Inspiron 15-7559, upgrading a from HDD to SSD

Hello,

Do not rely on the recovery partition for things like this Macrium reflect  is your friend image your old harrdrive and create recovery media in reflect after that test whether the recovery media actually works when that is done install your ssd and restore your backup to it when Windows doesn't boot the first time go back to reflect and run "fix windows boot issues".

---

@phill-w wrote:
I had a 7559 with a HDD and put an m2 SATA SSD in, I just used microsofts media creator tool to create a USB boot disk with the latest version of windows and did a fresh install. The benefit was that I could leave the old hard drive in there without it interfering & I could even boot off it. I removed the HDD while installing the OS to avoid any mistakes and because it seems to help it deciding to boot off the SSD. I don't trust recovery partitions or hard drive cloning software, but I don't think recovery partitions are sensitive to sector numbers these days. I couldn't clone the drive if I'd wanted, as I decided to use hardware bitlocker & that can only be enabled on a fresh install.

---

@phill-w, you can leave the old hard drive intact even if you capture an image of it or clone to a new disk, so that's not a benefit unique to performing a clean install.  I'm not sure where the lack of trust in cloning software comes from (lack of experience?), but with the right cloning software, like Macrium Reflect, you can absolutely clone a disk that has BitLocker enabled, and I've done so multiple times.  The most efficient way is to clone the source from within Windows while the partition is unlocked, in which case your destination will be unencrypted, but then you'd just enable BitLocker on the destination when you booted from it, just as you would with a clean install.  If you were using software BitLocker, you'd have the alternative option of performing a forensic clone while the partition was locked and preserving the existing encryption, but that's much more time-consuming since it has to copy every sector of the partition (even the free space) and it admittedly doesn't work with hardware BitLocker.  However, if you've been following security news, you might want to rethink using hardware BitLocker anyway.  This report is one of many articles covering research by security professionals that found that several popular SSDs had flaws in their hardware encryption implementations so significant that the encryption was effectively useless.  Granted they didn't test every SSD under the sun, but on the other hand they found problems with 100% of the SSDs they DID test, which doesn't bode well for the others.  And hardware encryption offers no meaningful benefit on modern systems anyway because CPUs for more than a decade have had hardware acceleration for AES operations, which means software encryption won't carry a performance penalty even if you're using a modern NVMe SSD.

And fyi, Macrium Reflect in particular actually has a third BitLocker option whereby if you perform an initial clone to a target and then enable BitLocker on it, future clones from that source to that target can be performed that will maintain the unique encryption on both the source and destination, i.e. each partition will retain its own unique BitLocker Recovery Key.  This works as long as both the source and destination are unlocked at the time of the clone.  This capability admittedly isn't meant for scenarios where you're just performing a one-off clone to migrate to a new drive, but rather for cases where clones are being performed on a regular basis to keep a backup drive updated, and I personally use this capability frequently when I clone my main external hard drive to another drive that I normally keep offline as a ransomware safeguard.  This feature is an extension of a feature in paid versions of Reflect called Rapid Delta Clone, whereby after performing an initial clone, future clones from that source to that destination will only need to copy the changes made on the source over to the destination, rather than having to copy the entire partition each time.  That too is a very handy feature independent of this "BitLocker Live Clone" capability.

I don't believe that specific sectors have been used for identifying factory recovery partitions in quite a long time, so this shouldn't be an issue.  That said, I admit I can't be certain because I've never used factory recovery partitions, partly because in most cases by the time you need to use them (if ever), they're so outdated that it's faster overall to just start with a fresh install of Windows anyway.  That's especially true these days where new releases of Windows 10 arrive every 6 months, which obsoletes factory restore partitions more quickly, and when there are tools like Dell Update that can help you download and install drivers more quickly if you perform a clean install of basic Windows.  So I always prefer to reclaim the capacity occupied by those recovery tools for other purposes.  You might prefer to do the same.  The only partitions you need to have are the EFI, MSR, OS, and Windows Recovery partitions.  The Dell image partition and Dell Support partition do not need to be carried over if you don't want to.

