Windows 10 adds security feature to ensure encrypted SSDs aren’t compromised

If you use encryption to protect the data on your SSD running Windows 10, then you’ll want to know about a change Microsoft has recently implemented in the preview version of the OS, switching its BitLocker tool to default to software encryption rather than hardware, after major security issues were discovered with the latter last year.

Let’s briefly rewind to June of last year, then, when vulnerabilities were discovered when it came to the hardware encryption of self-encrypting SSDs. It emerged that this encryption could be bypassed relatively easily by re-flashing the firmware of the drive (note that the problem only affects solid-state drives, not traditional hard disks).

And BitLocker used hardware encryption rather than software by default, because it’s a faster method that consumes less system resources.

Last summer, Microsoft suggested that users switch to software encryption because of the aforementioned potential exploit that could be leveraged against hardware encryption.

And now the company has actually switched the default encryption to software – at least in testing for now – for this exact reason, even though it’s not optimal in terms of resource usage.

Configure it out

As Tero Alhonen spotted on Twitter (via MS Power User), under group policy settings, BitLocker now tells you: “If you do not configure this policy setting, BitLocker will use software-based encryption.”

Windows 10 build 18317 BitLocker GPO opts out hardware-based encryption."If you do not configure this policy setting, BitLocker will use software-based encryption" Used to be"If you do not configure this policy setting, BitLocker will use hardware-based encryption" pic.twitter.com/5oMybPHP3UJanuary 16, 2019

As we mentioned, this is only the case for those testing Windows 10 at the moment, having been introduced in the latest preview build of the operating system. Build 18317 also made a major change in terms of divorcing Cortana from the search box on the taskbar.

Microsoft is trying to push on the security front with Windows 10 of late, having introduced a number of fresh features such as password-free logins, and a new Windows Sandbox which provides a temporary isolated environment in which to open potentially suspicious files.

Some of the best laptops of 2018 run Windows 10

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).