Home page logo

basics logo Security Basics mailing list archives

RE: MS Vista BitLocker - volume or drive?
From: "Honer, Lance" <lhoner () smartgrp com>
Date: Fri, 23 Mar 2007 21:51:09 -0400

Refer to the NOTE section under 'BitLocker Drive Encryption'


Note:   BitLocker provides protection for the Windows partition and is
not a replacement for EFS. BitLocker does not encrypt data stored
outside the Windows partition, but it does provide an added security
layer for EFS by encrypting the EFS keys within the Windows partition.

It seems to me that any way you look at it BitLocker can only encrypt
the volume that Windows is installed on. You must have at least 2
volumes to use BitLocker, one for the startup files & BitLocker engine
which won't be encrypted and one for Windows which will be encrypted. If
you have a 3rd volume, even if it's part of the same logical partition
as the Windows volume, you would need to use EFS on it if you wanted it


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Ali, Saqib
Sent: Friday, March 23, 2007 6:23 PM
To: spencerforhire
Cc: security-basics () securityfocus com
Subject: Re: MS Vista BitLocker - volume or drive?

it depends on how you set it up.....

If you don't have TPM on your computer, and DON'T want to use a USB
Drive for a Startup key, then you are limited to volume encryption.
i.e. you partition your drive in 2, and encrypt one of the volume. The
unencrypted volume contains the start-up files.

Three alternatives for using BitLocker are:

1) Partition the HDD in 2, and encrypt one volume. This is useful if
you don't have TPM.
2) Use TPM to wrap + bind + store the encryption key
3) Use USB Drive to store the encryption key and startup files.


SMART Business Advisory and Consulting, LLC and SMART and Associates, LLP have an alternative practice structure. The 
two companies are separate and independent legal entities that work together to meet clients' business needs. SMART 
Business Advisory and Consulting, LLC is not a licensed CPA firm.
This message may contain information that is privileged, confidential and exempt from disclosure under applicable law. 
If you are not the intended recipient (or authorized to act on behalf of the intended recipient) of this message, you 
may not disclose, forward, distribute, copy, or use this message or its contents. If you have received this 
communication in error, please notify us immediately by return e-mail and delete the original message from your e-mail 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]