Windows 10: Full-disk encryption of an SSD with Bitlocker. Over-provisioning? Does TRIM work?

Discus and support Full-disk encryption of an SSD with Bitlocker. Over-provisioning? Does TRIM work? in AntiVirus, Firewalls and System Security to solve the problem; Hello everybody, I wonder if it is advisable in the case of a complete encryption of an SSD using Bitlocker, to create an unencrypted partition in the... Discussion in 'AntiVirus, Firewalls and System Security' started by Martin Fessler, Sep 23, 2020.

  1. MARTIN FESSLER
    Martin Fessler Win User

    Full-disk encryption of an SSD with Bitlocker. Over-provisioning? Does TRIM work?


    Hello everybody,

    I wonder if it is advisable in the case of a complete encryption of an SSD using Bitlocker, to create an unencrypted partition in the size of x percent to give the controller free space in addition to the factory over-provisioning for maintenance tasks like wear leveling.

    Opinions seem to differ here.
    Some say with full disk encryption everything the controller can see are occupied blocks - in such a case an unencrypted area would make perfect sense.
    On the other hand, Bitlocker should support TRIM and thus the controller should be able to "recognize" and use the free space on the encrypted partition.

    But, does TRIM even work? With an encrypted partition the tool "trimcheck" show me the restult "INDETERMINATE".
    When the partition is unencrypted it works as usual result: "TRIM appears to be WORKING".
    With VeraCrypt of course without blocking the TRIM command in the settings I get the same result.

    What's right? Does the controller really only see a full SSD - despite TRIM?!

    How are your experiences in this regard? Do you create an unencrypted area or do you "only rely" on the factory over-provisioning?
    Are there any official recommendations from microsoft in this regard?

    Thanks for reading and for every tip!

    Greetings,
    Martin

    :)
     
    Martin Fessler, Sep 23, 2020
    #1
  2. ن٢يف
    ن٢يف Win User

    Did trim works with encrypted ssd drive?

    Hi did trim works on Ssd encrypted drive?

    Windows 10 Pro os
     
    ن٢يف, Sep 23, 2020
    #2
  3. BERLODO
    berlodo Win User
    Including Bitlocker Pre-Provisioning


    Hi @Kari,

    That was an awesome Tutorial, exactly what I've been looking for !

    I have been doing a bit of experimenting and found that a slight modification to your procedure can be used to pre-provision Bitlocker encryption, as long as the machine has a TPM chip present and activated on the motherboard. This pre-provisioning, if successful, could save a few hours as compared to configuring it post-install.
    Note: all of the following worked on Win 10 Enterprise x64 1709 on both an old Laptop (non-UEFI, non-Secure Boot e.g. a 10 year old Dell Latitude E4200 ) and a modern desktop (Dell Optiplex 5040 w UEFI and Secure Boot).
    All that's needed is to insert a step between 2.6 and 2.7 which would check if the destination drive is encryptable, and, if it is then enable encryption of used space. Because the 'used space' at that point is almost zero it gets encrypted almost instantaneously. But, because the drive is now encrypted, anything that DISM adds to the drive gets encrypted on the fly ! End result is that when the installation is finished the drive is encrypted with Bitlocker and just needs a 'protector' (e.g. TPM and PIN) added ..

    Here's what worked for me ....
    - just after step 2.6, check that G: drive is actually encryptable (this also checks the BIOS, TPM activated etc.)
    run command 'manage-bde -status' (if that lists the volume as encryptable, then we're good to go to next ..)
    run command 'manage-bde -on G: -used' (that turns on bitlocker for the drive, and should finish after a few seconds ...... just wait a few seconds and verify that another 'manage-bde -status' now shows 100%)
    - .. now proceed to step 2.7

    At the end of the installation and after first bootup and logon you should see a little yellow triangle as well as an unlock icon on the drive, showing it's encrypted but with a 'clear protector' ...... then just need to add a protector, like TPM and PIN e.g. 'manage-bde -protectors -add c: -TPMAndPIN' where you will be prompted for PIN, and if all goes well, will be prompted to enter PIN in order for machine to boot up.
     
    berlodo, Sep 23, 2020
    #3
  4. ASWIN_ANAND
    Aswin_Anand Win User

    Full-disk encryption of an SSD with Bitlocker. Over-provisioning? Does TRIM work?

    BitLocker Encrypted Hard Drive to MAC

    Hi,



    Thank you for posting your query in Microsoft Community. I regret the inconvenience caused to you. Let me help you.



    I suggest you to perform below mentioned steps to disable BitLocker.

