Bitlocker hardware encryption without complete data destruction

Oct 17, 2018
3
0
10
Hi guys. I thought about encryption, and here's a little difficulty.

Here is what I have:
1. ssd samsung 970 pro, installed as a system disk.
2. ssd samsung 960 evo, as an additional (for files, etc.).

System: windows 10 pro (TPM module is available).
Task: enable hardware (non-software) encryption for both drives.

I would not mind using truecrypt or veracrypt, but it is the hardware that only supports bitlocker, as I understand it.
I found several manuals, and it is said everywhere that in order to enable hardware encryption it is necessary that the disk be previously completely erased.
For example, here http://www.ckode.dk/desktop-machines/how-to-enable-windows-edrive-encryption-for-ssds/

From here two questions:

1. Is it possible to do without completely erasing to enable hardware encryption for a non-system disk?

2. Is it possible to enable hardware encryption for the system disk without reinstalling Windows?
If not, how can you reinstall and not lose the licensed Windows?
Is it possible to enable encryption without losing installed programs, etc.?

Just as I understood, without reinstalling clean Windows, the hardware for the system disk will not turn on, and in this case, I will simply install the software encryption and not be bothered with the reinstallation and configuration.
Although of course the performance will decrease slightly.

Thanks for any help!
 

QwerkyPengwen

Splendid
Ambassador
You can run bitlocker without wiping the drive before hand. But to be safe, backup the entire drive if you can, otherwise, backup important data and files before doing the encryption. Once the encryption starts, don't mess with it. Don't stop it, and if possible, just don't use the PC at all. If you are going to stop the encryption part way through, be sure to use the pause button and only the pause button in the program.
 
Oct 17, 2018
3
0
10
Many sources say that if you do not do wipe, then encryption will be software, and I only need hardware bitlocker encryption.

Here's another link where it says https://www.itsupportguides.com/knowledge-base/tech-tips-tricks/how-to-enable-disk-encryption-on-samsung-evo-ssd-hard-drive/
 

QwerkyPengwen

Splendid
Ambassador
using bitlocker software to encrypt isn't really software only. It creates a special little thing on the drive so that you need the key file in order to gain access to anything within the partition that was encrypted.

So if somebody stole your hard drive, they wouldn't be able to get the data off it, and the only way to use the drive as their own drive would be to wipe it completely.

In regards to somebody stealing your PC, as long as you have your OS password protected you'll be fine there as well.

And if you wanted eve further protection, you can set a system password in the BIOS so that the moment the PC boots up, you need a password before it'll even load the BIOS and let you into the BIOS/get past the BIOS to Windows loading.

Granted, this can easily be bypassed by doing a CMOS reset.

And as for people on the internet trying to get data off your system from hacking, as long as the bitlocker encryption is working, any data they get off your system will be encrypted.
And if they manage to hack past the encryption to get the data (which would be extremely difficult and pain staking) then at that point I think they ended up earning it.

As for why you desire hardware level encryption I am curious to know why.

But in short, for hardware encryption, yes. the drive needs to be clean since encryption happens from the moment files are written to the drive and hardware level encryption won't encrypt anything that's already there.

But the so-called software encryption that is bitlocker, doesn't quite work the way I'm thinking you think it does.
Since like I said, it creates a special little place on the drive itself and it will encrypt everything on a particular partition. This is a good idea in the off chance you happen to want to create multiple partitions and do something like dual booting operating systems. This way, for example, bitlocker encrypts everything in the partition for Windows, but leaves the partition with Linux on it alone.
 
Oct 17, 2018
3
0
10
Thanks for the answer. In general, as I understand it, there is no way to enable hardware encryption without reinstalling windows.
Togshda tell me how to do so in order not to lose the license. And how to transfer all the programs.