Help enabling Hardware Encryption on Crucial MX500 SSD

SOLVED
Bit Baby

Help enabling Hardware Encryption on Crucial MX500 SSD

I recently purchased the MX500 SSD and I'm attempting to enable hardware encryption by following the instructions at:
https://forums.crucial.com/t5/Crucial-SSDs/Setup-of-Hardware-Encryption-on-Crucial-SEDs-via-Bitlocke...
https://www.youtube.com/watch?v=4GolhExiZ20

So far it isn't going well. I have an ASUS / Infineon TPM, and ASUS Maximus VI Hero motherboard.
Secure Boot is already enabled but as soon as I Disable CSM, I get an error during boot.

Am I missing something?
3 Replies
JEDEC Jedi

Re: Help enabling Hardware Encryption on Crucial MX500 SSD

You must setup your BIOS/UEFI settings first before you install Windows.  Changing these settings after Windows is installed will keep it from booting.   Before installing Windows, you should run "diskpart clean" on the SSD.  You can do this from the Windows installer by opening a Command Prompt by pressing Shift+F10.  If you have more than one drive installed, make sure you use the "clean" command on the correct drive or you will lose your data.   After doing a diskpart clean, continue with the installer.  It is best not to create any partitions on your own and just click "Next" after selecting the blank SSD to let Windows create the partitions it needs. 

 

After Windows is installed, then Bitlocker hardware encryption may be enabled automatically, but if not, then search "manage bitlocker" and enable Bitlocker from the Settings panel.  It should just take a few seconds to enable if it is enabling hardware encryption.   To verify if hardware encryption is enabled, run "manage-bde   -status" from the Command Prompt.   If it doesn't specifically mention "hardware encryption", then software encryption is being used.

 

If you still have issues, please describe your setup and the steps used.

Bit Baby

Re: Help enabling Hardware Encryption on Crucial MX500 SSD

Thanks! I got frustruated and decided to do a fresh install of Windows 10.

Did not need to do a diskpart clean (although I completely deleted all partions and left all of the free space Unassigned).

This fixed the problem. Output of manage-bde -status:

 

[OS Volume]

    Size:                 464.37 GB
    BitLocker Version:    2.0
    Conversion Status:    Fully Encrypted
    Percentage Encrypted: 100.0%
    Encryption Method:    Hardware Encryption - 1.3.111.2.1619.0.1.2
    Protection Status:    Protection On
    Lock Status:          Unlocked
    Identification Field: Unknown
    Key Protectors:
        TPM
        Numerical Password

 

Highlighted
JEDEC Jedi

Re: Help enabling Hardware Encryption on Crucial MX500 SSD

All of the instructions I've seen online regarding using Bitlocker for hardware encryption describe enabling it on a clean install.  I believe it is possible to enable hardware encryption with a third party solution on an existing installation, but I'm not certain as I've never done it.  It would involve entering an extra password on boot to unlock the drive though since it doesn't use the system's TPM to unlock the SSD.