I'm also a big fan of Macrium Reflect as the tool for getting this done.  If you have a way to perform a direct clone, i.e. have the source and destination disks connected at the same time, that's handy.  Otherwise, plan to capture an image of the source disk to a file on an external hard drive, then install the new disk, boot your system from the Reflect Rescue Media you would have created upon first launching Reflect, and then restoring the image.  Either way, typically the system will boot just fine after the new disk is installed internally and has everything on it, but if not boot from Rescue Media and run the Fix Boot Problems routine.  Also, if the new SSD you'll be using has a different capacity than your current drive, you might need to specify custom partition sizing during the clone (or image restore).  That's described in Steps 4 and 5 on this page from the Reflect manual about cloning a disk.  It works the same way for an image restore except rather than the option saying "Cloned Partition Properties", it says "Restored Partition Properties".  Either way, the trick is that instead of simply selecting "Copy selected partitions", you need to drag and drop each partition from source to destination, working left to right, and when you drop a partition you want to resize, you need to do that BEFORE you continue dragging and dropping subsequent partitions.

@jphughan

I don't clone hard drives for a living, but I've tried it a few times in the last 40 years. People always say that they work, but somehow my circumstances don't seem to pan out. I don't have the time or inclination to learn which the best cloning software is at any given moment. I'm certainly not wasting money on it, when installing is a liberating experience anyway. It's better to get together everything for reinstalling, making sure everything is backed up & you have all the usernames and passwords when the old HDD is still working, than wait until it fails.

The original HDD wasn't bitlocker encrypted anyway (I installed the SSD immediately after buying the laptop) but my understanding is that software bitlocker and hardware bitlocker (AKA Microsoft eDrive) are entirely different and no cloning software can convert one to the other. Enabling hardware bitlocker was pretty complex and required installing windows to run a piece of software from samsung, then booting off a usb stick to wipe the drive and then reinstalling again. During the install there is a different partition setup, which as far as I can tell can only be created by windows installer on a fresh install.

Hardware bitlocker seemed to be barely supported by anyone & NVMe drives are even more problematic, the paper which detailed exploits on some drives has pretty much wiped out any appetite for improving the situation.

---

@phill-w wrote:

@jphughan

I don't clone hard drives for a living, but I've tried it a few times in the last 40 years. People always say that they work, but somehow my circumstances don't seem to pan out. I don't have the time or inclination to learn which the best cloning software is at any given moment. I'm certainly not wasting money on it, when installing is a liberating experience anyway. It's better to get together everything for reinstalling, making sure everything is backed up & you have all the usernames and passwords when the old HDD is still working, than wait until it fails.

The original HDD wasn't bitlocker encrypted anyway (I installed the SSD immediately after buying the laptop) but my understanding is that software bitlocker and hardware bitlocker (AKA Microsoft eDrive) are entirely different and no cloning software can convert one to the other. Enabling hardware bitlocker was pretty complex and required installing windows to run a piece of software from samsung, then booting off a usb stick to wipe the drive and then reinstalling again. During the install there is a different partition setup, which as far as I can tell can only be created by windows installer on a fresh install.

Hardware bitlocker seemed to be barely supported by anyone & NVMe drives are even more problematic, the paper which detailed exploits on some drives has pretty much wiped out any appetite for improving the situation.

 

---

No argument from me about the benefits of a clean install, but not everyone wants to rebuild their entire OS and (possibly large/complex) application ecosystem just to migrate to a larger/faster hard drive, and cloning has other uses beyond migrations anyway, such as keeping spare disk prepped that can be quickly installed in case something happens to your main disk.  Granted, image backups are more commonly used for this type of scenario, but they require you to restore from the image onto the new disk rather than having a disk already set to go.  In any case, nobody is talking about waiting until a disk fails before doing anything. If the disk had failed, you wouldn't be able to clone it either.

