Manualshelf

User's Manual

ManualsBrandsDell ManualsSoftwareDell Server Update Utility Version 2.0.0
59606162636465666768
Trusted Platform Module (TPM) and BitLocker Support 63
B
Trusted Platform Module (TPM) and
BitLocker Support
A TPM is a secure microcontroller with cryptographic capabilities designed to
provide basic security
-related functions involving encryption keys. It is
installed on the motherboard of your system, and communicates with the rest
of the system using a hardware bus. You can establish ownership of your
system and its TPM through BIOS setup commands.
TPM stores the platform configuration as a set of values in a set of
Platform Configuration Registers (PCRs). Thus one such register may store,
for example, the motherboard manufacturer; another, the processor
manufacturer; a third, the firmware version for the platform, and so on.
Systems that incorporate a TPM create a key that is tied to platform
measurements. The key can only be unwrapped when those platform
measurements have the same values that they had when the key was created.
This process is called
"sealing" the key to the TPM. Decrypting it is called
"unsealing". With the sealed key and a data protection feature like
Windows
®
BitLocker™ Drive Encryption, you can lock data until specific
hardware or software conditions are met.
BitLocker mitigates unauthorized data access by combining two major
data
-protection procedures:
Encrypting the entire Windows operating system volume on the hard
disk:
BitLocker encrypts all user files and system files in the operating
system volume.
Checking the integrity of early boot components and the boot
configuration data:
On systems that have a TPM version 1.2, BitLocker
leverages the enhanced security capabilities of the TPM and ensures that
your data is accessible only if the system’s boot components are unaltered
and the encrypted disk is located in the original system.