SED eDrive unprovisioning

Hi, I recently bought a Self Encrypting Drive from Samsung, an 840EVO SSD, it comes OPAL 2.0 and Microsoft eDrive compatible.
During a Windows 8.1 test install, windows silently enabled the eDrive functionality, provisioning my SSD; I could use it no problem with BitLocker.

However that Windws 8.1 install was only a test-drive, I don't plan on using windows on my laptop, so I need to un-provision the SSD from the eDrive/Opal mode of operation, to plain ATA/AHCI, to issue an enhnanced secure-erase command and to enable Class 0 encryption by setting an ATA security password.

Please note that while operating under eDrive specifications, the disk doesn't accept ATA Security Erase/Enhanced Security Erase commands nor ATA security passwords.

Samsung, which produces the drive, told me to ask Microsoft Tech Support how to disable this functionality in software.

I have the drive's PSID security number in case it's needed, any help would be really appreciated, eDrive functionality provisioning wasn't a requested feature for me, and right now the drive is unusable for my needs/scenario.

Any help would be really appreciated.

Thank you.

Alessandro Lannocca
 

Question Info


Last updated July 8, 2019 Views 10,616 Applies to:
You need what's referred to as a PSID reverting tool.  It takes as input the 32-character PSID printed on the drive label, and uses it to reset the drive to factory state.  This means, security inactive and crypto-erased.  

As far as I know, all of the eDrive manufacturers have such a tool for exactly this reason - because Microsoft enables the eDrive feature by default in Win8/Win8.1 setup and doesn't provide a way to undo it.

I know this doesn't help you now, but there are 2 ways to prevent MS from enabling the eDrive:
1.  set a HDD password in BIOS (because eDrive cannot become enabled while ATA security is enabled, and vice-versa).
2.  set a registry entry prior to letting Windows Setup partition the drive:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices]
"TCGSecurityActivationDisabled"=dword:00000001

In other words, when you boot the Win8 setup DVD, press shift-F10 to load a command prompt, then set this registry entry BEFORE continuing with Win8 setup.

Back to your original question, ask Samsumg directly for their PSID revert tool.

I don't think Microsoft has this tool, nor do they see a need for this tool, because in their dreamland everyone runs Win8 with BitLocker so there's no need to PSID-revert an eDrive to use it for any other purpose.

3 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Does anyone knows when the eDrive activated, what to expect the PIN?

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.