During the Technical (TechNet) Roadshow and whilst meeting IT Professionals both online and offline many people have asked questions about Windows Vista’s Bitlocker featureset. My earlier post titled all you ever wanted to know about Windows Vista’s BitLocker drive encryption and secure start up technologies includes links to a wealth of resources.
The startup key for BitLocker can be generated and stored in hardware if you have a v1.2 compliant Trusted Platform Module (TPM) – if your machine either doesn’t have a TPM or has one of an older revision then you can still use BitLocker but you’ll have to store the key either on a USB token (recommended) or in your head (it’s only 24 characters but this isn’t the most friendly solution!). There are scenarios where using a TPM v1.2 AND a USB token would be appropriate.
I’ve found from experience that some laptops are unable to read the start up key from the USB device at boot time – unfortunately there’s no error message to state that this is the case – the screen simply invites you to insert the key. I’ve just found the technical term (thanks to Tony Ureche) pertaining to the hardware requirement for reading the USB token appropriately – it’s as follows:
“The system BIOS must support the USB Mass Storage Device Class including reading files on a USB flash drive in the pre-operating system environment”
A simple non-technical test is to see if you can configure the system to boot off a USB token – if you can then it’s incredibly likely that your system’s good to go.