BitLocker Drive Encryption
This topic highlights the requirements for deploying a Windows BitLocker Drive Encryption solution. For more information about BitLocker, see BitLocker Drive Encryption for OEMs.
What Is BitLocker Drive Encryption?
BitLocker provides offline-data and operating-system protection for your computer. BitLocker helps ensure that data that is stored on a computer that is running Windows is not revealed if the computer is tampered with when the installed operating system is offline. BitLocker uses a microchip that is called a Trusted Platform Module (TPM) to provide enhanced protection for your data and to preserve early boot-component integrity. The TPM can help protect your data from theft or unauthorized viewing by encrypting the entire Windows volume.
BitLocker is designed to offer the most seamless end-user experience with computers that have a compatible TPM microchip and BIOS. A compatible TPM is defined as a version 1.2 TPM that has the BIOS modifications that are required to support the Static Root of Trust Measurement, as defined by the Trusted Computing Group. The TPM interacts with BitLocker to help provide seamless protection when the computer restarts.
The path to the TPM driver file is %WINDIR%\Inf\Tpm.inf
. For information about how to add the TPM driver to Windows Preinstallation Environment (Windows PE), see WinPE: Mount and Customize.
BitLocker Drive Encryption Partitioning Requirements
BitLocker must use a system partition that is separate from the Windows partition. The system partition:
- Must be configured as the active partition.
- Must not be encrypted or used to store user files.
- Must have at least 250 MB of space.
- May be shared with a recovery partition.
For more information about BitLocker partitioning requirements, see Hard Drives and Partitions Overview.