Bitlocker: hardware or software encryption without a TPM?












2















I'm about to setup a Samsung 840 EVO SSD as the system drive with Windows 8.1 Pro, attached to an Asus P8Z68-V Pro mobo (which doesn't have a TPM). I'll also attach a Western Digital Black HDD for extra storage (no hardware encryption). I know I can enable Bitlocker without the TPM by editting group policy settings.



1st question: Without the TPM, will it still enable Samsung's hardware encryption, or will it be software encryption only? And is the answer conditional upon using Samsung Magician?



2nd question: Assuming I can enable the hardware encryption on the SSD via Bitlocker, will it then use software encryption when writing to the HDD? Is Bitlocker smart enough for that? :p






ssd encryption bitlocker tpm







share|improve this question























  • Just to let you know: If you're using bitlocker as an alternative to truecrypt, you might as well not use anything. Bitlocker is known to be backdoored.

    – Jon
    May 31 '14 at 22:12











  • Why don't you just bitlocker both of the drives? Without a TPM you'll have to use a USB startup key and tweak the gp (as you've said). BitLocker does a great job but you only get read/write in Vista onwards. Not very compatible but does a good job. Using other encryption may have similar OS compatibility limitations. Does the Samsung encryption work on other platforms? If not then why bother?

    – Kinnectus
    May 31 '14 at 22:17






  • 6





    @Chipperyman "Bitlocker is known to be backdoored." Citation? (One that is based on actual fact, not merely speculation.)

    – a CVn
    May 31 '14 at 22:24













  • For OP's second question, I would expect Bitlocker to be smart enough to know to treat two separate storage devices as separate unless specifically told otherwise. But I'm not familiar enough with it to assert that as fact, hence not an answer.

    – a CVn
    May 31 '14 at 22:31











  • I think, if your hard disks are staying in the machine (and won't be used in other machines regularly), then just Bitlocker them both. Boot using the USB (no TPM) and you can have your slave disk automatically unlock as it's plugged into your "trusted" computer...

    – Kinnectus
    May 31 '14 at 22:31
















2















I'm about to setup a Samsung 840 EVO SSD as the system drive with Windows 8.1 Pro, attached to an Asus P8Z68-V Pro mobo (which doesn't have a TPM). I'll also attach a Western Digital Black HDD for extra storage (no hardware encryption). I know I can enable Bitlocker without the TPM by editting group policy settings.



1st question: Without the TPM, will it still enable Samsung's hardware encryption, or will it be software encryption only? And is the answer conditional upon using Samsung Magician?



2nd question: Assuming I can enable the hardware encryption on the SSD via Bitlocker, will it then use software encryption when writing to the HDD? Is Bitlocker smart enough for that? :p






ssd encryption bitlocker tpm







share|improve this question























  • Just to let you know: If you're using bitlocker as an alternative to truecrypt, you might as well not use anything. Bitlocker is known to be backdoored.

    – Jon
    May 31 '14 at 22:12











  • Why don't you just bitlocker both of the drives? Without a TPM you'll have to use a USB startup key and tweak the gp (as you've said). BitLocker does a great job but you only get read/write in Vista onwards. Not very compatible but does a good job. Using other encryption may have similar OS compatibility limitations. Does the Samsung encryption work on other platforms? If not then why bother?

    – Kinnectus
    May 31 '14 at 22:17






  • 6





    @Chipperyman "Bitlocker is known to be backdoored." Citation? (One that is based on actual fact, not merely speculation.)

    – a CVn
    May 31 '14 at 22:24













  • For OP's second question, I would expect Bitlocker to be smart enough to know to treat two separate storage devices as separate unless specifically told otherwise. But I'm not familiar enough with it to assert that as fact, hence not an answer.

    – a CVn
    May 31 '14 at 22:31











  • I think, if your hard disks are staying in the machine (and won't be used in other machines regularly), then just Bitlocker them both. Boot using the USB (no TPM) and you can have your slave disk automatically unlock as it's plugged into your "trusted" computer...

    – Kinnectus
    May 31 '14 at 22:31














2












2








2








I'm about to setup a Samsung 840 EVO SSD as the system drive with Windows 8.1 Pro, attached to an Asus P8Z68-V Pro mobo (which doesn't have a TPM). I'll also attach a Western Digital Black HDD for extra storage (no hardware encryption). I know I can enable Bitlocker without the TPM by editting group policy settings.