    To disable BitLocker I would suggest you try the following steps and see if it helps.


    • Press Windows key + X and click on
      Control Panel.

    • Change View by from Category
      to Large Icons/Small Icons.

    • Click on BitLocker Drive Encryption and click on
      Turn BitLocker Off.

    • Follow on screen instructions. Click on Decrypt the Drive
      when the message appears.
    I would suggest you click on the link below and refer the following article.

    Scenario 12: Turning Off BitLocker Drive Encryption (Windows 7)

    Scenario 12: Turning Off BitLocker Drive Encryption (Windows 7)

    (You can refer the steps in the above link as they are applicable for Windows 10 as well)



    Check if it helps.



    I hope the information helps. Please keep us posted on the issue. We will be happy to assist you accordingly.

    Thank you.
     
    Aswin_Anand, Sep 23, 2020
    #4
Thema:

Full-disk encryption of an SSD with Bitlocker. Over-provisioning? Does TRIM work?

Loading...

  1. Full-disk encryption of an SSD with Bitlocker. Over-provisioning? Does TRIM work? - Similar Threads - Full disk encryption

  2. SSD Trimming of Dynamic Disks

    in Windows 10 Network and Sharing
    SSD Trimming of Dynamic Disks: Recently i've had a drive failure and that enabled me to buy a new disk for replacement this time an SSD!. After copying the file from the damaged disk and doing running some repair utilities DISM restorehealth and SFC the machine booted. At that time i've noticed a big...

  3. Bitlocker full encryption issue

    in Windows 10 Ask Insider
    Bitlocker full encryption issue: hi all i have encountered a problem setting up an external hard drive and bitlocker. using full encrypt, after the process is finished and the drive is removed and plugged in again, i get the error that my system is not compartible with the bitlocker version used for the...

  4. Is there any way to get Bitlocker full disk encryption (not device encryption) on a laptop...

    in Windows 10 Ask Insider
    Is there any way to get Bitlocker full disk encryption (not device encryption) on a laptop...: I’m part of a Microsoft 365 Home family plan. Is there any way to implement full disk encryption using Bitlocker in this scenario? Or is Bitlocker FDE exclusively available to Windows 10 Pro editions? Device encryption isn’t enough for my use case - I need to be able to...

  5. Full disk encryption software

    in Windows 10 Ask Insider
    Full disk encryption software: Hello, I'm looking to fully encrypt a few computers at the house (running Windows 10 Home Edition). It seems most companies out there sell only to enterprise customers. I need something simple (my wife will never agree to dealing with VeraCrypt. You feel my pain?). I'm...

  6. Did trim works with encrypted ssd drive?

    in Windows 10 Network and Sharing
    Did trim works with encrypted ssd drive?: Hi did trim works on Ssd encrypted drive? Windows 10 Pro os https://answers.microsoft.com/en-us/windows/forum/all/did-trim-works-with-encrypted-ssd-drive/aef53eab-e9e4-45d3-b2e2-93bc5b240c4d"

  7. TPM and Full disk encryption

    in AntiVirus, Firewalls and System Security
    TPM and Full disk encryption: I have a new laptop (Lenova Yoga 730-13) with Windows 10 Home edition installed. It also has TPM for encryption. My question is this: Does TPM mean that I have Full Disk Encryption or do I need to upgrade to the professional version of Windows in order to achieve this?...

  8. SSD to support hardware based full disk encryption via BitLocker?

    in Windows 10 Drivers and Hardware
    SSD to support hardware based full disk encryption via BitLocker?: Hi everyone: I'm trying to build a new desktop PC and I'm wondering if you can suggest which SSD (and motherboard) do I need to purchase to have it support hardware based full disk encryption with Windows 10 via BitLocker? I'm currently settling on Intel Core i9-7900X...

  9. Can't enable Over Provisioning on Samsung SSD

    in Windows 10 Drivers and Hardware
    Can't enable Over Provisioning on Samsung SSD: It seems that I can't enable Over Provisioning on my Samsung 500GB EVO. I got W10 x64 along with Ubuntu installed. I shrinked 50GB (10%of the SSD) from the partition and I still can't get this thing enabled. [img] [img] 71169

  10. Over Provisioning on Samsung SSD (Magician)

    in Windows 10 Drivers and Hardware
    Over Provisioning on Samsung SSD (Magician): I left 50GB of my 500GB Samsung EVO 840 SSD at the end of the memory just for over provisioning. But it seems that they are not seen because they are allocated after my Fedora install. Any idea on how to work with this? [img] 102036

Users found this page by searching for:

  1. how does over provisioning work bitlocker