| | 102 | |
| | 103 | == Bitlocker == |
| | 104 | |
| | 105 | Festplattenverschlüsselung, in Windows 7 integriert. |
| | 106 | |
| | 107 | uses TPM. |
| | 108 | |
| | 109 | No Passwort is required to boot the system (eg. passwords are read from TPM). |
| | 110 | |
| | 111 | However, in case changes are made to the BIOS or boot files, the system requires a recovery key. |
| | 112 | |
| | 113 | see http://www.msxfaq.de/verschiedenes/bitlocker.htm |
| | 114 | |
| | 115 | === Command-line tools === |
| | 116 | |
| | 117 | {{{ |
| | 118 | manage-bde -status |
| | 119 | # get password information |
| | 120 | manage-bde -protectors -get c: |
| | 121 | # write recovery password to drive d: |
| | 122 | manage-bde -protectors -add c: -RecoveryPassword d: |
| | 123 | |
| | 124 | # activate |
| | 125 | # |
| | 126 | # The batch file should enable the TMP chip (and set the password): |
| | 127 | manage-bde –tpm –TurnOn –TakeOwnerShip <password> |
| | 128 | |
| | 129 | manage-bde –tpm –TurnOn |
| | 130 | # %ERRORLEVEL% |
| | 131 | # 0 success |
| | 132 | # -1: already on |
| | 133 | # -2147217406: TPM not detected |
| | 134 | # reboot? |
| | 135 | |
| | 136 | manage-bde –on c: -rp > e:\bitlocker.txt |
| | 137 | |
| | 138 | # password: 8x6 digits, divisible by 11, less than 720896 |
| | 139 | manage-bde –protectors c: -add -rp "110000-000066-..." |
| | 140 | |
| | 141 | # BitLocker Drive Preparation Tool |
| | 142 | BdeHdCfg.exe |
| | 143 | }}} |
| | 144 | |
| | 145 | Bitlocker for Windows 7 requires TPM. There are workarounds to use it without TPM, but then the key is stored on an USB-Drive, and the system requires that this USB-Drive is inserted on every boot. |
