Geeks With Blogs

News



Microsoft Store

Support This Site


AddThis Social Bookmark Button

Locations of visitors to this page

Subscribers to this feed

TwitterCounter for @sdorman

Creative Commons License


Scott Dorman Microsoft MVP, Software Architect, Developer, Author

BitLockerTM Drive Encryption

BitLocker allows the entire OS volume to be encrypted as well as any other volumes. In order to do this, a 1.5 GB unencrypted system volume is required.

BitLocker requires Trusted Platform Module (TPM) v1.2 or a USB device and USB-capable BIOS and is implemented as a file filter driver that sits just above the volume manager drivers.

There are several supported modes for storing the decryption key:

  • TPM locked with signature of boot files
  • TPM locked with user-specified PIN
  • external USB flash device

Code Integrity Verification

The operating system loader and the kernel now perform code signature checks. On 64-bit x64 platforms, all kernel mode code must be signed and the identity of all kernel mode binaries is verified. The system also audits events for integrity check failures.

On 32-bit platforms, the administrator is prompted to install unsigned code. Load-time checks are done on all kernel mode binaries, but if unsigned code is allowed to load you won't be able to play protected high-definition multimedia content.

Posted on Sunday, June 18, 2006 2:18 PM TechEd 2006 , Vista | Back to top


Comments on this post: Windows Vista: Kernel Changes - BitLocker, Code Integrity

# Vista Mythbusters #7: How much DRM is too much? - Ed Bott's Microsoft Report
Requesting Gravatar...
This post from programmer Scott Dorman connects the dots:
Left by on Nov 27, 2006 12:34 PM

Your comment:
 (will show your gravatar)


Copyright © Scott Dorman | Powered by: GeeksWithBlogs.net | Join free