SSD hardware encryption, but no UEFI, TPM or HDD password?

plainfaceboy

New Member
Messages
10
Hi - I've just got a Samsung 850 Pro and will be installing Win 8.1 Pro on it.

I'd like to use the hardware encryption on the SSD drive but now I've looked into it I'm not sure if/how I can.
Motherboard is a few years old now (ASUS M4A785TD-V EVO), and I can't see a HDD in BIOS (just supervisor and user), and don't think it is UEFI compatible either, or TPM compatible!
Samsung suggested bitlocker but I assume the lack of UEFI means bitlocker is no good for me - or would it mean the encryption would be software (which I'm not keen on as it will affect performance)?
Basically, is there anyway I could get hardware encryption working with a fresh install of Win 8.1
Thanks.
 

My Computer

System One

  • OS
    XP
    Computer type
    PC/Desktop
    CPU
    AMD Phenom II X4 945
    Motherboard
    Asus M4A785TD-V EVO
    Memory
    4GB
    Graphics Card(s)
    ASUS EAH6670
    Sound Card
    EMU 0404 PCI
    Screen Resolution
    1280x1024
    Hard Drives
    Seagate 160GB ATA
    Seagate 500GB ATA
    2 x WD15EADS Green 1.5TB SATA
    Browser
    Firefox
    Antivirus
    Avast
you can protect the SSD by setting a password in bios.. What a PITA to use, Bitlocker is software driven in Pro editions.. Another PITA..
 

My Computer

System One

  • OS
    Windows 3.1 > Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Dell XPS 8700
    CPU
    I7
    Memory
    24 GB
Hi - I've just got a Samsung 850 Pro and will be installing Win 8.1 Pro on it.

I'd like to use the hardware encryption on the SSD drive but now I've looked into it I'm not sure if/how I can.
Motherboard is a few years old now (ASUS M4A785TD-V EVO), and I can't see a HDD in BIOS (just supervisor and user), and don't think it is UEFI compatible either, or TPM compatible!
Samsung suggested bitlocker but I assume the lack of UEFI means bitlocker is no good for me - or would it mean the encryption would be software (which I'm not keen on as it will affect performance)?
Basically, is there anyway I could get hardware encryption working with a fresh install of Win 8.1
Thanks.

BitLocker works fine without TPM and UEFI; see this message where I compared it to TrueCrypt and the one just above it for imaging considerations in that scenario:

TeraByte Unlimited

I've never found the performance impact of software encryption on disk I/O to be particularly noticeable in real world use, and multiple CPU cores help keep the system from bogging down during lengthy transfers. If your CPU supports AES acceleration (AES-NI), there's basically no CPU usage penalty.

Now, to take advantage of the SSD's hardware encryption with BitLocker, you will need UEFI.
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
Bitlocker is software driven in Pro editions.. Another PITA..

How exactly is that a "PITA"? You do pre-boot authentication by entering password or using USB key. From then on, as long as you've turned on auto-unlock on secondary drives, it's all seamless.
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
Bitlocker is software driven in Pro editions.. Another PITA..

How exactly is that a "PITA"? You do pre-boot authentication by entering password or using USB key. From then on, as long as you've turned on auto-unlock on secondary drives, it's all seamless.

Thanks - so, it seems defintite that hardware encryption isn't an option (unless I get a new motherboard).

Bitlocker is probably as good as any software encryption - so I've just got to decide if I want to take the performance hit - which may or may not be practically noticeable. I've also not found anything on whether s/w encryption affects drive lifespan.
As drive will be in desktop and not going anywhere, I'm currently in two minds.....
You say I could use bitlocker with a preboot password or USB key - is that the usual BIOS (supervisor?) password, or another one? That doesn't sound too painful.
Are there any practical pros/cons betwen the two that aren't obvious?
"auto-unlock on secondary drives" - is that part of bitlocker set up etc??
 

My Computer

System One

  • OS
    XP
    Computer type
    PC/Desktop
    CPU
    AMD Phenom II X4 945
    Motherboard
    Asus M4A785TD-V EVO
    Memory
    4GB
    Graphics Card(s)
    ASUS EAH6670
    Sound Card
    EMU 0404 PCI
    Screen Resolution
    1280x1024
    Hard Drives
    Seagate 160GB ATA
    Seagate 500GB ATA
    2 x WD15EADS Green 1.5TB SATA
    Browser
    Firefox
    Antivirus
    Avast
bitlocker uses a 48 digit key - you forget that key - you have a brick of data..
Just like bios password protecting a hard drive - forget the password - and you have a brick of date..
 

