Archive for September 5th, 2018

Symantec Endpoint Encryption | Dell M.2 NVMe | Intel Rapid Storage Technology | RAID | AHCI

Wednesday, September 5th, 2018

2018-09-05 Initial Post

SEE will not work on certain models of computers that have Intel Rapid Storage (sometimes spelled Restore) Technology set to RAID. You must change that to AHCI prior to installing the OS. After the OS is installed, you may install SEE and start encryption. If you try to encrypt while the system is still set to RAID, encryption will not begin - it just won't work and there's no obvious error message.

From my understanding, the issue is because the pre-boot OS used by SEE does not have the drivers to access the Intel RAID volumes. Even Windows PE 10 does not have the drivers so I had to download the drivers for the laptops listed below and run drvload.exe to install them on the fly after booting up to WinPE (e.g. drvload.exe iaAHCIC.inf).

  • Dell XPS 13 9360
  • Dell XPS 13 9365
  • Dell Precision 7730

Also, in Windows 10, BitLocker may be enabled and need to be activated, then the drive must be decrypted before SEE will work properly. If the Windows 10 image was just loaded, it will take a while for the drive to finish encrypting with BitLocker - let it complete, then activate BitLocker (this basically involves saving the encryption key) and then decrypt the drive. Once the drive is completely BitLocker decrypted, you may install SEE and encrypt with it.

Some Symantec KBs for reference:

Systems unable to boot properly after Encrypting disk with Symantec Drive Encryption when BIOS set to RAID On

https://support.symantec.com/en_US/article.TECH233048.html

 

Best Practices: Symantec Endpoint Encryption and Symantec Drive Encryption

https://support.symantec.com/en_US/article.TECH149543.html