Last Updated on August 29, 2019
Updated June 2022: Stop getting error messages and slow down your system with our optimization tool. Get it now at this link
- Download and install the repair tool here.
- Let it scan your computer.
- The tool will then repair your computer.
In response to a recently discovered vulnerability in hardware-based encryption in solid-state drives, Microsoft recommends that when you use BitLocker to protect a solid-state drive, you switch from hardware encryption to software encryption.
Hardware encryption features are often highly acclaimed selling points for Solid State Drives (SSDs), which are marketed to enterprise users and increasingly to average consumers as concerns about privacy and identity theft increase. These self-encrypting drives (SEDs) contain a dedicated AES coprocessor that is used exclusively for drive encryption. This has the dual purpose of isolating encryption tasks from other drive operations to increase security, and eliminating overhead from either the main drive controller or the system CPU since neither the data is to be encrypted nor decrypted as needed – making encryption a resource neutral operation.
Microsoft’s BitLocker feature encrypts all data on a drive. When you run BitLocker on a Win10 system with a solid-state drive with built-in hardware encryption, BitLocker relies on the capabilities of the self-encrypting drive. If the drive does not have hardware self-encryption (or you are using Win7 or 8.1), BitLocker implements software encryption that is less efficient but still enforces password protection.
The hardware-based error of self-encryption appears to be present on most, if not all, self-encrypting drives.
Microsoft’s solution is to decrypt any SSD that implements self-encryption and then re-encrypt it with software-based encryption. Performance is compromised, but data is protected by software, not hardware.
Many SSDs do not implement encryption properly.
Even if you enable BitLocker encryption on a system, Windows 10 may not really encrypt your data. Instead, Windows 10 may rely on your SSD, and the encryption of your SSD can easily be interrupted.
That’s the conclusion of a new article by researchers at Radbound University. They’ve rebuilt the firmware of many solid-state drives and found a variety of “hardware encryption” issues with many SSDs.
The researchers tested Crucial and Samsung drives, but we wouldn’t be surprised if other manufacturers had major problems. Even if you don’t have any of these specific drives, you should be worried.
In other words, the SSD hardware encryption is not secure. In addition, BitLocker users are exposed to this problem because BitLocker uses the hardware encryption scheme of the SSD by default.
The researchers tested and confirmed that the following SSDs were affected:
- Crucial (Micron) MX100, MX200, MX300 internal hard disks
- Samsung T3 and T5 portable (external) disks
- Samsung 840 EVO and 850 EVO internal hard disks (when ATA security in High mode is used)
To switch to BitLocker software encryption
Administrators can switch the encryption method to software when BitLocker uses the hardware encryption capabilities of a drive on a Windows computer.
BitLocker cannot automatically switch to software encryption when a drive uses hardware encryption. The required process includes enabling software encryption by default, decrypting the drive, and encrypting with BitLocker.
Microsoft points out that when you change the encryption method, it is not necessary to format the drive or reinstall software.
The first thing to do is to enforce the use of software encryption using Group Policy.
- Open the Start menu.
- Enter gpedit.msc.
- Go to Computer Configuration > Administrative Templates > Windows Components > Bitlocker Drive Encryption.
- For the system drive, open Operating system drives and double-click Configure use of hardware-based encryption for operating system drives.
- For fixed date drives, open Fixed Data Drives and double-click Configure use of hardware-based encryption for Fixed Data Drives.
- For Removable Disks, open the Removable Disks option and double-click Configure use of hardware-based encryption for removable disks,
- Set the required policies to Disabled. A value of disabled forces BitLocker to use software encryption for all drives, including those that support hardware encryption.
This setting applies to new drives that you connect to your computer. BitLocker does not apply the new encryption method to drives that are already encrypted.
Expert Tip: This repair tool scans the repositories and replaces corrupt or missing files if none of these methods have worked. It works well in most cases where the problem is due to system corruption. This tool will also optimize your system to maximize performance. It can be downloaded by Clicking Here
CCNA, Web Developer, PC Troubleshooter
I am a computer enthusiast and a practicing IT Professional. I have years of experience behind me in computer programming, hardware troubleshooting and repair. I specialise in Web Development and Database Design. I also have a CCNA certification for Network Design and Troubleshooting.