Add more information about Bitlocker (#2302)

Signed-off-by: Daniel Gray <dngray@privacyguides.org>
Signed-off-by: Freddy <freddy@privacyguides.org>
This commit is contained in:
Jonah Aragon 2023-10-11 10:33:19 +00:00 committed by Daniel Gray
parent 9bd5e84d32
commit 122646d0f8
No known key found for this signature in database
GPG Key ID: 41911F722B0F9AE3

View File

@ -87,7 +87,7 @@ Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/Tru
## OS Full Disk Encryption ## OS Full Disk Encryption
Modern operating systems include [FDE](https://en.wikipedia.org/wiki/Disk_encryption) and will have a [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor). For encrypting the drive your operating system boots from, we generally recommend enabling the encryption software that comes with your operating system rather than using a third-party tool. This is because your operating system's native encryption tools often make use of OS and hardware-specific features like the [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor) in your device to protect your computer against more advanced physical attacks. For secondary drives and external drives which you *don't* boot from, we still recommend using open-source tools like [VeraCrypt](#veracrypt-disk) over the tools below, because they offer additional flexibility and let you avoid vendor lock-in.
### BitLocker ### BitLocker
@ -95,7 +95,7 @@ Modern operating systems include [FDE](https://en.wikipedia.org/wiki/Disk_encryp
![BitLocker logo](assets/img/encryption-software/bitlocker.png){ align=right } ![BitLocker logo](assets/img/encryption-software/bitlocker.png){ align=right }
**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). [ElcomSoft](https://en.wikipedia.org/wiki/ElcomSoft), a forensics company, has written about it in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/). **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation} [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
@ -103,7 +103,7 @@ BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-o
??? example "Enabling BitLocker on Windows Home" ??? example "Enabling BitLocker on Windows Home"
To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style": 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":