Bitlocker Recovery Key Asus

[Laura N Gerard]

So, a few days ago right after my Zephyrus hung in a weird way in which I had to unplug it from mains and press the power key in the keyboard for a long time so it will revive, it did so showing me a message which I had only seen once.

I had previously seem a BIOS menu that let you restore -various kinds of- certificates. I hadn't messed with it, but seeing as the certificate count in each category was 0, I chose to execute the restore option. It seemed to work, I don't remember how many were loaded (like, 20-30 ?), so I thought one of them served as the decoding key for bitlocker and somehow I had dodged a bullet.

Cutting to the end, I was able to log in from a friend's computer into my Microsoft account web, and THANKS TO GOD I was able to fetch the bitlocker recovery key, which then I input and made it able to boot to Windows.

Also, the erase of the CMOS -or whatever other memory storage- seemed to have triggered by me holding the power button for a long long time (maybe 60 seconds ?), as the laptop wasn't booting up with every other thing I tried. Keep that in mind.

We installed the Sophos 7.00.2.23 SGN client on an ASUS UX-303-U notebook, we weren't prompted to install bitlocker by the client. It did communicate with the server with no issues. We initiated bitlocker manually from control panel and saved the recovery key file. After several reboots and needing to put the recovery key in we are at the following set of circumstances.

From boot the first instance we enter in the PIN, it fails, hitting enter to try again it then entering in the PIN it works. Every time we tried the first time always fails. Once the PIN is input and accepted the notebook boots etc.

Hi, I am using Microsoft windows 10 pro and I just noticed that my computer has bitlocker enabled by default, but I don't have the recovery key. I am afraid of losing my important data and I don't have any secondary copy of files. Is there any way to back up the key to safe place and what is the prefer way to store it. I will appreciate if someone will help in this.

As I can see from the screenshot, I would suggest you to save to a USB drive, and then you should save it online on secure cloud such as OneDrive, iCloud, or GDrive. It is not recommended to save recovery file locally.

It is fine to store Bitlocker recovery key in your email, however, I would suggest you to register your computer with Microsoft Account (If computer is not a domain joined) and backup your recovery key on that account. If your computer is a domain joined, you need to contact your system administrator to enforce a policy for the backup on AD (Active Directory).

I am setting up a brand new machine with the above drive and have installed a discrete TPM 2.0 header on the motherboard to allow me to use hardware encryption with BitLocker. Windows 10 Pro x64 1903 is in use.

I installed Windows and Samsung Magician 6.0 and switched on drive encryption within the Encrypted Drive part of the tool. It shows "Ready to Enable" as a status. I create the Secure Erase tool, but the tool cannot find the drive. Going back into Windows I updated the drive's firmware to 2B2QEXM7. I reboot and run Secure Erase. The drive is successfully detected and the tool reports that it completed successfully. On rebooting the computer cannot detect bootable media, indicating success.

I disable Legacy USB and CSM support in UEFI, then boot my Windows 10 USB installer. The drive is showing as empty, no partitions. I create a single disk partition (with Windows creating its standard recovery partitions) and finish the install.

After booting into Windows I install Samsung Magician, but Encrypted Drive is still reporting the drive as "Ready to Enable" rather than "Enabled". I try repeating the Secure Erase and installing Windows process, but the status is still "Ready to Enable".

I've done this previously (on a different computer) with a Samsung SS 840 EVO, but did not encounter this problem. At this point I am not sure what more I can do. It would seem that Secure Erase is not flipping whatever switch it is supposed to, but it's not reporting any errors and is erasing the drive. The Windows 10 install is on a completely fresh drive.

I have this problem too. I bought SSD M.2 Samsung 970 EVO Plus and I can't enable hardware encryption. Status of my SSD is "ready to enable". Also I Have 970 PRO and on the same PC is hardware encrypted and work correctly as bootable disk. I asked ASRock (motherboard factory) about this problem. But they tell me about good work of hardware encryption of 970 Evo Plus ( they send me screenshot with the same PC: same motherboard, same BIOS, same CPU). But I see one thing. ASRock use 970 Evo plus with firmware 1B2QEXM7 and older Samsung Magician, but I use firmware 2B2QEXM7 and new Samsung Magician 6.0. I think problem with firmware 2B2QEXM7 and Samsung must to update firmware of 970 EVO Plus. What do you think about it, Samsung?

I contacted Samsung support regarding this issue, but got no where. They are blaming the motherboard (an ASUS PRIME X570-P) and suggesting that it may not support hardware encryption for an NVME device, but ASUS say that it does. Samsung also pointed me at Microsoft, though I'm not sure what it is to do with them in this instance.

I have a Asus Prime X570-PRO motherboard and faced the exact same issue. The motherboard supports hardware encryption, but when it comes to enabling it in the samsung SSD, I am not sure what is happening. I had to put the SSD on another computer (a HP 820 G3 - that does not support bitlocker hardware encryption - and after doing a secure erase on that laptop the Encrypted Drive status switched to Enabled.

Changed the drive back to my Asus motherboard, and was able to install windows and enable Hardware Encryption using bitlocker. Had to set the Group policy to require hardware encryption and enable the fTPM.

I performed a PSID revert, and tried to enable the Encrypted Drive on the Asus motherboard again, but it won't do it. I can only do it on my HP 820 G3 that doesn't even support that feature.

I was dealing with same issue for last two weeks, after inserting brand new 970 EVO Plus into my machine (FW Version 2B2QEXM7). I also do have 3 more SATA SSD in my machine - Samsung EVO 850, EVO860 & Crucial MX500 - all 3 are with enabled Hardware Encryption. But 970 EVO Plus had stuck on "Ready To Enable" in Samsung Magician, and as a result BitLocker was unable to utilize Hardware Encryption on this drive :(.

My MB is Gigabyte H370 AORUS GAMING 3 WIFI (latest F14e BIOS). I do have discrete TPM inserted into MB header and I'm using it. But I guess discrete TPM is not really a must have for enabling HW encryption - most likely PTT (think of it like UEFI software TPM) would also work.

It seems what these newer Samsung SSDs are respecting "Block SID" setting in MB UEFI. While it is ENABLED - You can not manipulate Security Features of SSD, hence You can not set "Encrypted Drive" to ENABLED. And without that - BitLocker will not see Your SSD as being "Hardware-Encryption capable". Here some screenshots proving that:

To enable "Encrypted Drive", I had to temporary disable "Block SID". Now, on some MB this can be done in UEFI (BIOS). But my MB does not has this option. However, I was able to disable "Block SID" with those commands in Windows 10 powershell:

3a8082e126