The Notebook Review forums were hosted by TechTarget, who shut down them down on January 31, 2022. This static read-only archive was pulled by NBR forum users between January 20 and January 31, 2022, in an effort to make sure that the valuable technical information that had been posted on the forums is preserved. For current discussions, many NBR forum users moved over to NotebookTalk.net after the shutdown.
Problems? See this thread at archive.org.

    [GUIDE] Dell XPS 13: how to upgrade the SSD, clean install, and enable BitLocker

    Discussion in 'Dell XPS and Studio XPS' started by Nicels, May 14, 2016.

  1. Nicels

    Nicels Notebook Guru

    Reputations:
    29
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    15
    Foreword: I'm posting this walkthrough because I struggled with the "enable BitLocker" part for over an hour and found no guide explaining how to proceed. I've done it on other notebooks but there are significant hurdles that are specific to the Dell XPS 13. Here's hoping this guide will help you save time.

    What this guide will help you do
    1. Replace the factory SSD with a larger capacity Samsung SSD
    2. Clean install of Windows 10 (might also work with Windows 8)
    3. Optional: Enable BitLocker, leveraging the SSD's hardware encryption for best performance. Samsung M.2 SSD drives support hardware encryption.

    (Side note: The XPS 9350 has a working TPM [Trusted Platform Module], which you can choose to use for BitLocker. This is optional. You can use the SSD hardware encryption without using the TPM as an authentication method.)

    Why is there no cloning instructions in this guide?
    Two reasons: 1) I want a clean install with no Dell crapware preinstalled and 2) I want to enable BitLocker with hardware encryption. Cloning won't work in this scenario. Plus, you'll find cloning guides on the Internet with a Google search.

    Why would I want to enable BitLocker?
    If you want an easy way to have FDE (full-disk encryption), easily protecting your computer from unwanted access and foiling data thieves, BitLocker is the way to go.

    BitLocker is compatible with Samsung's built-in SSD hardware encryption, so you get encryption with very low overhead and battery life penalty. Enabling hardware encryption is an especially convoluted process with Samsung SSDs, but it is worth the hassle if you need/want the security. You need to do it right if you don't want the performance penalty of having BitLocker running in software instead of hardware mode.

    What will I need?
    - Dell XPS 13 9343/9350, Samsung M.2 SSD (probably works on Dell XPS 15 too)
    - Torx T5 & Phillips screwdrivers
    - USB key (at least 8 GB, USB 3 recommended)
    - Windows 10 ISO. For BitLocker, Windows 10 Pro
    - Rufus
    - Samsung Magician (essential to enable BitLocker)
    - Parted Magic (essential to enable BitLocker)

    Without further ado...

    STEP 1
    Create a USB bootable Windows 10 image. You'll need Rufus to do so. Erase your USB key (I recommend a USB 3 stick, Windows will install much quicker), then launch Rufus.

    Then, you need choose "GPT partition scheme for UEFI" as the Partition Scheme and "FAT32" as the File System. (You don't want to install Windows in legacy mode, or MBR mode. You want it to boot using the UEFI partition scheme with GPT.) Click the small DVD icon button, select your Windows 10 ISO, click Start, and you're good to go.

    Why not use the Windows USB/DVD Download Tool? This tool creates an old style MBR boot USB key and Windows will create a legacy-style MBR partition during installation. You don't want that. You want the modern GPT partition style that allows you to boot in UEFI mode.

    STEP 2
    Replace the SSD.     You'll need a T5 screwdriver and a Phillips one as well. Here is a link to a good guide. WARNING: If you open the case with a spudger (highly recommended), be careful not to use the tool when you reach the speaker grills or you will damage them. WARNING 2: the SSD screw is weak. Make sure you use a quality screwdriver in good condition or you'll strip it.

    Before installing Windows, make sure you have the proper drive settings in the BIOS. When booting up, press F2 to bring up the BIOS configuration window. Then, go to System Configuration > SATA Operation.

    - If you have a SATA drive (Samsung 850 Evo), set the drive mode to AHCI.
    - If you have an NVMe drive (Samsung 950 Pro), set the drive mode to RAID. (untested since I don't have an NVMe drive, but that's the theory)

    Then click Apply, then Exit.

    STEP 3
    Install Windows 10.     If you plan to enable BitLocker, you will need to install Windows 10 twice, because it is part of the process to enable Samsung's hardware encryption for BitLocker to later leverage.

    In the BIOS Configuration (press F2 repeatedly at Boot to display it), make sure the turn off the Secure Boot Enable function.

