Correct. BLOCK_SID should only be enabled after the encryption process is complete. The BLOCK_SID function stops the drive’s encryption key from being changed, which is why you got the error.
To get the storage security options back, go into Magician and disable encrypted drive. The UEFI hides the storage security options when the drive OPAL functions are enabled, I’m guessing so they don’t step on each other. I think there’s some logic flaws in this process that lead to the issue we’re seeing.
I’m well aware that FW is knee deep into FW16 BIOS and USBPD related things…However it would be nice if they acknowledged this thread to let us know they are or will look into this issue. All FW laptops will clearly need a BIOS fix to allow the use of HW encryption for our SSD’s supporting this function. HW encryption not only will boost performance, but it should also increase battery life. HELP!
So happy I scored a deal on a 990 pro right now. /s
Fellow 990 Pro owner here, this needs to be a feature ASAP. If someone from Framework wants to give us an idea on if this is gonna happen or not, that would be nice 
@Kieran_Levin
What could we do to have Framework acknowledge this issue?
Would it help if we all open a ticket with the support so you can prioritize it?
Thanks for the detailed reports. We haven’t tested an 990 Pro or another SSD with hardware encryption, but this is something we will put onto the list for our sustaining software team to investigate. Note that the team is currently focused on 12th Gen BIOS followed by more general bugfixes on Ryzen 7040 Series, so we can’t share a target date for specific compatibility fixes. As folks in the thread have noted, we would recommend using software BitLocker in the interim.
Hey everyone, I just wanted to add that I am also experiencing the issues shown in this thread. I have a Framework 13 AMD R5 7640U together with an Samsung 990 Pro 4 TB. I want to use hardware encryption as well and I run into the “Boot device not found” issue. I do not yet need my laptop to work on, I bought it for my world trip starting in April. So I have the option to try things out because I don’t mind reinstalling windows a dozen times to test things.
I see now that I am not crazy and that there are firmware bugs in the FW BIOS. I was already almost sending back my SSDs thinking they were broken. The secure erase tool doesn’t work on encrypted drives and just gives a non-descriptive “Error (29)” when trying to erase it. But after finding that I could get them back to life with the PSID revert, I see that they are not broken but just get locked after you applied the encryption.
I did, in my attempt to fix the boot issue, erase all secure boot settings in the BIOS. I am not sure if that was a good move and how to get them back. I will try to reinstall my BIOS and see if that fixes it but if there is a different action I should take I would love to hear it. I am not that versed on the detailed inner workings of BIOS-es and HW encryption. (EDIT: I see I can reset the secure boot settings to factory defaults. No need for reinstall. I guess I am a bit cross-eyed for not seeing that straight away.)
I will keep an eye on this thread to see what people post and if anyone need me to test something.
Allow me to muddy the waters further: The 990 Pro just got a new firmware release. I’ll try testing it when I have some time but that won’t be for a while. See Station-Drivers - Samsung SSD990 Pro Firmware Version 4B2QJXD7 - Forum
My guess is that the issue is something closer to a BIOS issue than a firmware issue given that I can successfully use encrypted drive on other machines, but these are complex beasts, so who knows.
I just checked my SSD and for me there is no new firmware. I have the 4TB model which was released in september 2023. Samsung magician says this:
Samsung SSD 990 PRO 4TB | S7DPNJ0WA03036V
Latest Version 0B2QJXG7
You are currently running the latest version of Firmware.
So it is indeed more likely to be a BIOS problem, unless this new drive has the exact same firmware bug. They might share a bit of the code base, but that would probably mean your update is not going to help.
Might want to restart Samsung magician, shows an update for me after relaunching the app here.
This page claims the only fix is:
To address reports of high temperatures logged on Samsung Magician.
Hi
Why are so keen to use BL with HW encryption aka eDrive which has been shown insecure over 5 years ago?
I could not find any information on the net showing that this issue has been resolved - so why do u want an insecure BL installation?
The security flaw in the affected drives was resolved with firmware updates. The flaw wasn’t in the standard, it was in the implementation.
I mean I guess you could always go with LUKS and break the encryption by holding down the enter key.
Ok.
But Microsoft still has it disabled by GPO as standard, which doesnt look reassuring 
and getting it to work seems still be very messy.
T700 and 990Pro should work, but its hard to find any reliable info on which drives are working with it.
I would guess the reason that it’s not standard in GPO is because it’s not supported by all drives. Getting it to work requires specific steps, but it’s not very hard. I have it working on the 990 Pro on my GPD Pocket3, and the battery and performance advantages on it over software encryption are quite noticeable.
The issue at hand is that the feature is “supported” in the BIOS, but something is keeping it from functioning properly. I won’t say that using the hardware encryption on the drive is a security panacea or fits everyone’s threat model, but for those of us who understand it and want to use it it’s frustrating to have the way blocked by bugs.
Ok, thx.
I will probabaly switch to a Thinkpad T14s as I now do need WWAN during some days, which Id di not consider when I ordered my FW - still love the FW though…
Assuming this is going to be an issue with older gen Samsung drives (970, 980) due to it being BIOS related? And other drives that support OPAL and eDrive?
It will probably affect all drives yes. You can try it but don’t get your hopes up. I hope the FW13 AMD will get some love soon with some updates.
For your information, the BIOS version 3.05 for AMD 7040 has not resolved the issue. The Samsung Pro 990 in ‘ready to encrypt’ state still lacks the option to disable block SID in BIOS.