Doing our part for BitLocker™ Drive Encryption: Particular requirements around partitioning

  • Article

On May 23-25, members of the BitLocker team participated in the Windows Hardware Engineering Conference (WinHEC) in Seattle. It was a successful event for us, and we even got some mentions in keynote speeches. Everyone we talked to understood the importance of encrypting the entire disk volume, and there was a great deal of excitement that this feature will be available in Windows Vista and Windows Server "Longhorn".

Anticipation aside, we know that the true test of a product is in customers using it. Based on WinHEC and other recent feedback, we want to highlight a detour you might encounter on your way to better data protection with BitLocker.

With a newly-installed Windows Vista Beta 2 build, don’t despair if you see that you need to "reconfigure" your hard disk before you can turn on BitLocker. It’s not your fault!

The fact is, you need two partitions set up on your disk before you can turn on BitLocker. 

  • The first partition, called the system volume, contains the boot information in an unencrypted space. This partition must be at least 1.5 GB in size and should not be used as a spare place to store files. BitLocker requires this partition because of architectural constraints and the need to be compatible with existing technologies.
  • The second partition, called the operating system volume, contains Windows and user data and can be fully encrypted by BitLocker.

To partition your computer, Vista Beta 2 requires that you reinstall Vista from the product DVD and set up the necessary partitioning during the installation. We, too, quite dislike the burden these steps place on you.

Will you need to reinstall and run “diskpart” when Windows Vista is a finished product? Not if we have anything to say about it. Here's what were a trying to do:

  • We are working closely with computer manufacturers to have these two partitions configured by default in new computers.
  • We are working with enterprise customers to make sure they can set up their Vista deployment processes appropriately (enterprise customers use automated processes that can seamlessly set up the partitioning).
  • We are working on a partitioning tool that takes care of the repartitioning so you won’t have to reinstall and type the “diskpart” commands needed in the Windows Vista Beta 2 release. In effect this tool "converts" a disk to a more BitLocker-friendly state.

For now, if you’re a beta tester for Windows Vista Ultimate edition or an employee evaluating the feature for your enterprise, we’d really appreciate it if you can step through this detour, enable BitLocker, and let us know what you think about the data protection capabilities it offers.

For more information on partitioning your computer for BitLocker:

      BitLocker Step by Step Guide

For a related music selection:

      P!nk – “Get the Party Started” from the album “M!ssundaztood” (2001)

- Xian Ke, on behalf of the BitLocker team