mailing list archives
RE: MS Vista BitLocker - volume or drive?
From: "Honer, Lance" <lhoner () smartgrp com>
Date: Fri, 23 Mar 2007 21:51:09 -0400
Refer to the NOTE section under 'BitLocker Drive Encryption'
Note: BitLocker provides protection for the Windows partition and is
not a replacement for EFS. BitLocker does not encrypt data stored
outside the Windows partition, but it does provide an added security
layer for EFS by encrypting the EFS keys within the Windows partition.
It seems to me that any way you look at it BitLocker can only encrypt
the volume that Windows is installed on. You must have at least 2
volumes to use BitLocker, one for the startup files & BitLocker engine
which won't be encrypted and one for Windows which will be encrypted. If
you have a 3rd volume, even if it's part of the same logical partition
as the Windows volume, you would need to use EFS on it if you wanted it
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Ali, Saqib
Sent: Friday, March 23, 2007 6:23 PM
Cc: security-basics () securityfocus com
Subject: Re: MS Vista BitLocker - volume or drive?
it depends on how you set it up.....
If you don't have TPM on your computer, and DON'T want to use a USB
Drive for a Startup key, then you are limited to volume encryption.
i.e. you partition your drive in 2, and encrypt one of the volume. The
unencrypted volume contains the start-up files.
Three alternatives for using BitLocker are:
1) Partition the HDD in 2, and encrypt one volume. This is useful if
you don't have TPM.
2) Use TPM to wrap + bind + store the encryption key
3) Use USB Drive to store the encryption key and startup files.
SMART Business Advisory and Consulting, LLC and SMART and Associates, LLP have an alternative practice structure. The
two companies are separate and independent legal entities that work together to meet clients' business needs. SMART
Business Advisory and Consulting, LLC is not a licensed CPA firm.
This message may contain information that is privileged, confidential and exempt from disclosure under applicable law.
If you are not the intended recipient (or authorized to act on behalf of the intended recipient) of this message, you
may not disclose, forward, distribute, copy, or use this message or its contents. If you have received this
communication in error, please notify us immediately by return e-mail and delete the original message from your e-mail