cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
kivnic
Serial Port
Posts: 15
Registered: ‎01-29-2009
Location: USA
Views: 1,598
Message 1 of 6

bitlocker edrive hardware encryption on w520 with Crucial m500 SSD

Hi folks,

 

I've been trying hard to get my Crucial m500 SSD hard drive to work in edrive (hardware encryption) mode with the w520. I've read several other threads related to the process for different Lenovo machines, but I haven't seen much discussion on the topic for the W series laptops as of yet.

 

Here's what I've tried so far:

 

  1. Clean install of Windows 8.1, while running the latest bios 1.42.
  2. All updates from Windows Update tool
  3. All updates from Lenovo System Update EXCEPT the "Intel Rapid Storage AHCI Driver". This seems to be a major point in other threads since apparently the Intel driver is incompatible. I confirm that I'm running Microsoft's "Standard SATA AHCI Controller".
  4. Enable drive bitlocker encryption.

Link to image

 

When I enable bitlocker encryption, I'm given the choice to either do the existing data only or the whole drive. According to Crucial tech support, that's a telltale sign that edrive is not being used. As further confirmation, I've also run checked edrive status using this method:

 

  1. Start Command Prompt as Administrator
  2. manage-bde -status
  3. Check "Encryption Method" line. It will read "Hardware Encryption" if edrive is in use. Mine says "AES 128"

check_edrive.png

 

 

Moderator comment: Image(s) converted to link(s). For helpful information, please see: About Posting Pictures In The Forums.

 

Lenovo Staff
Lenovo Staff
Posts: 5,543
Registered: ‎10-29-2009
Location: NC
Views: 1,557
Message 2 of 6

Re: bitlocker edrive hardware encryption on w520 with Crucial m500 SSD

W520 BIOS doesn't support eDrive.  I highlighted in red the reason why, from the below URL.  At the time W520 was developed this protocol (and UEFI 2.3.1) didn't exist yet.  We don't have any plan to retrofit the older systems to add this support now.

 

http://technet.microsoft.com/en-us/library/hh831627.aspx

 

For Encrypted Hard Drives used as startup drives:

  • The drive must be in an uninitialized state.

  • The drive must be in a security inactive state.

  • The computer must be UEFI 2.3.1 based and have the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL defined. (This protocol is used to allow programs running in the EFI boot services environment to send security protocol commands to the drive).

  • The computer must have the Compatibility Support Module (CSM) disabled in UEFI.

  • The computer must always boot natively from UEFI.
kivnic
Serial Port
Posts: 15
Registered: ‎01-29-2009
Location: USA
Views: 1,541
Message 3 of 6

Re: bitlocker edrive hardware encryption on w520 with Crucial m500 SSD

Thanks someotherguy. I was hoping it would work, but it's good to have a definitive answer nevertheless.

mlee
Fanfold Paper
Posts: 12
Registered: ‎03-29-2013
Location: california
Views: 760
Message 4 of 6

Re: bitlocker edrive hardware encryption on w520 with Crucial m500 SSD

I was wondering if you could tell me if this is also the case for the L430.  I have tried updating the firmware of the L430 to 2.66 using the BIOS update utility.  It still does not work.  So my question is, does the hardware itself in the L430 not support the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL?  From my limited research, I can not tell if the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL is strictly a firmware thing or if it also requires some speicifications in the hardware of the machine.  Although, my experience seems to lean towards the latter.  

 

Also, can you confirm that the L460 does indeed support the requirements for eDrive?  If so, we may replace our L430 with it.  

 

Just FYI, the drive we are using is the Intel SSD Pro 2500 eDrive.  

Lenovo Staff
Lenovo Staff
Posts: 5,543
Registered: ‎10-29-2009
Location: NC
Views: 743
Message 5 of 6

Re: bitlocker edrive hardware encryption on w520 with Crucial m500 SSD

Though I have never personally tried it, and I don't know for sure, I believe L430 with BIOS version 2.x should have all the prerequisites to support eDrive.  You would have to enable OS Optimized Defaults, then load BIOS default settings and re-install Win10.  Have you tried that?

 

EFI_STORAGE_SECURITY_COMMAND_PROTOCOL is implemented by UEFI platform firmware (e.g. BIOS).

mlee
Fanfold Paper
Posts: 12
Registered: ‎03-29-2013
Location: california
Views: 729
Message 6 of 6

Re: bitlocker edrive hardware encryption on w520 with Crucial m500 SSD

Yes, I have tried that.  

 

Spent the last few hours using a Samsung 850 EVO drive in the L430 and I finally got it to work.  

 

So, verified that the L430 with BIOS 2.66 does work with edrive with the Samsung 850.  Not sure why it didn't work with the Intel drive.  Maybe I'll play around with it more tomorrow.  

 

Thanks for your input.  

Check out current deals!


Shop current deals

Top Kudoed Authors