Geeks With Blogs


Microsoft Store

Support This Site

AddThis Social Bookmark Button

Locations of visitors to this page

Subscribers to this feed

TwitterCounter for @sdorman

Creative Commons License

Scott Dorman Microsoft MVP, Software Architect, Developer, Author

BitLockerTM Drive Encryption

BitLocker allows the entire OS volume to be encrypted as well as any other volumes. In order to do this, a 1.5 GB unencrypted system volume is required.

BitLocker requires Trusted Platform Module (TPM) v1.2 or a USB device and USB-capable BIOS and is implemented as a file filter driver that sits just above the volume manager drivers.

There are several supported modes for storing the decryption key:

  • TPM locked with signature of boot files
  • TPM locked with user-specified PIN
  • external USB flash device

Code Integrity Verification

The operating system loader and the kernel now perform code signature checks. On 64-bit x64 platforms, all kernel mode code must be signed and the identity of all kernel mode binaries is verified. The system also audits events for integrity check failures.

On 32-bit platforms, the administrator is prompted to install unsigned code. Load-time checks are done on all kernel mode binaries, but if unsigned code is allowed to load you won't be able to play protected high-definition multimedia content.

Posted on Sunday, June 18, 2006 2:18 PM TechEd 2006 , Vista | Back to top

Copyright © Scott Dorman | Powered by: