Samsung 840 EVO SSD encrypted without Bitlocker?

[Compudoc00]

Is it possible that I have my hard drive encrypted without Bitlocker knowing about it?
I have a new Fujitsu T904 and installed a Samsung 840 EVO 1TB mSATA SSD. TPM Active. Did the Secure Erase using Magician. Clean Windows 8.1 Install. Activated Bitlocker with Group Policy that it can't use Bitlocker software encryption and it instantly said it was protected by Bitlocker (after I made my pin). Magician said "Encrypted Drive = Enabled". Life was great!
Then I loaded all of the Fujitsu T904 drivers from their website. Computer seems to work great, and I get a blue BitLocker screen asking for my pin whenever I reboot prior to it loading windows and asking for my windows password. However if I go to Bitlocker in the Control Panel, it says that my drive is not protected by Bitlocker. If I run manage-bde -status c: it says that there is no Bitlocker version, my conversion status is "Fully decrypted", Percent encrypted is 0, Encryption Method is None, Protection off, unlocked, No ID fields, No Key protectors. But Magician is still happy saying "Encrypted Drive = Enabled".

Is my drive encrypted or not? Thanks for your help because I'm losing sleep over this (I did not enjoy having to unplug and reconnect my SSD during Secure Erase while laptop was filleted open and running, and dread the thought of having to do it again...)

 

[Hellhammer]

Windows 8.1 automatically encrypts the drive if all of your components meet the requirements. Check PC info from settings to see if it lists encryption

 

[Compudoc00]

Hmmm. My PC info (for Windows 8.1 Pro) doesn't list anything below the "Change product key" button. Does that mean it's not encrypted or is there another place to check? If it's not encrypted, why is it asking for a bitlocker Pin when I boot? Is that just because of a policy setting?

 

[Compudoc00]

I should add that I did plug the drive into another computer, and while Disk Manager recognized the presence of 3 partitions (Recovery, EFI, and Boot) and got the sizes right, it didn't recognize any data and it politely offered to format the drive. I hope you folks know a trick to document that my drive is encrypted with 2 factors (TPM and the Pin that I enter when I boot). Thanks!

 

[Jovec]

Use Samsung Magician, choose Data Security, and report back the status of Class 0, TCG Opal, and Encrypted Drive. If you have more than one SSD installed, make sure to select the drive in question.

 

[Compudoc00]

Class 0 = Disabled
TCG Opal = Disabled
Encrypted Drive = Enabled

 

[Jovec]

Control Panel -> System and Security -> BitLocker Drive Encryption

Then view the status of the drive partition(s), which say?

 

[Compudoc00]

Only have 1 drive, and on the control panel BitLocker screen it say:
Operating System Drive:
C: Bitlocker off

That matches what I got when I opened a CMD window as administrator and ran "manage-bde -status c:" it said that there is no Bitlocker version, my conversion status is "Fully decrypted", Percent encrypted is 0, Encryption Method is None, Protection off, unlocked, No ID fields, No Key protectors.

 

[Compudoc00]

I should add that if I then try to turn BitLocker on, it fails because it tries to do software encryption and I disabled that in the policies.
Yet when I do a cold reboot, a bitlocker screen pops up asking for my pin. I also noted that if I change the BIOs so that it doesn't do a Secure Boot, my bitlocker pin isn't accepted until I change the BIOS setting back. Not sure if that's a clue...

 

[Jovec]

The results of manage-bde -status c: indicate (if not comfirm) that the drive is not encrypted. If you have any concerns about your data security, I would start over from scratch with a fresh OS install.

The Encrypted Drive status as reported by Magician does not pertain to the state of the data stored on the drive, but rather to the state of the drive itself as it pertains to E-Drive / hardware Bitlocker encryption. Most notably, the drive will no longer respond to certain commands in the ATA security set. You will no longer be able to perform a Secure Erase, for example. You will also no longer be able to change the status of three security "modes" in Magician. Your only option is to perform a PSID revert, which will destroy all data on the drive and reset to factory defaults.

With a fresh/default Evo, if you wanted to use software bitlocker encyption then you would need to install your OS and enable Bitlocker. You don't have to change any of Evo's security modes. There should be no need to edit any policy settings unless you don't have a TPM. If you don't, you can modify the appropriate policy setting and change to using a passphrase.

With a fresh/default Evo, if you want to use hardware Bitlocker encryption, you will need a supported EFI BIOS (my SB laptop doesn't have a TPM or EFI, so I use the passphrase method and software encryption). In addition, you must set the Encrypted Drive status from "Disabled" to "Ready to Enable" via Magician. You must then install a fresh Win8.1 which will set the "Enabled" status. I'm fairly certain that when I tested this (EFI, but no TPM) a fresh install was the only way to do this - that is, you cannot enable hardware BDE on an existing install (at least with the Evo). At this point, the drive still isn't encrypted, so you will need to enable Bitlocker and go through that process.

I can't speak to any Secure Boot / TPM issues you may need to resolve/reset. Issues that you may need to resolve prior to doing most of the above.

Bitlocker should default to using hardware encryption automatically if all the conditions are met. If that is what you want, then there should be no need to change policy settings to disable software encryption.

You might find some more clues in this thread, though it doesn't deal directly with your issue.

 

[Compudoc00]

@Jovec - thank you so much for your help. You also answered the question that I was about to ask which was "What to do now that Magician says I can't do a Secure Erase"! Looks like the PSID Revert should do the trick. Problem Solved!

 

[TarcisioCogumas]

I have the samsung 840 evo 500gb and my laptop is a Hp probook 430 g1.
windows 8.1 pro x64.

I've tried the Secure Erase but when I encrypted the ssd by bitlocker the Samsung Magician says this:
Class 0 = Ready to Enable
TCG Opal = Ready to Enable
Encrypted Drive = Ready to Enable

I don't how what to do to enable a hardware encryption.
I don't wanna use a software encryption.

I've read your posts and I didnt figure out how to enable it.
Could you guys help me please?

What informations do you need?
thank you very much!