Factory Encrypted Drives
Updated: October 20, 2013
Applies To: Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2
You can install Windows® 8 and Windows Server® 2012 on factory-encrypted drives, also known as encrypted hard disk drives (eHDD). A factory-encrypted drive is a drive that is capable of full-disk encryption.
By default, when you install Windows® 8 and Windows Server® 2012 on a factory-encrypted drive, Windows automatically encrypts the drive by using Trusted Computing Group (TCG) and IEEE 1667 transport encryption standards.
To install Windows® 8 and Windows Server® 2012 onto a factory-encrypted drive, use the following:
Firmware: UEFI version 2.3.1 that has been configured to use the EFI storage security protocol.
Hardware: a hard disk drive that is capable of using TCG and IEEE 1667 transport encryption standards.
To use another encryption standard on your drive, you must first disable the automatic drive provisioning that Windows provides. To do this on a new installation, set the Microsoft-Windows-EnhancedStorage-Adm/TCGSecurityActivationDisabled Unattend setting to true. For more information, see the Windows® Unattended Setup Reference.