This topic highlights the requirements for deploying a Windows® BitLocker™ Drive Encryption solution. For more information on BitLocker for Windows® 7, see BitLocker Drive Encryption on the Microsoft® TechNet Web site.
What Is BitLocker Drive Encryption?
BitLocker was a new feature in the Windows Vista® operating system that provides offline-data and operating-system protection for your computer. BitLocker helps to ensure that data that is stored on a computer running Windows Vista or Windows 7 is not revealed if the computer is tampered with when the installed operating system is offline. It uses a Trusted Platform Module (TPM) to provide enhanced protection for your data and to assure early boot-component integrity. This can help to protect your data from theft or unauthorized viewing, by encrypting the entire Windows volume.
BitLocker is designed to offer the most seamless end-user experience with computers that have a compatible TPM microchip and BIOS. A compatible TPM is defined as a version 1.2 TPM with any appropriate BIOS modifications required to support the Static Root of Trust Measurement, as defined by the Trusted Computing Group. The TPM interacts with BitLocker to help provide seamless protection when the computer restarts.
BitLocker is available in Windows Vista® Enterprise, Windows Vista® Ultimate, Windows® 7 Enterprise, Windows® 7 Ultimate, and Windows Server® 2008.
The path to the TPM driver is %WINDIR%\Inf\Tpm.inf. To add the TPM driver to Windows PE, see Add Device Drivers on an Online Windows PE Image.
BitLocker Drive Encryption Partitioning Requirements
BitLocker must use a system partition that is separate from the Windows partition. The system partition:
- Must be configured as the active
- Must not be encrypted or used to store user
- Must have at least 100 MB of space.
- Must have at least 50 MB of free
- May be shared with a recovery partition.
For more information on BitLocker partitioning requirements, see Understanding Disk Partitions.