Secure Erasing 840 Evo E-Drive - can it be done?

[kingwaffle]

First off,

I just wanted to say that this thread is ridiculously informative. I've been Googling off and on all weekend regarding my particular issue and finally stumbled across this thread and learned quite a bit.

Hopefully someone here can provide advice, but I'm not hopeful as my issue is pretty specific...

A few weeks ago I purchased a TPM module for my motherboard and installed it. My goal was to enable Bitlocker on all of my volumes (my 1TB Evo & 2x3TB RAID-1 setup).

I quickly learned that this would likely entail a secure erase of my SSD to get the hardware encryption to work on my Evo. I used Magician to set the SSD into a "Ready to Enable" state and then used the Samsung secure erase ISO in order to prep the drive.

With my drive freshly wiped, I installed Windows 10 with a clean install. After trying (and failing) to get a clean install of Windows 10 to activate, I blew it away and installed/activated Windows 8 (not 8.1). From here, I installed Windows 10 using the "upgrade, keep nothing" option and now I'm typing this from my Windows 10 install.

Somewhere between the Windows 10 -> Windows 8 -> Windows 10 mess, I had some downtime so I was doing homework on requirements to enable the Bitlocker hardware encryption and realized that the SATA mode cannot be RAID, so I ultimately un-did my RAID setup and went to AHCI. I tested Bitlocker on my SSD and it successfully enabled with hardware encryption. A few minutes later, I turned it off and then began my Windows 10 upgrade.

Now that I'm on 10, I cannot re-enable Bitlocker without it asking what I want to encrypt (full drive/data only). I tried clearing the TPM, but that didn't work either.

I really don't know why/how I managed to get it work one time, but can't get it to work again. From what I understood, it sounds to me like once the drive is prepped, it should stick and turning off/on bitlocker should be seamless, but that doesn't appear to be the case.

I wonder if upgrading OS's makes the drive no longer eligible for hardware encryption?

tl;dr -- I succeeded in enabling Bitlocker hardware encryption once, but haven't been able to do it since. Anyone seen that before?

 

[Jovec]

I used Magician to set the SSD into a "Ready to Enable" state and then used the Samsung secure erase ISO in order to prep the drive.

Without first-hand knowledge of TPM w/BL, I would verify that what you did above works. IOW, after the SE but before the OS install, verify that the EVO is still in "Ready to Enable" mode for eDrive by connecting it to another computer with Magician. If it is, then the EVO is set for hardware BL and the issue lies with something other other than the SSD.

You might need to reverse this order. SE the Evo, connect it to a working computer with Magician and then set eDrive mode to ready to enable. Then do the OS install on your Evo, install Magician, and verify eDrive mode is enabled.

Also, due the nature of the current install process, a fresh OS install might be required rather than an upgrade.

 

[kingwaffle]

verify that the EVO is still in "Ready to Enable" mode for eDrive by connecting it to another computer with Magician. If it is, then the EVO is set for hardware BL and the issue lies with something other other than the SSD.

I don't understand why it would be necessary to connect it to another computer in order to verify this: the drive was flagged as Ready to Enable weeks ago. I noticed that a secure erase would be required to fully "enable" it, so I pushed it off until 10 was RTM.

Enter this weekend. I went ahead and proceeded with that by executing the secure erase and installing 10 on the freshly cleaned volume.

Now when I go into Magician, Hardware Encryption is listed as "Enabled".

Also, due the nature of the current install process, a fresh OS install might be required rather than an upgrade.

That's what I think is happening here. Unfortunately, that isn't an option for me (yet), as I tried a clean install of 10 and I couldn't get it to activate.

I would hope that users who already enabled hardware encryption/bitlocked their drives on 8(.1) don't have to diskpart/clean their drives between OS's, but it appears that might be the way of the beast.

 

[Jovec]

I don't understand why it would be necessary to connect it to another computer in order to verify this: the drive was flagged as Ready to Enable weeks ago.

To ensure that the SE isn't reverting the eDrive state from "Ready to Enable" back to "Disabled." I doubt it does, but may as well confirm that. Hardware Bitlocker encryption requires (among other things) eDrive mode set to "Ready to Enable" and a fresh OS install.

 

[kingwaffle]

To ensure that the SE isn't reverting the eDrive state from "Ready to Enable" back to "Disabled." I doubt it does, but may as well confirm that. Hardware encryption requires (among other things) eDrive mode set to "Ready to Enable" and a fresh OS install.

It wasn't reverting. If it were, I wouldn't have been able to enable Bitlocker successfully one time.

 

[kingwaffle]

Figured I'd bump...

I did a clean install of Windows 10 tonight and Bitlocker hardware encryption worked completely fine.

I guess a clean install of Windows 8 and then an upgrade to Windows 10 breaks it somehow.

Edit: And Intel RST 14.5.0.1081 breaks it. I had to system restore to a date prior to the RST drivers being installed. Uninstalling wasn't sufficient. The drive was encrypted, but Windows reported the drive as decrypted. WEIRD.

 

[maxlieb]

Edit: And Intel RST 14.5.0.1081 breaks it. I had to system restore to a date prior to the RST drivers being installed. Uninstalling wasn't sufficient. The drive was encrypted, but Windows reported the drive as decrypted. WEIRD.

