Users Guide
NOTE: For information on how to turn on BitLocker, see the Microsoft TechNet website. For
instructions on how to activate TPM , see the documentation included with the system. A TPM is
not required for BitLocker; however, only a system with a TPM can provide the additional security of
startup system integrity verification. Without TPM, BitLocker can be used to encrypt volumes but not
a secure startup.
NOTE: The most secure way to configure BitLocker is on a system with a TPM version 1.2 and a
Trusted Computing Group (TCG) compliant BIOS implementation, with either a startup key or a PIN.
These methods provide additional authentication by requiring either an additional physical key (a
USB flash drive with a system‑readable key written to it) or a PIN set by the user.
NOTE: For mass BIOS updates, create a script that disables BitLocker, installs the update, reboots
the system and then re‑enables BitLocker. For one‑to‑one Dell Update Package (DUP) deployments,
manually disable BitLocker and then re‑enable it after rebooting the system.
NOTE: In addition to BIOS DUP, execution of firmware DUP for U320, Serial Attached SCSI (SAS) 5,
SAS 6, Expandable RAID Controller (PERC) 5, PERC 6, and Cost Effective RAID Controller (CERC) 6
controllers is blocked on a system having a TPM version 1.2 chip, TPM Security set at ON with
pre
‑
boot measurement, and TPM Activation set at Enabled if you enable BitLocker (TPM or TPM
with USB or TPM with PIN).
40