Has anyone tried to use Hardware SED disks with Windows 2012 BitLocker ?
We have a couple of Seagate SED disks we are testing and i was expecting BitLocker to detect they are hardware based encrypting drives but they just seem to be being picked up as normal disks, So i am unsure if we are getting the benefits of the hardware encryption .
Can someone tell me if this is normal behaviour in Windows Server 2012 or should i be seeing something else ?
Encrypted Hard Drive device type will be recognized in Windows 8/2012. Please see:
What's New in BitLocker
See the "Support for Encrypted Hard Drives for Windows" Part:
BitLocker: BitLocker Control Panel will enable users to manage Encrypted Hard Drives in the same manner as full volume encrypted drives
You could also communicate with Seagate to see if there is any firmware or update needed for SED disks to working with Windows 2012.
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact firstname.lastname@example.org.
What i was after is how should i expect these disks to be displayed in Windows 2012 a screenshot example would be useful
Cause they just look the same as the standard disk when we enable BitLocker for them so that's why i think they are not being detected correctly as SED disks.
We are in process of checking with Seagate too
Thanks for the reply
Hello - I realise the thread is a bit old, but this is a very difficult subject to find information on.
Did you ever get an answer about whether Bitlocker works with SEDs?
I am trying to use it with W8P to utilise the hardware encryption on a Seagate Constellation.2 but there is nothing to indicate that it sees it as anything other than a normal drive. An attempt to encrypt it results in software encryption.
Is this something to do with the misnomers 'encrypted hard drive' and 'self-encrypting drive'? I see there is a 'cryptic' comment about it in the MS blurb.
I did got a answer from a technical lead at Seagate in the end that confirmed that the constellation ES.2 and ES.3 drives will not be able to be used as hardware encryption with bitlocker on Windows Server 2012/8 they will just show as normal hard disks as your seeing and then you can use Bitlocker software encryption.
The reason they don't work is because Windows Server 2012/8 requires a OPAL 2 compliant drive and the Seagate constellation ES.2 and ES.3 drives are not OPAL 2 compliant drives. This is common across all vendors at the moment I was told, so until someone releases a OPAL 2 compliant drive you will only be able to use bitlocker software encryption.
Hope this helps
- Proposed as answer by trivelino Monday, July 15, 2013 8:01 AM
I thought you might be interested to know that I got this working using an OPAL2 drive.
I got hold of a Seagate ST500LT025, which is, sadly but not irretrievably, a 2.5" 5400rpm thin drive. It's readily available and quite cheap. I note that this is also compliant with MS edrive specs, but I don't know how important that is, or what the differences are.
By googling 'Microsoft edrive' I found stuff (mostly from gamers) about utilizing SEDs which I hadn't found before. Amongst this was the comment that all the new Windows 8 features could only be guaranteed to work with Windows 8 'certified' boards. The factor of the boards that was important was that it should be UEFI compliant, although it's not clear which version.
I then got an MSI B75MA-P45 motherboard which met the criteria. Gigabyte (which I would have preferred) have Windows 8 'ready' boards but I couldn't find anything that confirmed whether this was the same thing (I think not, although IT semantics are obscure at best). None of them say which version of UEFI they are compliant with.
I put the W8Pro drive in (W8 seems to move quite happily between different Intel platforms) and right-clicked on it to turn Bitlocker on and it worked. It has to restart, but it doesn't ask if you want to encrypt the whole drive or just part before it does it, and this is the only indication of an SED being present. When it returns after restart, it's just working. The drive symbol has a lock on it and right-clicking offers the Bitlocker management system.
The option to use TPM is supported with this board (with a plug-in module) but it's not necessary for this to work. I am just using a password logon, which is all I need.
I note also that I put the constellation.2 drive in and it didn't work, confirming what you said.
You may be interested to know that I put the W8 drive in a new Novatech laptop and it worked in there too. There is no indication that the Novatech is W8 certified (it was loaded with W7), but it has Secure Boot available in the BIOS and I think, although this is something separate, it is an indication that the laptop meets the Windows 8 requirements.
Might be able to get on with some work now.