My Computer

System One

  • OS
    Windows 3.1 > Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Dell XPS 8700
    CPU
    I7
    Memory
    24 GB
bitlocker uses a 48 digit key - you forget that key - you have a brick of data..
Just like bios password protecting a hard drive - forget the password - and you have a brick of date..
This comment is while not wrong, is rather alarmist.

If you forget your password (which can be as long as you like) and you forget your 48 long bitlocker key and you didn't save it to your MS account or a USB drive or a post-it note then yes, your drive is lost. That is however the point.

Certainly you don't need EUFI - this is irrelevant. I have a BIOS based system. Bitlocker is more convenient with TPM (I do have a TPM chip) but you don't have to use it. See http://www.eightforums.com/tutorials/21271-bitlocker-turn-off-os-drive-windows-8-a.html

According to MS bitlocker encryption adds between 3-5% overhead on disk IO. Can't say I've noticed. I use it in case I lose my laptop.
 

My Computer

System One

  • OS
    Windows 10 Pro Prieview x64
    Computer type
    Laptop
    System Manufacturer/Model
    MacBook Pro Core2Duo
    CPU
    T7600
    Memory
    3
    Graphics Card(s)
    ATI Radeon X1600
    Monitor(s) Displays
    Internal
    Screen Resolution
    1440 x 800
    Hard Drives
    40GB
    Keyboard
    Apple
    Mouse
    Apple
    Internet Speed
    Varies
    Browser
    Various
    Antivirus
    Defender
bitlocker uses a 48 digit key - you forget that key - you have a brick of data..
Just like bios password protecting a hard drive - forget the password - and you have a brick of date..

So if I had a MoBo with a HDD/ATA pasword, that would be the key for hardware encryption.
If I use bitlocker it would be software encryption and either the normal BIOS password ...OR...a USB key on a dongle - is the key to the software encryption?
I'm now wondering whether a better option is not use whole HD encryption, but just encrypt a few folders with my more sensitive data...as long as that isn't a PITA with bitlocker as well!
 

My Computer

System One

  • OS
    XP
    Computer type
    PC/Desktop
    CPU
    AMD Phenom II X4 945
    Motherboard
    Asus M4A785TD-V EVO
    Memory
    4GB
    Graphics Card(s)
    ASUS EAH6670
    Sound Card
    EMU 0404 PCI
    Screen Resolution
    1280x1024
    Hard Drives
    Seagate 160GB ATA
    Seagate 500GB ATA
    2 x WD15EADS Green 1.5TB SATA
    Browser
    Firefox
    Antivirus
    Avast
keep your more sensitive files on a secondary HD and encrypt that drive - or external drive and folders

Since this is a desktop, I believe we are talking about..
 

My Computer

System One

  • OS
    Windows 3.1 > Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Dell XPS 8700
    CPU
    I7
    Memory
    24 GB
keep your more sensitive files on a secondary HD and encrypt that drive - or external drive and folders

Since this is a desktop, I believe we are talking about..
Please explain what you think you are talking about. I'm fascinated. PlainBoyFace asked an interesting question. You didn't read it.
 

My Computer

System One

  • OS
    Windows 10 Pro Prieview x64
    Computer type
    Laptop
    System Manufacturer/Model
    MacBook Pro Core2Duo
    CPU
    T7600
    Memory
    3
    Graphics Card(s)
    ATI Radeon X1600
    Monitor(s) Displays
    Internal
    Screen Resolution
    1440 x 800
    Hard Drives
    40GB
    Keyboard
    Apple
    Mouse
    Apple
    Internet Speed
    Varies
    Browser
    Various
    Antivirus
    Defender
bitlocker uses a 48 digit key - you forget that key - you have a brick of data..

As I explained in a recent thread to you, no.

In Windows 8, you can create a password for the system drive. Windows 7 does not support passwords for system drives, so you will have to use a USB key. In both OSes, you create passwords for secondary drives. The 48-digit thing is the recovery key, sort of a last ditch password in case you lose all the other ways you can unlock a drive.
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
keep your more sensitive files on a secondary HD and encrypt that drive - or external drive and folders

Not using FDE on all drives exposes you to data leakage. If the system drive isn't encrypted, pagefiles and hibernation files contain unencrypted data, perhaps pieces of your encrypted files that you were using. The temp folder is also a risk. In general, when you have a mix of encrypted and unencrypted drives, you have to be very careful where you save and copy things. It's far more secure to go all-in and encrypt all drives.
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
Bitlocker is probably as good as any software encryption - so I've just got to decide if I want to take the performance hit - which may or may not be practically noticeable. I've also not found anything on whether s/w encryption affects drive lifespan.

