How do you enable hardware bitlocker?

Ergii1984 First of all I would like to thank everyone for the amount of information in this thread.

After a day of struggling, I have managed to get hardware encryption working with this combination:-

Lenovo X1 Yoga 4th Gen (very similar to X1 Carbon 7th Gen)

Windows 11 Pro

Samsung 980 Pro 1TB NVMe.

The strange thing is that there is nothing about "Block SID Authentication" in the BIOS of this laptop, but despite this, I did get it to work.

Some notes:-

I used Rufus to create bootable thumb drive from the Windows 11 ISO.  This had an option to disable automatic deployment of bitlocker, which worked.

Once Windows 11 was installed (without bitlocker) I used Samsung Magician to put the drive into "ready to encrypt" mode.

I then used Samsung Magician to create a bootable thumbdrive of their secure erase tool.  This took a long time to get it to create, basically I had to use dd in a Linux box to totally zero out the thumb drive, then put it into Windows 11 , format it there, and then finally Samsung Magician would create the tool.  Also the Lenovo had to come out of secure UEFI to actually boot it, then I could use that to erase the drive.  After that I re-enabled secure UEFI boot.

Along the way I upgraded the BIOS of the Lenovo to the latest version, which may, or may not have helped.

Finally I used the Group Policy Editor to enable hardware encryption for both fixed disks and system disks, with fallback to software encryption unticked for both.

Then I did a reboot, and after that enabled bitlocker, and to my amazement it worked (with manage-bde -status reporting hardware encryption).

I note the vulnerabilities in some drives, but I think it's good enough for my Windows installation and applications.  For really sensitive stuff I'll use VeraCrypt on top.

I have no idea why it worked without the "Block SID Authentication" settings in the BIOS, but it seems that this isn't always a show stopper.

Thanks everyone.