Problems with self-encrypting drives

Microsoft has published ADV180028

The advisory explains the recently discovered vulnerabilities for self-encrypting drives. SED’s means that the drive is encrypted using the hardware instead of software only encryption provided by BitLocker Drive Encryption™.

The vulnerability was discovered by Carlo Meijer and Bernard van Gastel from the Radboud University in the Netherlands.

Verify encryption method using Powershell

Get-BitLockerVolume | select encryptionmethod,mountpoint,VolumeType

bitlocker

In this example, the device is not vulnerable since hardware encryption is not present.

This code smippet will return if the machine is vulnerable or not (compliant $true) (vulnerable $false) based on encryption method which can be used with SCCM to get an overview in larger Environments.
$BitlockerVolume = Get-BitLockerVolume | select encryptionmethod,mountpoint,VolumeType,ProtectionStatus |? { $_.VolumeType -eq "OperatingSystem" -and $_.ProtectionStatus -eq "On" }

switch ($BitlockerVolume.encryptionmethod) {
Aes128 { $true }
Aes256 { $true }
Aes128Diffuser { $true }
Aes256Diffuser { $true }
XtsAes128 { $true }
XtsAes256 { $true }
Default { $false }
}

This work was done together with Jörgen Nilsson (https://ccmexec.com) who has a detailed post about this and how to use SCCM to get the current status of compliant devices which is linked to below. He also provided a cab-fil which can be imported

Bitlocker Compliance using SCCM including Hardware encryption check

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.