BitLocker Drive Encryption is a new Windows Vista and Windows 7 feature that improves data integrity and confidentiality by encrypting entire volumes. Windows Vista must have Service Pack 1 (SP1) installed to encrypted non-system volumes . BitLocker can use Trusted Platform Module (TPM) security hardware to wrap and seal the keys used to encrypt the system volume, helping to protect the volumes from offline attacks . Alternatively, BitLocker can use a USB flash drive to store the startup key used to encrypt the volumes. BitLocker is available in the Enterprise and Ultimate Editions of Windows 7.
BitLocker should be used with a TPM when used to encrypt the system volume . A TPM is a hardware module embedded in the motherboards of many new laptops and some desktops . TPM modules must be version 1.2 for use with BitLocker.
If a TPM 1 . 2 module is not available, computers can still take advantage of BitLocker encryption technology on system volumes as long as the computer's BIOS supports reading from a USB flash device before the operating system is loaded. However, you cannot use BitLocker's integrity verification capabilities without a TPM 1 .2 module.
Unlike EFS, BitLocker can encrypt entire volumes, including the page file, hibernation file, registry, and temporary files, which might hold confidential information. EFS can encrypt only user files . Additionally, when used with TPM hardware, BitLocker can help protect your system integrity by ensuring that critical Windows startup files have not been modified (which might occur if a rootkit or other malware was installed). Also, if the hard disk is moved to a different computer (a common method for extracting data from a stolen hard disk), the user will be forced to enter a recovery password before gaining access to the protected volumes .
Was this article helpful?