I can't imagine how encryption could affect lifespan.

As drive will be in desktop and not going anywhere, I'm currently in two minds.....
You say I could use bitlocker with a preboot password or USB key - is that the usual BIOS (supervisor?) password, or another one? That doesn't sound too painful.
Are there any practical pros/cons betwen the two that aren't obvious?
"auto-unlock on secondary drives" - is that part of bitlocker set up etc??

It has nothing to do with the BIOS, and I don't know anything about using the BIOS with disk encryption. If you have specified a BitLocker password for the system drive, and your USB key isn't inserted, Windows 8 puts up a pre-boot password entry screen after the BIOS has finished initializing and launched the OS. You enter your password there, and booting into Windows continues as normal. The screen appears on cold boots and resuming from hibernation, but NOT resuming from sleep. The latter is very convenient for my desktop systems but a security concern when you can't physically secure the computer. You can choose Auto-unlock when you unlock a secondary drive and in the BitLocker control panel applet.
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
As I explained in a recent thread to you, no.
Since this is the only thread - forget the key and your hard drive is a brick...

Please explain what you think you are talking about. I'm fascinated. PlainBoyFace asked an interesting question. You didn't read it.

it's not like he is walking around with a desktop PC..
So what is the purpose of bitlocker (security) Hiding porn from the wife and kids? Are they good hackers that read memory files

Motherboards - M4A785TD-V EVO - ASUS
Basically, is there anyway I could get hardware encryption working with a fresh install of Win 8.1
Thanks

Yes a bios password protected hard drive.. Forget the password and your hard drive is a brick..

I'm out..
Enjoy!!

Bitlocker comes with windows 8 pro
A windows password will protect your file (somewhat) from prying eyes.. Unless the drive is removed..
 

My Computer

System One

  • OS
    Windows 3.1 > Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Dell XPS 8700
    CPU
    I7
    Memory
    24 GB
I started down this route because I thought enabling *hardware* encryption would be dead easy, and therefore a no-brainer......better than nothing.

Agree that as it's a desktop it won't be going anywhere, so I'm not desperate to encrypt. Therefore, overall I'm not keen on s/w encryption or on encrypting 'everything', mainly due to performance issues, especially on HDDs...
I don't have hibernate or sleep enabled, and was planning on keeping all temp/pagefiles/folders etc off the SSD.....so maybe an option is to put all those temp files etc, with personal files etc on a separate HDD and just encrypt that whole drive...
I assume if using bitlocker, I could do that 'later' ie at any stage and it would just add a 2ry drive passwrod etc?
Thanks everyone - very uesful stuff!
 

My Computer

System One

  • OS
    XP
    Computer type
    PC/Desktop
    CPU
    AMD Phenom II X4 945
    Motherboard
    Asus M4A785TD-V EVO
    Memory
    4GB
    Graphics Card(s)
    ASUS EAH6670
    Sound Card
    EMU 0404 PCI
    Screen Resolution
    1280x1024
    Hard Drives
    Seagate 160GB ATA
    Seagate 500GB ATA
    2 x WD15EADS Green 1.5TB SATA
    Browser
    Firefox
    Antivirus
    Avast
As I explained in a recent thread to you, no.

In Windows 8, you can create a password for the system drive. Windows 7 does not support passwords for system drives, so you will have to use a USB key. In both OSes, you create passwords for secondary drives. The 48-digit thing is the recovery key, sort of a last ditch password in case you lose all the other ways you can unlock a drive.
Since this is the only thread - forget the key and your hard drive is a brick...

Sigh. That's twice I've explained it to you, and you still don't seem to get it, nor do you even remember the other thread from a couple days ago:

http://www.eightforums.com/tablet-touch/60592-why-would-asus-encrypt-c-partition-2.html#post470864

As for losing all means (not just the 48-digit recovery key, no matter how many times you repeat it) to unlock a piece of encrypted data turning that data into a brick: That's sort of the whole point of encryption, yet you keep repeating it as if it were some profound observation.

I'm out..

That can only improve the S/N ratio in future threads about BitLocker, so :thumb: for that initiative.
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
Agree that as it's a desktop it won't be going anywhere, so I'm not desperate to encrypt. Therefore, overall I'm not keen on s/w encryption or on encrypting 'everything', mainly due to performance issues, especially on HDDs...

