Ad
related to: bitlocker password on boot
Search results
Results From The WOW.Com Content Network
When used in conjunction with a compatible Trusted Platform Module (TPM), BitLocker can validate the integrity of boot and system files before decrypting a protected volume; an unsuccessful validation will prohibit access to a protected system. [6] [7] BitLocker was briefly called Secure Startup before Windows Vista's release to manufacturing. [6]
Single sign-on: Whether credentials provided during pre-boot authentication will automatically log the user into the host operating system, thus preventing password fatigue and reducing the need to remember multiple passwords. Custom authentication: Whether custom authentication mechanisms can be implemented with third-party applications.
Microsoft released BitLocker Countermeasures [3] defining protection schemes for Windows. For mobile devices that can be stolen and attackers gain permanent physical access (paragraph Attacker with skill and lengthy physical access) Microsoft advise the use of pre-boot authentication and to disable standby power management.
Using a boot-time driver that can ask for a password from the user; Using a network interchange to recover the key, for instance as part of a PXE boot; Using a TPM to store the decryption key, preventing unauthorized access of the decryption key or subversion of the boot loader; Using a combination of the above
A common purpose of cold boot attacks is to circumvent software-based disk encryption. Cold boot attacks when used in conjunction with key finding attacks have been demonstrated to be an effective means of circumventing full disk encryption schemes of various vendors and operating systems, even where a Trusted Platform Module (TPM) secure cryptoprocessor is used.
In case of physical access, computers with TPM 1.2 are vulnerable to cold boot attacks as long as the system is on or can be booted without a passphrase from shutdown, sleep or hibernation, which is the default setup for Windows computers with BitLocker full disk encryption. [66]
BitLocker is the combination of these features; "Cornerstone" was the codename of BitLocker, [85] [86] and BitLocker validates pre-boot firmware and operating system components before boot, which protects SYSKEY from unauthorized access; an unsuccessful validation prohibits access to a protected system. [87] [88]
Authentication on power up of the drive must still take place within the CPU via either a software pre-boot authentication environment (i.e., with a software-based full disk encryption component - hybrid full disk encryption) or with a BIOS password. In additions, some SEDs support IEEE 1667 standard. [2]