14 DAY TRIAL // One of the silent changes that Microsoft could be making in Windows 10 version 1903 concerns the BitLocker encryption offered on supported devices.
While in the current versions of Windows 10, including the October update, the operating system uses hardware-based encryption when available, the upcoming feature update would switch to software-based encryption by default, as discovered recently.
Microsoft has modified the BitLocker policy on Windows 10 to state that “if you do not configure this policy setting, BitLocker will use software-based encryption,” whereas in older versions hardware-based encryption is enabled by default.
Hardware encryption bug
While Microsoft hasn’t provided any information on this change, it’s believed this is the result of an issue discovered in November 2018 and affecting the hardware encryption system of several SSD models.
Due to the bug in the hardware encryption, Microsoft’s BitLocker feature was rendered useless, and users were recommended to switch to software-based encryption to avoid exposing their data.
“Microsoft is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting drives (SEDs). Customers concerned about this issue should consider using the software only encryption provided by BitLocker Drive Encryption. On Windows computers with self-encrypting drives, BitLocker Drive Encryption manages encryption and will use hardware encryption by default,” the software giant said at that time.
Windows 10 version 1903 is projected to be finalized in March, while the public rollout should kick off in April. Microsoft still has a couple of months to refine these settings, but there’s a good chance software-based encryption would be used by default in order to prevent such bugs from exposing data.
If you are running the most recent Windows 10 preview build, you can see the new policy by launching the Group Policy Editor and heading over to this path were all BitLocker-related policies are located:
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption