Forum Discussion
Ergii1984
Dec 06, 2021Copper Contributor
How do you enable hardware bitlocker?
I am aware that Microsoft doesn't trust SED manufacturers with their implementation of hardware crypto so changed the default in build 1903 onwards to software. Ever since 1903, I have had zero luck ...
lbogdanov11
Copper Contributor
With 22H2 I got my drive not encrypted(i checked it by manage-bde) after install adding PreventDeviceEncryption key twice but bitlocker still cant be switched on in hardware mode.
I dont have "Block SID Authentication" option in latest BIOS on thinkpad 14s gen 1 this could be an issue.
Anyway i updated windows and it works fine.
I dont have "Block SID Authentication" option in latest BIOS on thinkpad 14s gen 1 this could be an issue.
Anyway i updated windows and it works fine.
Ergii1984
Nov 22, 2022Copper Contributor
Block SID Authentication is required for Bitlocker SED to work. I don't know if Lenovo has recently removed it, checked my X1 Carbon Gen 9 and since latest bios it's missing too, because of CVE remediation or if they are simply trying to kill off Bitlocker SED and pushing for WinMagic which is an extra cost whereas bitlocker is free.
See this post, which some Lenovo staffer responded.
https://forums.lenovo.com/t5/ThinkPad-X-Series-Laptops/Bitlocker-Using-Drive-Hardware-Encryption/m-p/4241463?page=1#4242072
Lenovo uses AMI bios and they do have it in so I can only image it's been removed on purpose by Lenovo: https://www.ami.com/blog/2017/10/25/american-megatrends-provides-block-sid-for-nvme-drives-in-aptio-v-uefi-bios-firmware/
See this post, which some Lenovo staffer responded.
https://forums.lenovo.com/t5/ThinkPad-X-Series-Laptops/Bitlocker-Using-Drive-Hardware-Encryption/m-p/4241463?page=1#4242072
Lenovo uses AMI bios and they do have it in so I can only image it's been removed on purpose by Lenovo: https://www.ami.com/blog/2017/10/25/american-megatrends-provides-block-sid-for-nvme-drives-in-aptio-v-uefi-bios-firmware/