search icon
Close

What are you looking for?

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Hardware Device Encryption and cloning

(Topic created on: 16-03-2025 06:08 PM)
1001 Views
Paindude
First Poster

‎16-03-2025 06:08 PM

Options

SImple question: I have a secure erased Samsung 870 EVO.  Booting to my currently unencrypted Samsung 870 EVO drive, I use Samsung Magician to enable Device Encryption on this securely erased SSD.  The question: what happens if I use Samsung Magician to Clone from my unencrypted 870 EVO to this securely erased, no device-encrypted-enabled SSD?  It is usable? Can Windows Bitlocker use hardware encryption for it? (preferred)  I can do the experiment, but I'd rather find out if someone has already tried this.  The goal is to enable Samsung SSD hardware encryption with Bitlocker managing it, while not having to literally reinstall not only the OS, but every single app I've got on it.

0 Likes
14 REPLIES 14
Paindude
First Poster

‎16-03-2025 06:10 PM

Options

Dammit, mistyped the question. Corrected below: 

SImple question: I have a secure erased Samsung 870 EVO.  Booting to my currently unencrypted Samsung 870 EVO drive, I use Samsung Magician to enable Device Encryption on this securely erased SSD.  The question: what happens if I use Samsung Magician to Clone from my unencrypted 870 EVO to this securely erased, NOW device-encrypted-enabled SSD?  It the new encrypted SSD usable? Will it boot?  Can Windows Bitlocker use hardware encryption for it? (preferred)  I can do the experiment, but I'd rather find out if someone has already tried this.  The goal is to enable Samsung SSD hardware encryption with Bitlocker managing it, while not having to literally reinstall not only the OS, but every single app I've got on it.

0 Likes
Paindude
First Poster

‎16-03-2025 06:11 PM

Options

!@#$!! Another typo, "IS the new encrypted SSD usable?..."

0 Likes
Paindude
First Poster

‎16-03-2025 06:12 PM

Options

And I am using WIndows 11 Pro.

0 Likes
arianwen27
Black Belt 

‎16-03-2025 06:42 PM - last edited ‎16-03-2025 06:43 PM

Options
So, samsung magician encryption is hardware based. So if you clone an encrypted drive to a non encrypted drive, the clone will be unencrypted.

In my experience, bit locker never actually uses hardware encryption on a device, even if you tell it to. If you clone a bitlocker drive to an unencrypted drive, that second drive will now have bitlocker encryption.

TLDR, samsung encrypted drive is hardware. Meaning once it's unlocked, it can be cloned as if there was no encryption.
Bitlocker encrypted drives will clone the encryption over to the new drive.

Hardware encrypted drives kinda act like all the data isn't encrypted, as the drive handles that stuff.
Bit locker has the kinda raw data you see as encrypted, that your PC then decrypts

You wrote a lot so if you have any direct questions, just ask in a reply
0 Likes
arianwen27
Black Belt 

‎16-03-2025 06:50 PM - last edited ‎16-03-2025 06:53 PM

Options
In response to arianwen27
Oh also, I'd personally say bitlocker is better than samsung hardware encryption

In the past, hardware encryption has used weak algorithms and sometimes don't generate their own keys too well. I'd hope thats no longer an issue though. Plus recovery can be hard if you the user doesn't know the key within the drive. In hardware failure or recovery, you get stuck. You don't know what goes on in that chip.

Though the main factor is to unlock the drive, you usually have to run an exe file to enter your code. Work and public computers don't allow that.

Again, as a me thing, I say software encryption is just a more versatile tool that can be recovered easier. It can be slower on some systems depending on things but I personally don't see much of a difference with bitlocker set to xts aes 256 bit mode
0 Likes
Paindude
First Poster

‎16-03-2025 07:11 PM

Options
In response to arianwen27

Thanks for the reply. However, the question was about cloning FROM the NONENCRYPTED drive TO the device ENCRYPTED drive.  Not the other way.  Appreciate your thoughts on the bitlocker software encryption, though, even though it's a drag on resources 

0 Likes
arianwen27
Black Belt 

‎16-03-2025 07:20 PM

Options
In response to Paindude
Aaah, if you clone an unencrypted drive to a hardware encrypted drive, the hardware encryption should stay on. So now you have a non encrypted and encrypted copy of your data
0 Likes
Paindude
First Poster

‎16-03-2025 08:54 PM

Options
In response to arianwen27

So, just to recap:

1. Booting from my unencrypted, win11 pro OS/data Samsung 870 EVO SSD, I secure erase and Device encrypt another Samsung 870 EVO SSD. 

2. Then after encrypting the now blank and Device Encrypted SSD, I clone my current unencrypted OS/data SSD to the encrypted drive. 

3. I now reboot to the encrypted drive, and after opening it, I can apply bitlocker hardware encryption, and use a USB stick instead of TPM.

Is the above right?

0 Likes
arianwen27
Black Belt 

‎16-03-2025 09:03 PM - last edited ‎16-03-2025 09:04 PM

Options
In response to Paindude
Windows won't boot from an encrypted drive unless you use bitlocker or setup something special. So hardware encrypting a drive, then cloning to it will make a clone, but your PC won't know how to unlock it to boot from it
0 Likes