When BitLocker is used without a TPM the required encryption keys are stored on a USB flash drive. To use BitLocker on a computer without a TPM, change the default behavior of the BitLocker setup wizard by using Group Policy, or configure BitLocker by using a script. BitLocker can also be used without a TPM. Because the TPM uses its own internal firmware and logic circuits for processing instructions, it does not rely upon the operating system and is not exposed to external software vulnerabilities.īitLocker uses the TPM to help protect the Windows operating system and user data and helps to ensure that a computer is not tampered with, even if it is left unattended, lost, or stolen. With a TPM, private portions of key pairs are kept separated from the memory controlled by the operating system. BitLocker uses sealed keys to detect attacks against the integrity of the Windows operating system. A sealed key is only "unsealed" or released when those current system values match the ones in the snapshot. When a sealed key is first created, the TPM records a snapshot of configuration values and file hashes. Computers that incorporate a TPM can also create a key that has not only been wrapped, but is also tied to specific hardware or software conditions. The private portion of a key created in a TPM is never exposed to any other component, software, process, or person.
Each TPM has a master wrapping key, called the Storage Root Key (SRK), which is stored within the TPM itself. This process, often called "wrapping" or "binding" a key, can help protect the key from disclosure. Computers that incorporate a TPM have the ability to create cryptographic keys and encrypt them so that they can be decrypted only by the TPM. The TPM is usually installed on the motherboard of a desktop or portable computer, and communicates with the rest of the system by using a hardware bus. A TPM is a microchip designed to provide basic security-related functions, primarily involving encryption keys. Information stored on the TPM can be more secure from external software attacks and physical theft. It is used to store cryptographic information, such as encryption keys. A volume usually has a drive letter assigned, such as C:Ī Trusted Platform Module (TPM), as found on a CyberMed NB24k, is a microchip that is built into a computer. BitLocker works with simple volumes, where one volume is one partition. For the sake of this article, a volume consists of one or more partitions on one or more hard disks. Windows BitLocker Drive Encryption is a security feature that provides better data protection by encrypting all data stored on the Windows operating system volume.
0 kommentar(er)