1st question: Without the TPM, will it still enable Samsung's hardware encryption, or will it be software encryption only? And is the answer conditional upon using Samsung Magician?



2nd question: Assuming I can enable the hardware encryption on the SSD via Bitlocker, will it then use software encryption when writing to the HDD? Is Bitlocker smart enough for that? :p






ssd encryption bitlocker tpm







share|improve this question














I'm about to setup a Samsung 840 EVO SSD as the system drive with Windows 8.1 Pro, attached to an Asus P8Z68-V Pro mobo (which doesn't have a TPM). I'll also attach a Western Digital Black HDD for extra storage (no hardware encryption). I know I can enable Bitlocker without the TPM by editting group policy settings.



1st question: Without the TPM, will it still enable Samsung's hardware encryption, or will it be software encryption only? And is the answer conditional upon using Samsung Magician?



2nd question: Assuming I can enable the hardware encryption on the SSD via Bitlocker, will it then use software encryption when writing to the HDD? Is Bitlocker smart enough for that? :p






ssd encryption bitlocker tpm




ssd encryption bitlocker tpm






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked May 31 '14 at 21:36









BellyItcherBellyItcher

1112




1112













  • Just to let you know: If you're using bitlocker as an alternative to truecrypt, you might as well not use anything. Bitlocker is known to be backdoored.

    – Jon
    May 31 '14 at 22:12











  • Why don't you just bitlocker both of the drives? Without a TPM you'll have to use a USB startup key and tweak the gp (as you've said). BitLocker does a great job but you only get read/write in Vista onwards. Not very compatible but does a good job. Using other encryption may have similar OS compatibility limitations. Does the Samsung encryption work on other platforms? If not then why bother?

    – Kinnectus
    May 31 '14 at 22:17






  • 6





    @Chipperyman "Bitlocker is known to be backdoored." Citation? (One that is based on actual fact, not merely speculation.)

    – a CVn
    May 31 '14 at 22:24













  • For OP's second question, I would expect Bitlocker to be smart enough to know to treat two separate storage devices as separate unless specifically told otherwise. But I'm not familiar enough with it to assert that as fact, hence not an answer.

    – a CVn
    May 31 '14 at 22:31











  • I think, if your hard disks are staying in the machine (and won't be used in other machines regularly), then just Bitlocker them both. Boot using the USB (no TPM) and you can have your slave disk automatically unlock as it's plugged into your "trusted" computer...

    – Kinnectus
    May 31 '14 at 22:31



















  • Just to let you know: If you're using bitlocker as an alternative to truecrypt, you might as well not use anything. Bitlocker is known to be backdoored.

    – Jon
    May 31 '14 at 22:12











  • Why don't you just bitlocker both of the drives? Without a TPM you'll have to use a USB startup key and tweak the gp (as you've said). BitLocker does a great job but you only get read/write in Vista onwards. Not very compatible but does a good job. Using other encryption may have similar OS compatibility limitations. Does the Samsung encryption work on other platforms? If not then why bother?

    – Kinnectus
    May 31 '14 at 22:17






  • 6





    @Chipperyman "Bitlocker is known to be backdoored." Citation? (One that is based on actual fact, not merely speculation.)

    – a CVn
    May 31 '14 at 22:24













  • For OP's second question, I would expect Bitlocker to be smart enough to know to treat two separate storage devices as separate unless specifically told otherwise. But I'm not familiar enough with it to assert that as fact, hence not an answer.

    – a CVn
    May 31 '14 at 22:31











  • I think, if your hard disks are staying in the machine (and won't be used in other machines regularly), then just Bitlocker them both. Boot using the USB (no TPM) and you can have your slave disk automatically unlock as it's plugged into your "trusted" computer...

    – Kinnectus
    May 31 '14 at 22:31

















Just to let you know: If you're using bitlocker as an alternative to truecrypt, you might as well not use anything. Bitlocker is known to be backdoored.

– Jon
May 31 '14 at 22:12





Just to let you know: If you're using bitlocker as an alternative to truecrypt, you might as well not use anything. Bitlocker is known to be backdoored.

– Jon
May 31 '14 at 22:12













Why don't you just bitlocker both of the drives? Without a TPM you'll have to use a USB startup key and tweak the gp (as you've said). BitLocker does a great job but you only get read/write in Vista onwards. Not very compatible but does a good job. Using other encryption may have similar OS compatibility limitations. Does the Samsung encryption work on other platforms? If not then why bother?

– Kinnectus
May 31 '14 at 22:17





Why don't you just bitlocker both of the drives? Without a TPM you'll have to use a USB startup key and tweak the gp (as you've said). BitLocker does a great job but you only get read/write in Vista onwards. Not very compatible but does a good job. Using other encryption may have similar OS compatibility limitations. Does the Samsung encryption work on other platforms? If not then why bother?

– Kinnectus
May 31 '14 at 22:17




6




6





@Chipperyman "Bitlocker is known to be backdoored." Citation? (One that is based on actual fact, not merely speculation.)

– a CVn
May 31 '14 at 22:24







@Chipperyman "Bitlocker is known to be backdoored." Citation? (One that is based on actual fact, not merely speculation.)

– a CVn
May 31 '14 at 22:24















For OP's second question, I would expect Bitlocker to be smart enough to know to treat two separate storage devices as separate unless specifically told otherwise. But I'm not familiar enough with it to assert that as fact, hence not an answer.

– a CVn
May 31 '14 at 22:31





For OP's second question, I would expect Bitlocker to be smart enough to know to treat two separate storage devices as separate unless specifically told otherwise. But I'm not familiar enough with it to assert that as fact, hence not an answer.

– a CVn
May 31 '14 at 22:31













I think, if your hard disks are staying in the machine (and won't be used in other machines regularly), then just Bitlocker them both. Boot using the USB (no TPM) and you can have your slave disk automatically unlock as it's plugged into your "trusted" computer...

– Kinnectus
May 31 '14 at 22:31





I think, if your hard disks are staying in the machine (and won't be used in other machines regularly), then just Bitlocker them both. Boot using the USB (no TPM) and you can have your slave disk automatically unlock as it's plugged into your "trusted" computer...

– Kinnectus
May 31 '14 at 22:31










1 Answer
1






active

oldest

votes


















0














Q1: To encrypt your Samsung 840 Evo through built-in hardware encryption you need motherboard which has support for Self Encrypting Drives (SED) and enabled HDD password in BIOS (Admin password for BIOS should be set earlier). There is no need for TPM as HDD password is stored on drive. After procedure you can check Samsung Magician if encryption is enabled.
You can also check this thread for some additional information.



Q2: BitLocker has no relation with hardware encryption so far. It can use TPM to store encryption keys, which are automatically loaded on machine boot, so in that case remember to set power-on password or Windows password.






share|improve this answer

























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f762137%2fbitlocker-hardware-or-software-encryption-without-a-tpm%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Q1: To encrypt your Samsung 840 Evo through built-in hardware encryption you need motherboard which has support for Self Encrypting Drives (SED) and enabled HDD password in BIOS (Admin password for BIOS should be set earlier). There is no need for TPM as HDD password is stored on drive. After procedure you can check Samsung Magician if encryption is enabled.
    You can also check this thread for some additional information.



    Q2: BitLocker has no relation with hardware encryption so far. It can use TPM to store encryption keys, which are automatically loaded on machine boot, so in that case remember to set power-on password or Windows password.






    share|improve this answer






























      0














      Q1: To encrypt your Samsung 840 Evo through built-in hardware encryption you need motherboard which has support for Self Encrypting Drives (SED) and enabled HDD password in BIOS (Admin password for BIOS should be set earlier). There is no need for TPM as HDD password is stored on drive. After procedure you can check Samsung Magician if encryption is enabled.
      You can also check this thread for some additional information.



      Q2: BitLocker has no relation with hardware encryption so far. It can use TPM to store encryption keys, which are automatically loaded on machine boot, so in that case remember to set power-on password or Windows password.






      share|improve this answer




























        0












        0








        0







        Q1: To encrypt your Samsung 840 Evo through built-in hardware encryption you need motherboard which has support for Self Encrypting Drives (SED) and enabled HDD password in BIOS (Admin password for BIOS should be set earlier). There is no need for TPM as HDD password is stored on drive. After procedure you can check Samsung Magician if encryption is enabled.
        You can also check this thread for some additional information.