The performance issues are negligible. And you don't know your desktop isn't going anywhere. It could be stolen. Your hard drive could die, and you might not be able to erase it. Knowing that it was encrypted will give you peace of mind before RMAing it. Myself, I like knowing all my drives are encrypted, so I never worry about copying things between drives. I also don't worry about backup drives I store off-site being lost or stolen.

I don't have hibernate or sleep enabled, and was planning on keeping all temp/pagefiles/folders etc off the SSD.....so maybe an option is to put all those temp files etc, with personal files etc on a separate HDD and just encrypt that whole drive...
I assume if using bitlocker, I could do that 'later' ie at any stage and it would just add a 2ry drive passwrod etc?
Thanks everyone - very uesful stuff!

Moving things like pagefile and temp folder off the SSD is very outdated advice. Move folders like Downloads, Music, etc if necessary to save space on a small SSD, but otherwise, use the damn thing! As for not using FDE for all drives, all I can say is read what I wrote about data leakage again.
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
. And you don't know your desktop isn't going anywhere.

True enough, which is why I *am* considering this!

.Moving things like pagefile and temp folder off the SSD is very outdated advice. Move folders like Downloads, Music, etc if necessary to save space on a small SSD, but otherwise, use the damn thing! As for not using FDE for all drives, all I can say is read what I wrote about data leakage again.

I thought I could see some logic in moving pagefile/temp files off the SSD, to minimise writes etc - so if this is outdated, why is that? Are SSDs now so reliable we don't need to worry about it any more?

This is possibly straying into a different question, but if I do encrypt any data disks (ie not system disk), I'm backing that up to a NAS box which I currently also access from a linux box and other laptops. Would they then not be able to read/access any encrypted data?
 

My Computer

System One

  • OS
    XP
    Computer type
    PC/Desktop
    CPU
    AMD Phenom II X4 945
    Motherboard
    Asus M4A785TD-V EVO
    Memory
    4GB
    Graphics Card(s)
    ASUS EAH6670
    Sound Card
    EMU 0404 PCI
    Screen Resolution
    1280x1024
    Hard Drives
    Seagate 160GB ATA
    Seagate 500GB ATA
    2 x WD15EADS Green 1.5TB SATA
    Browser
    Firefox
    Antivirus
    Avast
I thought I could see some logic in moving pagefile/temp files off the SSD, to minimise writes etc - so if this is outdated, why is that? Are SSDs now so reliable we don't need to worry about it any more?

Google /SSD endurance/ and read some articles by people who've been torture testing SSDs to determine how many writes they can really take.

This is possibly straying into a different question, but if I do encrypt any data disks (ie not system disk), I'm backing that up to a NAS box which I currently also access from a linux box and other laptops. Would they then not be able to read/access any encrypted data?

BitLocker is proprietary to Microsoft and not supported by all Windows SKUs. This lack of portability was one of the disadvantages compared to TrueCrypt I listed in the message I linked to in my first post in this thread. If the host computer has unlocked a BitLocker drive, other computers will be able to access it like any other network drive. If you're storing your backups on an unencrypted drive, you'll need to enable encryption in your backup program, and it needs to be as secure as BitLocker, or what's the point? It's much easier if you are able to BitLocker everything, which I also do for my gaming machine/file server, which is the networked backup target for system images I make with Image for Windows. I don't have IFW encrypt, because the target machine will encrypt it.
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
He could,
one could Admin password the bios - to pervert changes to bios setting..
one could user password the bios and lock the HD
one could password windows
one could encrypt the disk.

And if it walks away - the whole thing is a paperweight..

I know what bitlocker is - I removed it.. You can find out more about me by doing a google search, then you can on my PC..
Your whole life is in the cloud, and with a MS account, facebook or any App that tracks you or that you have allowed to run or your PC..
Leaves you more open A** then a stolen PC.. In fact the thief would care less about the info.. They want the cash... And at least you know a few people may have access to your PC, but the way things are with cloud based storage, apps, and whatever else you choose to allow to run on your PC

You have no clue who has what data - you have no clue what it is they have - you have no clue where it is - nor do you know that a billion people are not reading it right now..

Nothing is private or safe anymore.. Welcome to the real would..
 

My Computer

System One

  • OS
    Windows 3.1 > Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Dell XPS 8700
    CPU
    I7
    Memory
    24 GB
Back
Top