Can Bitlocker do Hardware encryption on data drives that are OPAL 2.0 capable?

Question

_{Tuesday, November 26, 2019 3:20 AM}

Hello IT Professionals,

Is Bitlocker capable of enabling Hardware encryption on a drive that is OPAL 2.0 capable but not eDrive capable?

This for example to encrypt a drive that is not going to be used for the OS but only for data.

Thanks.

All replies (3)

_{Tuesday, November 26, 2019 8:51 AM | 1 vote}

You could answer that by simply trying it. If your manufacturer does not guarantee that it works, we wouldn't know, at least not without knowing the drive model.

_{Tuesday, November 26, 2019 7:47 PM}

Hello Ronald,

Thanks for your quick reply.

My question is more related to knowing Bitlocker support.

Is Bitlocker capable to do Hardware Encryption only with drives that are eDrive or does Bitlocker supports other specs like OPAL 2.0, Opalite, Ruby.

eDrive = TCG OPAL 2.0 and IEEE 1667 specifications.

In other words, If I buy a drive that is OPAL 2.0 compliant but it is not eDrive compliant is Bitlocker going to be able to do Hardware Encryption or not?

I hope I have clarified my question.

_{Wednesday, November 27, 2019 7:24 AM}

Googling reveals, that there are no sites inside the domain support.microsoft.com that even mention "opal 2.0". There are very few that mention edrive. MS is vague about the requirements, but others write that opal 2.0 compliant drives are compatible.

Be warned though, that hardware encryption, although superior by performance, has drawbacks. There are security issues because some manufacturers didn't implement the mechanisms securely. Microsoft has switched the default encryption method away from hardware encryption because of that.

And after you will have read my thread here (use browser translation features german->english), you might even want to stand clear of it: https://administrator.de/wissen/erschreckende-erfahrungen-samsungs-self-encrypting-drive-bitlocker-283659.html