I Can't believe it....
SO I Wasn't a bug in win 10 after all...
long story short i did a few upgrades and clean installs and after having a few problems one of them being that bitlocke stopped showing the drive as encrypted I decided to go back to 8.1 ....
Then I disabled bitlocker because I was working remotely and expected a few reboots.
later to my horror discovered I cant turn it back on....

so thank you very much
p.s: actually in my case uninstalling the driver WAS sufficient
(although this is a bit of another case + I had a BSOD which got resolved only after booting to safe mode, and back to normal)

 

[aviator79]

Hey Guys,

I did the same ting just a week ago.
That how it worked for me:

- Setting "Ready to Enable" in Magician
- Secure Erase SSD
- Install Win8.1
- Upgrade to Win 10 (It recognized that my system was encrypted and kept that state)

So on my long way to this, here are some hints from me:
- TPM ist not neccessary. But you'll need a passphrase on boot or a USB-stick with the Key stored on it to boot
- BitLocker DOES NOT WORK with Intel RST (IRST)
- BitLocker DOES NOT WORK with SATA controller set to RAID mode
- your Meinboard must support UEFI 2.3.1 (hard to ensure, I just tested it)
- CSM (Compatibility Support Module) must be disabled in UEFI

 

[kingwaffle]

Hey Guys,

I did the same ting just a week ago.
That how it worked for me:

- Setting "Ready to Enable" in Magician
- Secure Erase SSD
- Install Win8.1
- Upgrade to Win 10 (It recognized that my system was encrypted and kept that state)

So on my long way to this, here are some hints from me:
- TPM ist not neccessary. But you'll need a passphrase on boot or a USB-stick with the Key stored on it to boot
- BitLocker DOES NOT WORK with Intel RST (IRST)
- your Meinboard must support UEFI 2.3.1 (hard to ensure, I just tested it)
- CSM (Compatibility Support Module) must be disabled in UEFI

Good post.

In my experience, it seems that something "happens" between the clean install and the W10 upgrade that prevents the drive from activating the hardware encryption. I have no idea why I didn't just turn on the hardware encryption on W8 before the W10 upgrade.

I feel like an idiot for not doing that. I wasted an entire weekend monkeying with it.

 

[kingwaffle]

Looks like there's a new version of RST out (14.6.0.1029) but I'm hesitant to try it.

 

[Rivadi_NL]

I enabled Samsung Magician Encrypted Drive, installed a fresh Windows 10 pro en encrypted the Samsung 850 256 GB SSD succesful. Encryption with Bitlocker took a few seconds.
I made a backup with Acronis True Image 2016, but I cannot restore now.
How can I restore and will the hardware Encrypted Drive be intact?

 

[wilburyan]

I don't suppose anyone still has a copy of this PSID utility kicking around? The original link in the thread is dead.... and Sumsung is zero help

 

[catilley1092]

Parted Magic
Dowload,burn ISO to USB or disc.

Works every time for me!

I'll remove the SSD from the system, and attach a 2.5 SATA to eSATA cable that I have for backup/secure erasing, and Parted Magic gets the job done every time. Note that it's on a eSATA port of a spare notebook, that way the SSD has what's needed for the secure erase to happen. Just don't choose the option that pops up suggesting to use 'Enhanced Secure Erase', this only truly erases the first & last so many sectors of the SSD & encrypts the rest, so one will not have a fully erased SSD, and the Full erase (non-Enhanced one) takes only a few seconds longer on most SSD's.

It's then for certain zeroed from one end to the other.

One can also reuse Bitlocker encrypted HDD in a similar manner, boot with most any partition tool, delete all partitions & wipe the drive, install in another computer, it's like it was never encrypted. Just like this solution, no big deal, just go for it. If by chance you don't have an eSATA port to plug into, you can also boot the CD & erase on the computer. Sometimes, it'll require to sleep for 20-30 seconds, then wake & repeat, all should go well. Just remember what I was saying above about not choosing Enhanced Secure Erase (poor choice), to be honest, don't know why it's offered, a determined data thief can access those files that weren't zapped, say if the computer or SSD were later sold.

I decline that option every time.

Cat

 

[Micrornd]

I don't suppose anyone still has a copy of this PSID utility kicking around? The original link in the thread is dead.... and Sumsung is zero help

Samsung PSID Revert.zip

 

[vigorito]

Can this method be done with the samsung pm871 model mz-nln5120 which has a forgotten password
(Secure erase and wiping everything)

 

[vigorito]

Anyone? when i open psid revert tool i got listed disks like this and not sure how to select problematic drive because drive id error? picture attached

http://imgur.com/a/3Z43C

 

[aviator79]

My fault. Looks like the software does not support this device.

 

[vigorito]

Plus there is no psid number labeled on the drive

 

[Aniruddha Gupte]

Samsung PSID Revert.zip

Sir
I am not able to download it . Can you please upload it again on some other site.
Thank you

Update:- Site is banned I by my ISP. Downloaded using proxy. And VPN

 

[darksession]

Hello, i have a question. I have a 850 EVO and wanted to enable Bitlocker. First i enabled E-Drive in Magician on my old Win 10 Install, then i used secure erase which i had on a DVD from some months ago. Then i installed Win 10 64 and had to click on activate E-Drive again. Then i changed my Win Settings to make Bitlocker work without a TPM module and now its all encrypted. But it asked me if i want to enable Encryption on the whole SSD or just on some parts of it. I guess that means ist not working correctly?. I tried to secure erase my SSD again and start another attempt, but in the Secure erase Prompt it says this drive is not supported, and i can't create a new DVD with Secure erase in magician. It says "ERROR". Whats the deal here?