2

I use Windows 10 Pro/Education on a self encrypting Samsung SSD Drive (Evo 850) and configured/installed it by following this guide [1]. I configured bitlocker to ask for a PIN before booting Windows and the lock symbol in the explorer as well as manage-bde -status command showed that bitlocker successfully encrypted system drive C: and really used hardware encryption of the Samsung drive.

Everything seemed to work fine, but after I updated most of the drivers for my Dell Inspron 15 7559 to the newest version [2] bitlocker first asked to enter the recovey key because configuration has changed and then the bitlocker symbol in Windows explorer was gone. After the boot Windows told me that the drive is not encrypted, if I tried to encrypt the drive only software encryption was offered.

However Windows stills aks me for the pin at bootup and the drive is not accessible through a live system, so it seems that the drive is still fully encrypted. If I start a command line before boot up (recovery options) manage-bde -status command still shows that the partition is hardware encrypted and managed by bitlocker. But after booting Windows fails to recognize the encryption, so I can't access the configuration for this encrypted drive for example to change the password or disable bitlocker.

Has anyone an idea how to make Windows recognize the encryption after bootup again?

Output of manage-bde -status C: after start-up in Windows installation:

Volume C: [Windows] [OS Volume]

Size:                 209.04 GB
BitLocker Version:    None
Conversion Status:    Fully Decrypted
Percentage Encrypted: 0.0%
Encryption Method:    None
Protection Status:    Protection Off
Lock Status:          Unlocked
Identification Field: None
Key Protectors:       None Found

Output of manage-bde -status C: before start-up using bitlocker recovery mode command line*:

Volume "C:" [volume is unknown]
[Data Volume] 
    Size:                 Unkwon GB
    BitLocker Version:    2.0
    Conversion Status:    Unkown
    Percentage Encrypted: Unkown %
    Encryption Method:    Hardware Encryption - 1.3.111.2.1619.0.1.2
    Protection Status:    Unkown
    Lock Status:          Locked
    Identification Field: Unkown
    Automatic Unlock:     Disabled
    Key Protectors:       
        Numerical Password
        TPM and PIN

*Note: Obviously I couldn't copy&paste the second output, I also had to translate it from German, so there might be some minor inaccuracies.

[1] https://helgeklein.com/blog/2015/01/how-to-enable-bitlocker-hardware-encryption-with-ssd/

[2] http://www.dell.com/support/home/us/en/19/product-support/product/inspiron-15-7559-laptop/drivers

Improve this question
4
  • 1
    This is very hard to read. Better formatting is suggested.
    – Xavierjazz
    Commented May 6, 2016 at 15:51
  • Which drivers did you update specifically?
    – Ramhound
    Commented May 6, 2016 at 15:52
  • @Xavierjazz I tried to, I hope it's better now, do you have any suggestions to improve formatting?
    – b0nzo
    Commented May 6, 2016 at 16:38
  • @Ramhound All drivers that had a release date after the date I bought the notebook. Starting from the first to the last category. I can't tell which driver broke bitlocker, but I assume the chipset drivers could have caused the problem. I knwo about the IRST issue, so I installed the newest version of the IRST driver.
    – b0nzo
    Commented May 6, 2016 at 16:41

3 Answers 3

Reset to default
1

The solution I found for this problem was to remove the Intel Rapid Storage technology software from your Dell computer.

Reboot, and all will be well.

You might need to reboot twice before the correct Bitlocker settings will appear in Windows 10.

Improve this answer
0

Work-around

Try removing the encryption with the command-line before start-up and start over.

After trying everything within your current Windows (and Bios) and having the recovery key stand-by, I would try to access the drive as a secondary drive in another computer/laptop with Windows to check if the problem is the laptop or the drive itself. Hopefully you are able to sort some stuff out when you can access the drive in that system and maybe even disable the encryption and start-over.

As I understood from Samsung's Hardware Encryption; the drive is always encrypted, but normally the key is available on the drive or in the controller (location not important for my point), so turning on Bitlocker simply encrypts that key. That is why encrypting such is drive is much faster than with a drive that uses software encryption.

So hopefully you are able to quickly remove the encryption with manage-bde before boot or in a second system.

Improve this answer
4
  • Thanks for your answer! I can access the drive without any problem if I enter the correct PIN or recovery key at start-up. But after the boot bitlocker treats the partition as if there never has been an encryption, but I expect it to show the ecnryption in windows (and offer to configure it). Instead of this it offers me to software encrypt the drive.
    – b0nzo
    Commented May 6, 2016 at 19:40
  • It should also be possible to remove the encryption entirely with command line before start-up. But after that it will never be possible again to activate hardware encryption on that drive because it requires a secure erease which can't be done after bitlocker was activated once.
    – b0nzo
    Commented May 6, 2016 at 19:44
  • @b0nzo very interesting case. I did not take into account that it required the secure erase. That means the solution space is limited within the Windows installation. - Not knowing the solution is getting a little frustrating ;) - Could you past/type the output of (both) manage-bde -status C: of the drive in your main question above above. So people can quickly see the difference.
    – A71
    Commented May 6, 2016 at 20:23
  • Thank you for your answer! It is! Somehow the Windows installation seems to have lost the connection to the bitlocker boot sector/encryption after updating the drivers. I added the requested outputs and as you can see Windows seems to handle Volume C as if never encrypted. Befor boot most of the volume is unkwon but it seems to be hardware encrypted.
    – b0nzo
    Commented May 7, 2016 at 12:29
0

You can solve the problem with samsung's psid they don't make it available to the general public but you can still get it.

The PSID has been leaked and is available to download on the anandtech forum the link below is to the discussion you need. There is a download link from a dropbox account within the discussion just scroll down until you find it.

http://forums.anandtech.com/showthread.php?t=2366848

I have owned 7 samsung ssd's and have used this programme on the 840 evo and 850 evo and confirm it works on both. You are supposed to plug the drive into another system running windows run the psid within windows and follow the instructions this will solve your problems however this will wipe all the data on the drive and return it to a raw state with no partition and all your data will be lost so make a back up before you do this. I have also run the PSID on a drive I wanted to revert while it was the c drive running windows just to see what would happen. This also worked and it did not wipe any data I'm assuming because the drive was unlocked when I ran the psid.

Please be aware that either option will then only allow you to re encrypt the drive using bitlocker software encryption. If you want to use hardware encryption again you need to do the following.

1) enable hardware encryption on the drive with samsung magician software 2) create a secure erase disc or usb key from the magician software and run secure erase on the SSD. 3) re-install windows this has to be a clean install in UEFI mode not legacy also you cannot use a back-up image it has to be a clean install of windows 8, 8.1 or 10 pro.

Hope this helps

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .