What's new

Windows 10 Home and Bitlocker

swatson7122

New Member
I just picked up a surface 3 tablet last week and was having issues with Bitdefender and secure Boot. Anyway I noticed it was asking for a recovery key during advanced boot up and realized the recovery keys were coming from Bitlocker. After logging into windows I realized Bitlocker was in fact installed and the drive is encrypted. I thought Bitlocker was limited to Windows 10 Pro edition? Can anyone else confirm this is available on there Surface 3 Tablet?

Thanks.
 

patters

New Member
Yes that is normal. I have a Surface 3. All Surface devices have this, even the Windows RT ones. Can you do me a favour? I recently clean installed my Surface 3 with Windows 10 and there seems to be some doubt as to whether clean installs of Threshold Update 2 version have working hardware drive encryption. Please can you launch PowerShell as Administrator and post your output of the following command:
Code:
PS C:\Windows\system32> manage-bde -status
BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: []
[OS Volume]

    Size:                 115.93 GB
    BitLocker Version:    2.0
    Conversion Status:    Used Space Only Encrypted
    Percentage Encrypted: 100.0%
    Encryption Method:    XTS-AES 128
    Protection Status:    Protection On
    Lock Status:          Unlocked
    Identification Field: Unknown
    Key Protectors:
        Numerical Password
        TPM

PS C:\Windows\system32>
There is some suggestion that the Encryption Method should say "Hardware". What does it say on yours?
 
Last edited:

GreyFox7

Super Moderator
Staff member
Yes that is normal. I have a Surface 3. All Surface devices have this, even the Windows RT ones. Can you do me a favour? I recently clean installed my Surface 3 with Windows 10 and there seems to be some doubt as to whether the Threshold Update 2 version is working properly with hardware drive encryption. Please can you launch PowerShell as Administrator and post your output of the following command:
Code:
PS C:\Windows\system32> manage-bde -status
BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: []
[OS Volume]

    Size:                 115.93 GB
    BitLocker Version:    2.0
    Conversion Status:    Used Space Only Encrypted
    Percentage Encrypted: 100.0%
    Encryption Method:    XTS-AES 128
    Protection Status:    Protection On
    Lock Status:          Unlocked
    Identification Field: Unknown
    Key Protectors:
        Numerical Password
        TPM

PS C:\Windows\system32>
There is some suggestion that the Encryption Method should say "Hardware". What does it say on yours?
It would be interesting to see but I'm not sure if the eMMC drive(s) would have hardware encryption although the SP SSDs do.
 

patters

New Member
My Surface RT and Surface 2 have Encryption Method: AES128, and they have similar eMMC storage so I guess what I'm seeing is likely to be normal. Apparently some Surface Pro 3 units have SSDs that don't support eDrive - it's kind of pot luck.
Apparently this XTS-AES128 method is new with Threshold 2.
 
Top