12-30-2018 10:19 PM - edited 12-31-2018 02:49 AM
Solved! Go to Solution.
12-31-2018 09:35 PM
You must setup your BIOS/UEFI settings first before you install Windows. Changing these settings after Windows is installed will keep it from booting. Before installing Windows, you should run "diskpart clean" on the SSD. You can do this from the Windows installer by opening a Command Prompt by pressing Shift+F10. If you have more than one drive installed, make sure you use the "clean" command on the correct drive or you will lose your data. After doing a diskpart clean, continue with the installer. It is best not to create any partitions on your own and just click "Next" after selecting the blank SSD to let Windows create the partitions it needs.
After Windows is installed, then Bitlocker hardware encryption may be enabled automatically, but if not, then search "manage bitlocker" and enable Bitlocker from the Settings panel. It should just take a few seconds to enable if it is enabling hardware encryption. To verify if hardware encryption is enabled, run "manage-bde -status" from the Command Prompt. If it doesn't specifically mention "hardware encryption", then software encryption is being used.
If you still have issues, please describe your setup and the steps used.
01-01-2019 12:22 AM - edited 01-01-2019 12:24 AM
Thanks! I got frustruated and decided to do a fresh install of Windows 10.
Did not need to do a diskpart clean (although I completely deleted all partions and left all of the free space Unassigned).
This fixed the problem. Output of manage-bde -status:
[OS Volume] Size: 464.37 GB BitLocker Version: 2.0 Conversion Status: Fully Encrypted Percentage Encrypted: 100.0% Encryption Method: Hardware Encryption - 184.108.40.206.16220.127.116.11 Protection Status: Protection On Lock Status: Unlocked Identification Field: Unknown Key Protectors: TPM Numerical Password
01-01-2019 10:42 AM
All of the instructions I've seen online regarding using Bitlocker for hardware encryption describe enabling it on a clean install. I believe it is possible to enable hardware encryption with a third party solution on an existing installation, but I'm not certain as I've never done it. It would involve entering an extra password on boot to unlock the drive though since it doesn't use the system's TPM to unlock the SSD.