MANAGE-BDE -STATUS resulting in "Encryption Method: Hardware Encryption" then a bunch of numbers means BitLocker is using the drive's hardware encryption. Otherwise it would say "AES 128" or something similar. Whether using software or hardware encryption, you should always set a password/PIN even if you've got a TPM, since using a TPM by itself just binds the SSD to the specific computer. If you pinch the drive and put it in another computer, you get blocked;, but if you take the whole computer with the SSD in it then you can boot it to the operating system login prompt, at which point the SSD is being transparently decrypted and all sorts of attacks open up. A paper has just been published about attacks on design flaws in hardware encrypted SSDs including some older Crucial MX models (they didn't test the MX500), so I can see an argument for sticking with software encryption, but the attack vectors for Opal / eDrive involved modified firmware so I still trust hardware encryption to keep my data safe from opportunistic thieves which is all I'm really after. It's quite hard (as someone else pointed out earlier) to stop a clean Windows install from enabling eDrive. The only way I know with the MX500 is to ensure there's a partition on it already before you run Windows setup, but I don't know at what point eDrive is enabled, so it's possible if you delete that partition and repartition during setup you'd still get eDrive turned on later in the process. As well as MANAGE-BDE -STATUS, you'd know if you were using software encryption as it would take a while to encrypt, rather than being instantaneous to switch on/off. If your drive is now using software encryption, and you're happy with that, then stick with it and don't reinstall Windows.
... View more