Keys and Protectors (“Authenticators”) DATA 1 FVEK 2 VMK 3 TPM 4 TPM+USB TPM+PIN USB Key (Recovery or Non-TPM) Recovery Password (48 Digits) Where’s the Encryption Key? 1.Data is encrypted with the FVEK 2.The FVEK is encrypted with the VMK and then stored in the volume metadata. 3.The VMK is encrypted by one or more key protectors, then stored in the volume metadata. 4.The Trusted Platform Module will not decrypt the VMK if the system integrity check fails.
Disk Configuration Partitioning guidelines: Disk ConfigurationPartition 1Partition 2Partitions 3 WinRE and BitLocker on separate partitions BitLocker Type 0x7 1.5GB (Active) Windows RE Type 0x27 1GB Windows Vista Type 0x7 Windows RE and BitLocker on same partition Windows RE/BitLocker Type 0x7 1.5GB (Active) Windows Vista Type 0x7 Not needed
You can measure the BIOS too
Windows Vista Security Guide provides customers with best practices and automated tools to help them quickly and easily deploy Windows Vista, and provides tested guidance to balance their needs for security and functionality SOLUTIONACCELERATORS Act faster. Go further. Tested guidance by Windows Vista Security Experts Preconfigured, customizable security settings Unique GPO Accelerator tool deploys security configurations in minutes vs. hours Understanding the Options with the Windows Vista Security Guide
Please fill in your Evaluation Form
Resources Data Encryption Toolkit for Mobile PCs Bitlocker Drive Encryption Technical Overview Keys to Protecting Data with Bitlocker Drive Encryption Developing Credential Providers for Windows Vista Create Custom Login Experiences With Credential Providers For Windows Vista Create Custom Login Experiences With Credential Providers For Windows Vista
Resources Visit TechNet in the ATE Pavilion and get a FREE 60-day subscription to TechNet Plus! Technical Communities, Webcasts, Blogs, Chats & User Groups Microsoft Learning and Certification Microsoft Developer Network (MSDN) & TechNet Trial Software and Virtual Labs