Windows 8.1 and 10 Professional/Enterprise versions all automatically support encryption key management of SEDs through Windows encryption called BitLocker. Before enabling Bitlocker hardware encryption, the below requirements must first be met (encryption software other than BitLocker may have further or modified requirements):
Configuring the Host System
It is recommended that the host system UEFI be configured to properly accept the SED before physically installing it, as outlined in the example below. Details of the system setup will vary from system to system, as will the names of various functions. However, they are similar enough that a single example should be sufficient. For details on specific UEFI setups, contact your computer's manufacturer.
Enabling Secure Boot
Microsoft Secure Boot is a requirement to run any Windows 8.1 or 10 system. Any computer that has been configured from the factory for Windows 8.1/10 (as shown by a Windows 8/10 sticker) will already have Secure Boot enabled. If the host system was originally configured for Windows 7 or a previous operating system, check to ensure that Secure Boot is enabled, as shown below.
UEFI Boot Mode/CSM Support
The host computer system must be in UEFI-only mode, as shown below. Typically, the CSM will be automatically disabled in UEFI-only mode; however, this should be verified and the CSM should be disabled if necessary.
Installing Windows 8.1/10
The most straightforward method of implementing hardware encryption is to perform a clean, new installation of the operating system. BitLocker versions in the Windows 8.x and 10 Enterprise and Professional editions support hardware encryption on SEDs. No special steps are needed for this function; simply follow the normal OS installation process described by Microsoft. After the OS is installed, proceed to the Enable BitLocker section.
In the BIOS boot priority settings, the system must be set to boot to your SSD first, you cannot have USB or CD options before it.
Because Crucial SEDs support eDrive, activating BitLocker creates special partitions, which are required to put the eDrive features in effect. When an eDrive-activated SSD is cloned, these special partitions may not be properly copied to the target drive. The target drive may function, but this is not considered a valid process and it may cause latent performance problems. If the source disk has been encrypted using software encryption in Bitlocker, first ensure that BitLocker is turned off before initiating the image clone to a Crucial SED. If using BitLocker in software encryption mode on the source system, a decryption process will be required to turn off BitLocker. This can take several hours, depending on the amount of user and OS data on the drive.
Follow the steps below to enable BitLocker.
The video below illustrates the process in full.