Windows 10 currently uses hardware-based encryption based on the device being used. However, buried in the Windows 10 19H1 previews is a software-based encryption. BitLocker policy has been updated to reflect the change on Insider releases of Windows 10. The new policy states that “if you do not configure this policy setting, BitLocker will use software-based encryption.” In other words, if you do not specifically instruct BitLocker to use hardware-based encryption, it won’t. Perhaps Microsoft has moved down this route due to a recently discovered hardware encryption flaw discovered in some SSD models. A vulnerability affecting hardware-based encryption on solid state drives (SSDs) was discovered in November.
“If you do not configure this policy setting, BitLocker will use software-based encryption” Used to be “If you do not configure this policy setting, BitLocker will use hardware-based encryption” pic.twitter.com/5oMybPHP3U — Tero Alhonen (@teroalhonen) January 16, 2019 Hackers could access the drive and transfer data without needing password authentication. Microsoft said users should use software-based encryption to avoid future issues: “Microsoft is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting drives (SEDs). Customers concerned about this issue should consider using the software only encryption provided by BitLocker Drive Encryption. On Windows computers with self-encrypting drives, BitLocker Drive Encryption manages encryption and will use hardware encryption by default,” the software giant said at that time.
BitLocker Issues
Not that BitLocker is immune to problems. Just last week we discussed an ongoing problems with BitLocker on Lenovo’s IdeaPad 300S. Users say after new updates, the BitLocker keeps throwing blue screen of death (BSOD) errors at them. The machine then asks for the recovery key even if they user has never set one. Microsoft insists this is a hardware problem with the IdeaPad 100S and maybe other PCs in the series.
