none
Bitlocker, Windows 8 and self encrypting drives

    Question

  • I am trying to install a Seagate Constellation.2 self-encrypting drive with Windows 8 for use with Bitlocker. Articles that I've read imply that Bitlocker will recognise the SED.

    There's no problem with the installation but there is no indication that Bitlocker sees it as anything other than a normal drive.

    If I try to encrypt the full drive with Bitlocker, it's obvious, from the time it takes, that it is software encrypting it.

    I have read the article about 'encrypted hard drives' and note that it says that SEDs are not the same thing. Frankly, I don't understand this and neither do other people on the web who have written saying that SEDs are now supported by Bitlocker.

    Can you help with this please?

    Thanks

    Sunday, July 14, 2013 4:17 PM

Answers

  • The constellation ES.2 and ES.3 drives will not be able to be used as hardware encryption with Bitlocker on Windows Server 2012/8 they will just show as normal hard disks as your seeing and then you can use Bitlocker software encryption.

    The reason they don't work is because Windows Server 2012/8 requires a OPAL 2 compliant drive and the Seagate constellation ES.2 and ES.3 drives are not OPAL 2 compliant drives. This is common across all vendors at the moment I was told, so until someone releases a OPAL 2 compliant drive you will only be able to use bitlocker software encryption.


    Niki Han
    TechNet Community Support

    • Marked as answer by trivelino Tuesday, July 16, 2013 8:15 AM
    Tuesday, July 16, 2013 8:05 AM
    Moderator

All replies

  • You may want to ask your question in one of the Seagate Community Forums.

    Carey Frisch

    Sunday, July 14, 2013 4:23 PM
  • Well that's not a bad idea, as long as I don't expect an answer from Seagate themselves. I've already been talking to them about other aspects of this (eg - why is an SED better than a normal drive) and they've not been helpful (at one point I had two helpdesk agents contradicting each other). But I will try. Because I'm quite desperate.

    Seagate don't seem to have much to do with this. They actually just produce the drives with the configurability and then they're controlled by third-party software by people like Wave. However this software is very complex and more expensive than the drives themselves.

    I came across an article that said Bitlocker would recognize SEDs so I was hopeful that it would. I guess my question was really why doesn't Bitlocker recognize the drive, rather than why isn't the drive recognized by Bitlocker.

    Thanks for replying so quickly by the way.

    Bob

    Sunday, July 14, 2013 4:47 PM
  • The constellation ES.2 and ES.3 drives will not be able to be used as hardware encryption with Bitlocker on Windows Server 2012/8 they will just show as normal hard disks as your seeing and then you can use Bitlocker software encryption.

    The reason they don't work is because Windows Server 2012/8 requires a OPAL 2 compliant drive and the Seagate constellation ES.2 and ES.3 drives are not OPAL 2 compliant drives. This is common across all vendors at the moment I was told, so until someone releases a OPAL 2 compliant drive you will only be able to use bitlocker software encryption.


    Niki Han
    TechNet Community Support

    • Marked as answer by trivelino Tuesday, July 16, 2013 8:15 AM
    Tuesday, July 16, 2013 8:05 AM
    Moderator
  • Ah, that would explain it. How frustrating.

    Thanks Niki

    Tuesday, July 16, 2013 8:15 AM
  • This Technet site also gives specific direction in what drives will work with Windows 8/2012 (copy and paste - I had to add a space after http to avoid creating a link)

    http ://technet.microsoft.com/en-us/library/hh831627.aspx

    There also is this warning at the bottom of the page that might help explain the situation:   "Self-Encrypting Hard Drives and Encrypted Hard Drives for Windows are not the same type of device. Encrypted Hard Drives for Windows require compliance for specific TCG protocols as well as IEEE 1667 compliance; Self-Encrypting Hard Drives do not have these requirements.    It is important to confirm the device type is an Encrypted Hard Drive for Windows when planning for deployment."

    Monday, October 20, 2014 2:07 PM
  • This thread is a bit old Ian.

    I am not sure that the MS Encrypted Hard Drive and the SED are the same thing and the trouble is that, without clarity, it's impossible to know what's going to happen. I did eventually get SEDs to work with W8 and described the process here... http://www.eightforums.com/system-security/28240-bitlocker-windows-8-self-encrypting-drives.html

    I note that there is a question raised somewhere, that implies that W8.1 automatically enables SEDs - I have not been able to verify this

    I still do not understand why this is not in widespread use. Bizarre.

    Bob

    Tuesday, October 21, 2014 9:44 AM