Search results
Results from the WOW.Com Content Network
When used in conjunction with a compatible Trusted Platform Module (TPM), BitLocker can validate the integrity of boot and system files before decrypting a protected volume; an unsuccessful validation will prohibit access to a protected system. [6] [7] BitLocker was briefly called Secure Startup before Windows Vista's release to manufacturing. [6]
Trusted Platform Module: Whether the implementation can use a TPM cryptoprocessor. Filesystems : What filesystems are supported. Two-factor authentication : Whether optional security tokens ( hardware security modules , such as Aladdin eToken and smart cards ) are supported (for example using PKCS#11 )
Components of a Trusted Platform Module complying with the TPM version 1.2 standard. Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys.
The TPM can impose a limit on decryption attempts per unit time, making brute-forcing harder. The TPM itself is intended to be impossible to duplicate, so that the brute-force limit is not trivially bypassed. [5] Although this has the advantage that the disk cannot be removed from the device, it might create a single point of failure in the ...
PCR values are available both locally and remotely. Furthermore, the TPM has the capability to digitally sign the PCR values (i.e., a PCR Quote) so that any entity can verify that the measurements come from, and are protected by, a TPM, thus enabling Remote Attestation to detect tampering, corruption, and malicious software.
Microsoft released BitLocker Countermeasures [3] defining protection schemes for Windows. For mobile devices that can be stolen and attackers gain permanent physical access (paragraph Attacker with skill and lengthy physical access) Microsoft advise the use of pre-boot authentication and to disable standby power management.
BitLocker is the combination of these features; "Cornerstone" was the codename of BitLocker, [85] [86] and BitLocker validates pre-boot firmware and operating system components before boot, which protects SYSKEY from unauthorized access; an unsuccessful validation prohibits access to a protected system. [87] [88]
The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux.. LUKS implements a platform-independent standard on-disk format for use in various tools.