Ok, I have a feeling that this is a larger Windows 10 issue, but I am experiencing this with the Surface Pro 4, the ideal test hardware for anything
Here is what we are trying to accomplish:
Encyrypt our Surface Pro 4's (win 10 Pro) using Hardware-Based Encryption
A) Because it is faster for the SSD to perform the encryption rather than the process, since the SSD is already encrypted
Better battery life (because the processor is not encrypting the volume)
C) Performing software encryption on an already encrypted volume defeats many of the internal optimizations that SSDs have built in (leading to
We have taken stock Surface Pro 4s, straight from the box. No applications or updates have been installed, we have not added to a domain. The only
modification we have made is to the Local Group Policy:
Computer Configuration/Administrative Templates/Windows Components/Bitlocker Drive Encryption/Operating System Drives
*Require additional authentication at startup (Enabled, default options)
*Enable use of BitLocker Aauthentication requireing preboot keyboard input on slates (Enabled, default options)
-Configure use of hardware-based encryption for operating system drives (Enabled, default options)
When I go to enable Bitlocker, I am being provided the prompt to encrypt Used Only, or Whole Drive. From all of the literature I have read, this
prompt indicates Software Encryption. When I select Full Drive, it takes a while (over 10 minutes) to encrypt. Again, from my reading, Hardware
Encryption should be immediate (as everything is already encrypted).
What am I missing? Is there an issue with Hardware Encryption that I have not been able to identify on the Surface Pro 4? Is this an OS issue? Are
there any other troubleshooting steps that I can take a look at? Again, these are stock units, fresh out of the box from Microsoft.
Sources (these are just some, all have been verified using additional sources that repeat the information):
Slower Performance- Hardware Accelerated BitLocker Encryption: Microsoft Windows 8 eDrive Investigated with Crucial M500
Steps to enable encryption- How to Enable BitLocker Hardware Encryption with SSDs
Technet on Why to Hardware Encrypt - Encrypted Hard Drive
GP Settings to Enable Hardware Encryption - Enabling Hardware Acceleration of BitLocker
I am going to use Surface Pro 2 with Ubuntu (weird, I know) and I would like to clarify: does Surface Pro 2 support hardware encryption?
I figured it's a cool feature where you set up a password (in BIOS, via 'ATA password' feature) and the computer asks for the password at boot time. If you won't enter the right password, the disk won't be decrypted and booting will be impossible.
Usual laptops with removable hard drives should just support ATA passwords, and the hardware encryption itself is a feature of SSD, but since in Surface Pro everything is so integrated, I'm asking whether the system as a whole supports hardware encryption.