Issues enabling BitLocker hardware encryption (Windows Encrypted Hard Drive) on AMD 7840

Framework Laptop 13
71

We have a solution for the no-boot issue with hardware encryption on OPAL devices and will begin implementing it across all products.

Here is the validation steps we did with Samsung 990pro

  1. Prepare the SSD
    1.a To get started, install the SSD and have your Windows 11 Pro installation media ready.
    1.b If the SSD was previously locked, perform a PSID Revert and Secure Erase to clean the drive.

  2. Clean the SSD during the Windows installation process.
    On the Windows installation screen:
    Press Shift + F10 to open Command Prompt.
    Type:
    ->diskpart
    ->list disk
    ->sel disk 0 (select the disk where Windows will be installed, e.g., Samsung 990 Pro)
    ->clean (This will erase all data on the disk)
    Close Command Prompt, refresh the installer, and proceed with Windows installation.

  3. Verify Encrypted Drive Support
    After completing the Windows installation, install Samsung Magician. Once installed, confirm that “Encrypted Drive” is enabled in the drive information. (This requires an internet connection.)

  4. Enable hardware encryption for BitLocker
    ->Open Edit Group Policy (Run gpedit.msc).
    ->Computer Configuration → Administrative Templates → Windows Components → BitLocker Drive Encryption → Operating System Drives
    ->Open “Configure use of hardware-based encryption for operating system drives”.
    ->Set it to Enabled.
    ->(Leave additional options as default; no need to select specific encryption types.)

  5. Encrypt the drive using BitLocker
    Reboot the system.
    In Windows, right-click Local Disk (C:) → select “Turn on BitLocker”.
    Choose a method to unlock the drive (e.g., Microsoft recommended option).
    Save the recovery key to a secure location.
    Complete the BitLocker setup wizard.

  6. Verify encryption progress
    Open Command Prompt as Administrator.
    ->manage-bde -status
    Confirm:
    Encryption Method: Hardware Encryption
    Percentage Encrypted: 0% (initial state).

  7. Reboot and complete encryption
    Restart the system.
    ->Run manage-bde -status again to confirm:
    Encryption Method: Hardware Encryption
    Percentage Encrypted: 100%

  8. Restart the system again to verify that it still boots properly.

4 Likes
BIOS guide
SED drives in Framework Laptop 16 AI 300 BIOS 3.04 not working