    Make sure your XPS is off, then plug the USB key on the right USB port (I've had trouble with the left one, somehow). Boot your computer up, then press F12 repeatedly, and in the UEFI BOOT listing, select your USB key.

    (If the key fails to appear, try another USB key. You can also fiddle with the BIOS boot order, but the F12 shortcut should suffice.)

    Install Windows 10 in Custom mode (Advanced), then when the hard disk selection dialog appears, click "New" and "OK." Windows will create the partitions for you. [If you want to clean install using the factory SSD, just delete and recreate partitions at this step.]

    You're done here if you don't want to enable BitLocker. But if you want to enable BitLocker, read on.

    STEP 4
    Install Samsung Magician.     Don't bother configuring Windows since this install will be erased shortly after anyway.

    Install Samsung Magician and launch it. Now would be a good opportunity to update the SSD firmware if one is available.

    Click "Data Security" on the left. See Encrypted Drive, on the right? This is what BitLocker will leverage. Click "How to enable", then "Ready to enable."

    Here comes the tricky part. On laptops with only one SSD slot, the way Samsung drives switch from "Ready to enable" to "Enabled" is after a Secure Erase. So we need to Secure Erase the drive. Since Windows is installed on the drive we want to Secure Erase, we need yet another bootable USB key to erase the drive from. To do this, Parted Magic is required.

    WARNING! Don't think you can use Samsung Magician's Secure Erase function with the Dell XPS 13. Why? Because the SSD is frozen by default, but you'll have no way of unfreezing the drive with Samsung's Secure Erase boot drive. Opening up the XPS and hot unplugging/plugging it doesn't work (Samsung's program won't find the SSD afterwards), even though this trick works on Samsung Ultrabooks.
    Let me emphasize this again: Samsung Magician's Secure Erase will not work because you'll have no way of unfreezing the drive prior to secure erasing it. The only way to unfreeze the drive is to put the computer to sleep and waking it, and you need Parted Magic to do so.
    " Hey, doofus! Just use the Maintenance > Data Wipe function in Dell's BIOS!" Nope. Dell's own Secure Erase also fails to secure erase the SSD.

    STEP 5
    Use Parted Magic.     Find/purchase the ISO here. You'll need at least the 2016.04.26 version if you have an NVMe drive (Samsung 950 Evo), otherwise, an older version might work. Then, use Rufus to create a bootable USB key with the ISO, with the same settings than the Windows 10 USB key: "GPT partition scheme for UEFI" as the Partition Scheme and "FAT32" as the File System. Click Start, choose ISO mode, and you're good to go.

    Restart using the F12 shortcut and choose your USB key. Once Parted Magic is all booted up, double-click Secure Erase (it's on the desktop), choose SATA (Samsung 850) or NVMe (Samsung 950). You should see your SSD drive recognized, set as "Frozen." Click the Sleep button, then wake up your computer. Voila! Your drive is unlocked. Select it, and follow the instructions to Secure Erase the drive. Shut down your XPS (with the "Quit" icon on the Desktop).

    STEP 6
    Reinstall Windows 10.     Do exactly as in Step 3. Before reinstalling Windows, I would disable "BIOS Recovery from Hard Drive" in the BIOS Configuration. I am not certain whether it interferes with BitLocker or not, but it does fiddle with the main drive, so just to be safe, turn it off.

    STEP 7
    Enable BitLocker.     Just to make sure you're all set, reinstall Samsung Magician and check, in the Data Security pane, if Encryption Drive says "Enabled."

    If it does, congrats! The drive is encrypted and is ready to use BitLocker. (You can either use BitLocker with TPM, since the XPS has a TPM, by enabling the TPM in the BIOS. Or you can disable the TPM and BitLocker will then use a password and/or a USB key to secure the drive.)

    Note: since Windows 8, you can use alphanumerical PINs with TPM-secured BitLocker. The setting is in gpedit.msc > Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives > Allow enhanced PINs for startup.

    You'll find guides to enable BitLocker on the Internet, but let's go through the process quickly:

    - Go to My Computer, right-click your C: drive, and select "Turn on BitLocker." Follow the instructions. You'll find everything you need to configure BitLocker in gpedit.msc > "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives."

    To confirm that BitLocker is running in hardware encryption mode (maximum performance, minimal battery requirement):

    - Open an Administrator Command Prompt, type "manage-bde.exe -status c:" and watch the "Encryption Method" line. If it says Hardware Encryption, then you're good to go.


    Guide by Nicels, posted on NotebookReview.com
     
    Last edited: May 14, 2016
    Nicels, May 14, 2016
    #1