Manualshelf

User's Manual

ManualsBrandsDell ManualsSoftwareDell Server Update Utility Version 2.0.0
59606162636465666768
64 Trusted Platform Module (TPM) and BitLocker Support
BitLocker is designed for systems that have a compatible TPM microchip and
BIOS. A compatible TPM is defined as a version 1.2 TPM. A compatible
BIOS supports the TPM and the Static Root of Trust Measurement.
BitLocker seals the master encryption key in the TPM and only allows the key
to be released when code measurements have not changed from a previous secure
boot. It forces you to provide a recovery key to continue boot if any measurements
have changed. A one
-to-many BIOS update scenario results in BitLocker halting
the update and requesting a recovery key before completing boot.
BitLocker protects the data stored on a system through
"full volume
encryption
" and "secure startup". It ensures that data stored on a system
remains encrypted even if the system is tampered with when the operating
system is not running and prevents the operating system from booting and
decrypting the drive until you present the BitLocker key.
TPM interacts with BitLocker to provide protection at system startup.
TPM must be enabled and activated before it can be used by BitLocker. If the
startup information has changed, BitLocker enters recovery mode, and you
need a recovery password to regain access to the data.
NOTE: For systems with a TCG 1.2 compliant Trusted Platform Module (TPM) chip,
BIOS updates using SUU and DUPs fail if the Microsoft
®
Windows BitLocker Drive
Encryption feature is enabled or the Trusted Platform Module feature is set (using
BIOS) to ON with Pre-boot Measurement.
NOTE: See the Microsoft TechNet website for information on how to turn on
BitLocker. See the documentation included with your system for instructions on
how to activate TPM. A TPM is not required for BitLocker; however, only a system
with a TPM can provide the additional security of startup system integrity
verification. Without TPM, BitLocker can be used to encrypt volumes but not a
secure startup.
NOTE: The most secure way to configure BitLocker is on a system with a TPM
version 1.2 and a Trusted Computing Group (TCG) compliant BIOS implementation,
with either a startup key or a PIN. These methods provide additional authentication
by requiring either an additional physical key (a USB flash drive with a
system-readable key written to it) or a PIN set by the user.