        Q2: BitLocker has no relation with hardware encryption so far. It can use TPM to store encryption keys, which are automatically loaded on machine boot, so in that case remember to set power-on password or Windows password.






        share|improve this answer















        Q1: To encrypt your Samsung 840 Evo through built-in hardware encryption you need motherboard which has support for Self Encrypting Drives (SED) and enabled HDD password in BIOS (Admin password for BIOS should be set earlier). There is no need for TPM as HDD password is stored on drive. After procedure you can check Samsung Magician if encryption is enabled.
        You can also check this thread for some additional information.



        Q2: BitLocker has no relation with hardware encryption so far. It can use TPM to store encryption keys, which are automatically loaded on machine boot, so in that case remember to set power-on password or Windows password.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Mar 20 '17 at 10:17









        Community

        1




        1










        answered Jun 2 '14 at 19:23









        JarekJarek

        68126




        68126






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f762137%2fbitlocker-hardware-or-software-encryption-without-a-tpm%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Plaza Victoria

            Image
            Plaza Victoria Plaza Victoria en 2017 Otros nombres Plaza de La Victoria Localización El Almendral, Valparaíso, Chile Vías adyacentes Chacabuco, Molina, Plaza Victoria y Edwards Creación 1841 Metro Bellavista Ubicación 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 Coordenadas: 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 [editar datos en Wikidata] La Plaza Victoria , también llamada Plaza de la Victoria , [ 1 ] ​ es una plaza ubicada en el sector El Almendral del plan de la ciudad de Valparaíso, Chile, de importancia patrimonial, que incluye valiosas estatuas y especies vegetales. [ 2 ] ​ La plaza se creó como tal en la primera mitad del siglo XIX, tomando previamente los nombres de Plaza Nueva y Plaza de Orrego . Si bien desde sus inicios tuvo relevancia histórica, no fue sino a partir de fines de los años 1860 cuando comenzó a cobrar mayor importancia y se convirtió en uno de los principales centros sociales de l...
            Read more

            Brian Clough

            Image
            Brian Clough Datos personales Nombre completo Brian Howard Clough Apodo(s) Old Big 'Ead, Cloughie [ 1 ] ​ Nacimiento Middlesbrough, Inglaterra, Reino Unido 21 de marzo de 1935 Nacionalidad(es) Fallecimiento Derby, Reino Unido 20 de septiembre de 2004 (69 años) Altura 1,78 [ 1 ] ​ metros Carrera Deporte Fútbol Debut deportivo 1955 (Como jugador) 1965 (Como entrenador) (Middlesbrough F. C. (Como jugador) Hartlepool United F. C. (Como entrenador) ) Posición Delantero Goles en clubes 269 [ 2 ] ​ Retirada deportiva 1964 (Como jugador) 1993 (Como entrenador) (Sunderland A. F. C. (Como jugador) Nottingham Forest (Como entrenador) ) Carrera internacional Part. 2 [editar datos en Wikidata] Brian Howard Clough , OBE [ 3 ] ​ (Middlesbrough, Inglaterra, Reino Unido, 21 de marzo de 1935 – Derby, Inglaterra, Reino Unido, 20 de septiembre de 2004) fue un jugador y entrenador británico de fútbol. Es conocido por...
            Read more

            Cáceres

            Image
            Para otros usos de este término, véase Cáceres (desambiguación). Cáceres Municipio y ciudad Bandera Escudo Collage de Cáceres Cáceres Ubicación de Cáceres en España. Cáceres Ubicación de Cáceres en la provincia de Cáceres. País  España • Com. autónoma  Extremadura • Provincia  Cáceres • Partido judicial Cáceres Ubicación 39°28′23″N 6°22′16″O  /  39.473055555556, -6.3711111111111 Coordenadas: 39°28′23″N 6°22′16″O  /  39.473055555556, -6.3711111111111 • Altitud 457 [ 1 ] ​ msnm (mín.:211 [ 2 ] ​, máx.:708 [ 2 ] ​) Superficie 1750,33 km² Núcleos de población Cáceres Estación Arroyo-Malpartida Rincón de Ballesteros Valdesalor Fundación 34 a. C. Población 96 068 hab. (2018) • Densidad 54,8 hab./km² Gentilicio Cacereño/a [ 3 ] ​ Código postal 10001-10005, 10195 Alcaldesa (2015) María Elena Nevado del Campo [ 4 ] ​ Presupuesto 69.045.004€ [ 5 ] ​  (año ...
            Read more