This article is more than 1 year old

Microsoft encrypts explanation of borked Windows 10 encryption

Disk vault Bitlocker snubs self-encrypting drives – when's the fix?

We know Microsoft can be pretty secretive about its spyware-as-a-service Windows 10, but Redmond has now taken its furtiveness to a whole new level.

You may or may not know that its disk encryption tool Bitlocker has suddenly stopped working in the latest version of its operating system for a number of people.

Bitlocker refuses to work if you try to enable it on a self-encrypting drive with the hardware-accelerated encryption switched on: when you do a clean install of the latest build of Windows 10 – the November 2015 edition aka version 10586/1511 – you'll find you're unable to enable Bitlocker on your self-encrypting drive.

This affects a good number of folks, who were looking forward to using Windows 10 on their self-encrypting flash drives. One frustrating solution is to install an older version of the OS from scratch, enable Bitlocker with hardware encryption, and then gradually bring it up to version 1511 via Windows Update.

Microsoft pulled .ISO images of the November release, used to perform clean installs of version 1511 of Windows 10, but later reinstating the files after fixing a privacy bug. There was no mention of the Bitlocker issue, although version 1511 did add support for 256-bit XTS-AES encryption, which is performed by software rather than your drive's hardware. That may have something to do with it. Some readers have told us the reinstated .ISO download is actually still build 10240 of Windows 10 from July, so your mileage may vary.

To the crux of the matter: we asked Microsoft to shed some light on the problem, and hopefully get an ETA for a fix for this encryption snafu. The patch KB3116908 released on Wednesday didn't fix it. We asked Redmond twice – before and after the Thanksgiving break here in the US – for any information at all. Anything.

Aptly for the trouble at hand, we were sent a statement enciphered using an algorithm and key we cannot possible fathom, rendering it roundly indecipherable. Can you make any sense of this?

Windows is the only platform with a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection. Our standard policy is to provide solutions via our current Update Tuesday schedule.

Where's GCHQ when you need it? ®

More about


Send us news

Other stories you might like