You must be able to supply the TPM owner password to change the state of the TPM, such as when enabling or disabling the TPM or resetting the TPM lockout. The initialization process generates a TPM owner password, which is a password set on the TPM. Prior to enabling BitLocker on a computer with a TPM version 1.2, you must initialize the TPM. Some keys are required and some are optional protectors you can choose to use depending on the level of security you require. There are multiple keys that can be generated and used by BitLocker. If Secure Boot for integrity validation is being used, it reports Uses Secure Boot for integrity validation BitLocker can be checked if it uses Secure Boot for integrity validation with the command line manage-bde.exe -protectors -get C. Updates to UEFI\BIOS firmware, installation of additional UEFI drivers, or UEFI applications without using the Windows update mechanism (only if BitLocker doesn't use Secure Boot for integrity validation during updates).Manual or third-party updates to secure boot databases (only if BitLocker uses Secure Boot for integrity validation).Non-Microsoft application updates that modify the UEFI\BIOS configuration.It's recommended that users test their TPM firmware updates if they don't want to suspend BitLocker protection Users don't have to suspend BitLocker if the TPM firmware update uses Windows API to clear the TPM because in this case, BitLocker will be automatically suspended. Not every TPM firmware update will clear the TPM. Some TPM firmware updates if these updates clear the TPM outside of the Windows API.Users need to suspend BitLocker for Non-Microsoft software updates, such as: No user action is required for BitLocker in order to apply updates from Microsoft, including Windows quality updates and feature updates.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |