2

I'm about to setup a Samsung 840 EVO SSD as the system drive with Windows 8.1 Pro, attached to an Asus P8Z68-V Pro mobo (which doesn't have a TPM). I'll also attach a Western Digital Black HDD for extra storage (no hardware encryption). I know I can enable Bitlocker without the TPM by editting group policy settings.

1st question: Without the TPM, will it still enable Samsung's hardware encryption, or will it be software encryption only? And is the answer conditional upon using Samsung Magician?

2nd question: Assuming I can enable the hardware encryption on the SSD via Bitlocker, will it then use software encryption when writing to the HDD? Is Bitlocker smart enough for that? :p

BellyItcher
  • 21
  • 1
  • 2
  • Just to let you know: If you're using bitlocker as an alternative to truecrypt, you might as well not use anything. Bitlocker is known to be backdoored. – Jon May 31 '14 at 22:12
  • 1
    Why don't you just bitlocker both of the drives? Without a TPM you'll have to use a USB startup key and tweak the gp (as you've said). BitLocker does a great job but you only get read/write in Vista onwards. Not very compatible but does a good job. Using other encryption may have similar OS compatibility limitations. Does the Samsung encryption work on other platforms? If not then why bother? – Kinnectus May 31 '14 at 22:17
  • 7
    @Chipperyman "Bitlocker is known to be backdoored." Citation? (One that is based on actual fact, not merely speculation.) – user May 31 '14 at 22:24
  • For OP's second question, I would expect Bitlocker to be smart enough to know to treat two separate storage devices as separate unless specifically told otherwise. But I'm not familiar enough with it to assert that as fact, hence not an answer. – user May 31 '14 at 22:31
  • I think, if your hard disks are staying in the machine (and won't be used in other machines regularly), then just Bitlocker them both. Boot using the USB (no TPM) and you can have your slave disk automatically unlock as it's plugged into your "trusted" computer... – Kinnectus May 31 '14 at 22:31
  • I think bitlocker only uses the tpm when encrypting the boot hard disk. USB disks, through reasonable logic, it doesn't because of the nature of a removable disk... now, with Windows 8 and the introduction of storage spaces spanning multiple disks, I don't know how this would work... What about Windows' version of RAID? – Kinnectus May 31 '14 at 22:37
  • @BigChris Where are you getting this idea that the HDD will be hooked up over USB? I've looked over the question a couple of times and just don't see anything to that effect. – user May 31 '14 at 22:39
  • I haven't got the idea. What I'm saying is that the TPM (through reasonable logic) will only be used to encrypt the boot hard disk. All other disks will use a pin or password. – Kinnectus May 31 '14 at 22:42
  • @ChipperymanNo RAID. – BellyItcher Jun 01 '14 at 02:44
  • @Chipperyman (Disregard the last comment) Truecrypt doesnt support Win8.1, plus it doesn't support anything at all starting May this year. Notice how truecrypt.org doesnt exist anymore? – BellyItcher Jun 01 '14 at 02:52
  • @BigChris No RAID. Not using redundancy between those two drives. Plus neither will be removed. Not regularly anyway. Both will just sit there on my SATA3 ports. – BellyItcher Jun 01 '14 at 02:53
  • I was really just looking for insights into whether Bitlocker WILL use the hardware encryption on the SSD (encrypt using the firmware on the 840EVO), or if it will fall back to software encryption at the OS level, when there is no TPM in the mobo. You can ignore the second question if it's too distracting :p – BellyItcher Jun 01 '14 at 02:57

1 Answers1

0

Q1: To encrypt your Samsung 840 Evo through built-in hardware encryption you need motherboard which has support for Self Encrypting Drives (SED) and enabled HDD password in BIOS (Admin password for BIOS should be set earlier). There is no need for TPM as HDD password is stored on drive. After procedure you can check Samsung Magician if encryption is enabled.
You can also check this thread for some additional information.

Q2: BitLocker has no relation with hardware encryption so far. It can use TPM to store encryption keys, which are automatically loaded on machine boot, so in that case remember to set power-on password or Windows password.

Community
  • 1
Jarek
  • 123
  • 1
  • 2
  • 6