0

I've noticed recently that when adding NVMe drives to Windows, it has a tendency to mark them as removable. I think this is more likely on "enterprise" NVMe SSDs, at least in my experience. For my own PC or less critical stuff, I'm not too bothered when it shows up in the system tray offering to safely eject it, since otherwise there's no other ill effects. Note that in almost all cases I'm using the Microsoft NVMe driver.

Where I start having issues is on servers, especially when I want to Bitlocker a volume on an NVMe drive. Bitlocker insists that since the drive is removable, it must be "Bitlocker To Go", and thus auto-unlock can only be done at a user level, not a system level. The problem also extends to Storage Spaces built on these "removable" NVMe drives, and Bitlocker treats the Storage Space as "removable" as well.

So firstly: Is there a way to override the removable flag for NVMe drives (individually or as a whole)?

If that cannot be done, can I override the removable flag in Storage Spaces so that the software disk is not marked as removable?

And finally, if all else fails, is there a way to force Windows to set up system-level auto-unlock on a removable disk?

DraugTheWhopper
  • 1

1 Answers1

0

I can only offer a workaround. The drive should be unlocked automatically but should still be secured (inaccessible when not inside that machine).

So you may setup a scheduled task that unlocks it using the recovery password. The script goes

manage-bde -unlock x: -rp 177199-319715-458425-...somekey...-323378-554136-596024-011627

This is only secure when you can make sure that the script file is inaccessible to untrusted parties. Best would be to store it on a network share of a secured server.

Bernd Schwanenmeister
  • 482
  • 2
  • 5
  • I was aware of this option, but I'm really hesitant to use it because it goes so far outside of the "regular" way of doing Bitlocker. – DraugTheWhopper Sep 28 '21 at 20:37
  • Yes, I agree. I'd ask the manufacturer of the hard drive controller (NVME Interface) if this behavior is expected and make him realize what problems it causes. – Bernd Schwanenmeister Sep 29 '21 at 14:23
  • Well, in the SATA days, we could ask the controller to pretty please mark disks correctly, but doesn't the game change completely once you're in NVMe world? After all, there is no "controller" except for the Microsoft driver that turns NVMe into Windows block storage. Is it really a case of all these enterprise SSDs sending an incorrect NVMe flag that somehow marks it as removeable? I get that maybe it's worth marking as "hotpluggable", but Windows still treats it as "removeable", with all the ensuing annoyance. – DraugTheWhopper Sep 29 '21 at 23:08
  • "After all, there is no "controller"" - I am not sure what you mean by that. On my board, there's for example a "Samsung NVMe controller" in device manager and surely, there will be driver updates for that one that might correct problems, possibly yours. Possibly, fixes like https://support.microsoft.com/en-us/topic/internal-sata-drives-show-up-as-removeable-media-1f806a64-8661-95a6-adc7-ce65a976c8dd exist for your NVMe controller driver, too. It could also be that your UEFi firmware offers settings for your NVMe. – Bernd Schwanenmeister Sep 30 '21 at 13:06