2

I'm about to setup a Samsung 840 EVO SSD as the system drive with Windows 8.1 Pro, attached to an Asus P8Z68-V Pro mobo (which doesn't have a TPM). I'll also attach a Western Digital Black HDD for extra storage (no hardware encryption). I know I can enable Bitlocker without the TPM by editting group policy settings.

1st question: Without the TPM, will it still enable Samsung's hardware encryption, or will it be software encryption only? And is the answer conditional upon using Samsung Magician?

2nd question: Assuming I can enable the hardware encryption on the SSD via Bitlocker, will it then use software encryption when writing to the HDD? Is Bitlocker smart enough for that? :p

Improve this question
12
  • Just to let you know: If you're using bitlocker as an alternative to truecrypt, you might as well not use anything. Bitlocker is known to be backdoored.
    – Jon
    Commented May 31, 2014 at 22:12
  • 1
    Why don't you just bitlocker both of the drives? Without a TPM you'll have to use a USB startup key and tweak the gp (as you've said). BitLocker does a great job but you only get read/write in Vista onwards. Not very compatible but does a good job. Using other encryption may have similar OS compatibility limitations. Does the Samsung encryption work on other platforms? If not then why bother?
    – Kinnectus
    Commented May 31, 2014 at 22:17
  • 7
    @Chipperyman "Bitlocker is known to be backdoored." Citation? (One that is based on actual fact, not merely speculation.)
    – user
    Commented May 31, 2014 at 22:24
  • For OP's second question, I would expect Bitlocker to be smart enough to know to treat two separate storage devices as separate unless specifically told otherwise. But I'm not familiar enough with it to assert that as fact, hence not an answer.
    – user
    Commented May 31, 2014 at 22:31
  • I think, if your hard disks are staying in the machine (and won't be used in other machines regularly), then just Bitlocker them both. Boot using the USB (no TPM) and you can have your slave disk automatically unlock as it's plugged into your "trusted" computer...
    – Kinnectus
    Commented May 31, 2014 at 22:31

1 Answer 1

Reset to default
0

Q1: To encrypt your Samsung 840 Evo through built-in hardware encryption you need motherboard which has support for Self Encrypting Drives (SED) and enabled HDD password in BIOS (Admin password for BIOS should be set earlier). There is no need for TPM as HDD password is stored on drive. After procedure you can check Samsung Magician if encryption is enabled.
You can also check this thread for some additional information.

Q2: BitLocker has no relation with hardware encryption so far. It can use TPM to store encryption keys, which are automatically loaded on machine boot, so in that case remember to set power-on password or Windows password.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .