> exit Leaving DiskPart... |
Now Disk Management will show the disk as uninitialized.
Create partitions as usual but before writing any data to the disk turn on BitLocker encryption. This time it will be a one-second operation and you won’t get a prompt like above.
To confirm that the drive is hardware encrypted (in case you wonder whether BitLocker didn’t just zip through coz the drive had no data on it) use the manage-bde
command:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
C:\>manage-bde -status BitLocker Drive Encryption: Configuration Tool version 6.3.9600 Copyright (C) 2013 Microsoft Corporation. All rights reserved. Disk volumes that can be protected with BitLocker Drive Encryption: Volume D: [DATA] [Data Volume] Size: 450.00 GB BitLocker Version: 2.0 Conversion Status: Fully Encrypted Percentage Encrypted: 100.0% Encryption Method: Hardware Encryption - 2.16.840.1.101.3.4.1.42 Protection Status: Protection On Lock Status: Unlocked Identification Field: Unknown Automatic Unlock: Enabled Key Protectors: Password Numerical Password External Key (Required for automatic unlock) |
As you can see the drive is hardware encrypted.