I’ve spent countless hours trying to enable hardware encryption when turning on Bitlocker on my Windows 10 Pro operating system drive: A Samsung 980 Pro. I’ve read everything I can find on the internet on this topic. I’m hoping someone here can help me get over the finishing line.
Here’s where I’m at:
Intel NUC12 Extreme with fully updated BIOS and UEFI Secure Boot turned on. Intel support confirmed to me that the installed BIOS is UEFI 2.8 which supports EFI_STORAGE_SECURITY_COMMAND_PROTOCOL
BIOS has Intel PTT Opal 2.0 compliant firmware TCP
I did a fresh install of Windows 10 Pro from USB media created from Microsoft website a few days ago
My OS drive is a Samsung 980 Pro which supports eDrive / hardware encryption
I installed Samsung Magician and set my drive to “Encrypted Drive Ready To Enable”.
Then I used GParted to wipe all partitions from the drive and after that did a fresh install of Windows 10 Pro.
At that point, MSINFO was showing Un-allowed DMA capable bus/device(s) detected on the Device Encryption Support row.
After much experimenting, I found that adding strings for PCI TO PCI BRIDGE and ISA BRIDGE to the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlDmaSecurityAllowedBuses key fixed the “Un-allowed DMA capable bus/device(s) detected” error and the “Device Encryption Support” status in MSINFO is now “Meets Prerequisites”.
Then I edited the Bitlocker Group Policy for Operating System Drives so that “Configure use of hardware-based encryption for operating system drives” is set to “Enabled” and “Use Bitlocker-software based encryption when hardware encryption is not available” is not enabled. The idea here being I don’t want Bitlocker to silently turn on software encryption… I only want Bitlocker to turn on if it can use hardware encryption.
But… whenever I try to turn on Bitlocker for my OS drive (Samsung 980 Pro), it starts “verifying that your PC meets its system requirements” and then gives me the error message: “Bitlocker did not revert to using Bitlocker software encryption due to group policy configuration”. Meaning it was unable to use the hardware encryption of the Samsung 980 Pro.
I’m hoping someone might be able to tell me what to try next. I’ve run out of ideas. MSINFO says my system “Meets Prerequisites” for Device Encryption Support, I have no DMA conflicts being reported, and I enabled encryption in Samsung Magician, so what gives?
