How to configure BitLocker hardware-based encryption for fixed data drives

To configure BitLocker hardware-based encryption for fixed data drives, follow these steps: To learn more about these steps, continue reading. For getting started, you need to open the Local Group Policy Editor on your computer. To do that, press Win+R to open the Run prompt, type gpedit.msc, and press the Enter button. Then, navigate to this path: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Fixed Data Drives Here you can find a setting called Configure use of hardware-based encryption for fixed data drives. You need to double-click on this setting and choose the Enabled option.

Now you can see and enable two settings:

Use BitLocker software-based encryption when hardware encryption is not availableRestrict encryption algorithms and cipher suites allowed for hardware-based encryption

You can enable these settings by ticking the corresponding checkboxes. Finally, click the OK button to save the change.

Configure BitLocker hardware-based encryption for fixed data drives using Registry

To configure BitLocker hardware-based encryption for fixed data drives using Registry, follow these steps: Let’s check out these steps in detail. First, search for regedit in the Taskbar search box, click on the search result, and click the Yes button in the UAC prompt to open Registry Editor. Then, navigate to this path: Right-click on Microsoft > New > Key and name it as FVE.

Right-click on FVE > New > DWORD (32-bit) Value and name them as follows:

FDVAllowSoftwareEncryptionFailoverFDVHardwareEncryptionFDVRestrictHardwareEncryptionAlgorithms

Following that, double-click on the FDVHardwareEncryption and set the Value data as 1.

Next, double-click on the rest of the two REG_DWORD values and set the Value data as 1 to enable and 0 to disable. Once done, right-click on FVE > New > Expandable String Value and set the name as FDVAllowedHardwareEncryptionAlgorithms. Next, double-click on it and set the Value data as 2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42. Finally, close all windows and restart your computer. Read: The Startup options on this PC are configured incorrectly Bitlocker error

How do I make BitLocker use hardware encryption?

You can make BitLocker use hardware encryption instead of software encryption with the help of the Local Group Policy Editor or Registry Editor. For that, you need to open the Configure use of hardware-based encryption for fixed data drives setting and choose the Enabled option. Then, remove the tick from the Use BitLocker software-based encryption when hardware encryption is not available checkbox and click the OK button. Read: Turn On BitLocker for Windows System Drive without TPM

Does BitLocker use hardware encryption?

Yes, BitLocker may use hardware encryption as long as your computer has the facility. If hardware-based encryption is not available on your computer, BitLocker may use software-based encryption. Whether it is for the removable drive or fixed drive, the policy is same for all. That’s all! Hope this guide helped. Read: Turn On or Off Auto-unlock for BitLocker Encrypted Data Drives in Windows 11/10.