Reference Guide
Security Management Server v10.2.10 AdminHelp
131
Configure TPM Startup
Key and PIN
Do Not Allow
Do Not Allow
Require
Allow
To use this policy,
Require Additional
Authentication at
System Startup must be
set to Selected.
This type of
authentication involves
a 4-digit to 20-digit
personal identification
number (PIN) and a USB
drive containing the
startup key.
Encryption Method and
Cipher Strength (OS
Volumes)
XTS-AES-128
AES-128
AES-256
XTS-AES-128 (for use
with Windows 10
Anniversary Edition and
later)
XTS-AES-256 (for use
with Windows 10
Anniversary Edition and
later)
Algorithm and cipher
strength used by
BitLocker Drive
Encryption for OS
Volumes.
Encryption Method and
Cipher Strength
(Removable Volumes)
AES-128
AES-128
AES-256
XTS-AES-128 (for use
with Windows 10
Anniversary Edition and
later)
XTS-AES-256 (for use
with Windows 10
Anniversary Edition
and
later)
Algorithm and cipher
strength used by
BitLocker Drive
Encryption for
Removable Volumes.
To encrypt removable
drives to use with
older versions of
Windows as well as with
Windows 10 Anniversary
Edition and later, use
AES-128 or AES-256.
Encryption Method and
Cipher Strength (Fixed
Volumes)
XTS-AES-128
AES-128
AES-256
XTS-AES-128 (for use
with Windows 10
Anniversary Edition and
later)
XTS-AES-256 (for use
with Windows 10
Anniversary Edition and
later)
Algorithm and cipher