BitLocker Drive Encryption is an integral new security feature in the Windows Vista operating system that provides considerable protection for the operating system on your computer and data stored on the operating system volume. BitLocker ensures that data stored on a computer running Windows Vista remains encrypted even if the computer is tampered with when the operating system is not running. This helps protect against "offline attacks," attacks made by disabling or circumventing the installed operating system, or made by physically removing the hard drive to attack the data separately.
BitLocker uses a Trusted Platform Module (TPM) to provide enhanced protection for your data and to assure early boot component integrity. This helps protect your data from theft or unauthorized viewing by encrypting the entire Windows volume.
BitLocker is designed to offer a seamless user experience. It is designed for systems that have a compatible TPM microchip and BIOS. A compatible TPM is defined as a version 1.2 TPM. A compatible BIOS must support the TPM and the Static Root of Trust Measurement as defined by the Trusted Computing Group. For more information about TPM specifications, visit the TPM Specifications section of the Trusted Computing Group's Web site (http://go.microsoft.com/fwlink/?LinkId=72757).
The TPM interacts with BitLocker to help provide seamless protection at system startup. This is transparent to the user, and the user logon experience is unchanged. However, if the TPM is missing or changed, or if the startup information has changed, BitLocker will enter recovery mode, and you will need a recovery password to regain access to the data.
No comments:
Post a Comment