Software and hardware BitLocker actually aren't that different from each other after everything has been set up.  Hardware BitLocker does involve some prep routines around the SSD's firmware both before and during Windows installation, which is why you have to jump through the hoops you describe (including installing Windows once just to wipe your SSD and then having to install it again), but hardware BitLocker's partition requirements aren't any different from software BitLocker, and once encryption has been enabled, it can be accessed and managed using the same tools that work with software BitLocker, including image/clone operations -- at least while the partition is unlocked.  To my knowledge there are no cloning/imaging tools that would set up a new hardware BitLocker environment, but if an existing hardware BitLocker partition was unlocked, it could still be cloned/imaged elsewhere, including in the case of Macrium Reflect to another partition that was protected with software BitLocker, because again Reflect allows this operation to be performed in a way that preserves the unique BitLocker setups of the source and target as long as the operations occur with both the source and target unlocked.

You're certainly right about lackluster support around hardware BitLocker.  I suspect there were a few reasons for that even before that research that arrived.  First, as I said, there wasn't really anything wrong with software encryption after CPU acceleration for AES instructions arrived, which was actually before hardware BitLocker arrived.  And second, nobody has taken full ownership of it. As one simple example, last time I checked, the hardware BitLocker documentation talked up the benefits of "instant secure erase", which is a capability common to all hardware encryption solutions because it just means that the key can be wiped from the SSD firmware to render the data inaccessible.  Microsoft's documentation said to check with your drive vendor for how to perform a secure erase of a hardware BitLocker setup, and Samsung's documentation said to check with Microsoft about how to achieve that.  This may have changed since I last checked, but I read that when Windows 10 had arrived, and hardware BitLocker has been around since Windows 8, so a disconnect on a feature that basic struck me as a red flag.

"In any case, nobody is talking about waiting until a disk fails before doing anything. If the disk had failed, you wouldn't be able to clone it either."

I knew someone who cloned multiple times as they upgraded their drives and recycled the old ones, didn't take a backup of everything (they had data backups, but not programs and settings) and as they hadn't fresh installed from scratch for years they didn't have original cd's and key's necessary to do it.

Of course by the time they realized their mistake it was too late. I use the new drive as a motivation for making sure you have everything.

If you are imaging every day then sure, but most people don't take backups at all. I use switching drives as a reminder for what I need in case of a disaster.

"First, as I said, there wasn't really anything wrong with software encryption after CPU acceleration for AES instructions arrived, which was actually before hardware BitLocker arrived."

It's always better to offload work to a dedicated piece of hardware rather than having the CPU do it in software, the AES is accelerated but it's still got to run some code. Plus I think the key has to be in main ram, which is pretty easy to get at. If the key was kept purely in the CPU with no ability to read it out, then it wouldn't be so bad. The SSD support AES to randomise the data anyway (like that isn't worrying that they struggle with data that isn't random) and so it seems like a waste not to use it.

What is kinda shocking is that the SSD manufacturers pushed the idea of hardware encryption, but didn't security harden it at all. Which makes you wonder if it was done on purpose.

"BitLocker documentation talked up the benefits of "instant secure erase", which is a capability common to all hardware encryption solutions because it just means that the key can be wiped from the SSD firmware to render the data inaccessible.  Microsoft's documentation said to check with your drive vendor for how to perform a secure erase of a hardware BitLocker setup, and Samsung's documentation said to check with Microsoft about how to achieve that."

I didn't look too closely at it, but my latest NVMe SSD says it doesn't support secure erase. There seems to be an even bigger question mark whether manufacturers even support hardware bitlocker over NVMe, with some drives needing to be RMAd as Samsung don't provide the software to convert the drive back (there have been leaks of the software for previous drives, but they seem to be doing a better job of holding onto it these days).