Bitlocker Secure Startup
3/21/2011
This package is a Feature Pack in the category Security. The name of the package as it appears on disk and for use with some command-line tools is WinEmb-Security-SecureStartUp.
This package includes BitLocker Drive Encryption, which is a Windows Embedded Standard 7 feature that helps you secure your digital assets by combining software-based encryption with hardware validation. BitLocker can optionally use a Trusted Platform Module (TPM) to protect user data and to help ensure that your Standard 7 device has not been tampered with while the system was offline. BitLocker provides enhanced data protection if a device is lost or stolen and secure data deletion when it comes time to decommission assets.
Settings
No settings provided.
Services
- BDESVC
- BitLocker Drive Encryption Filter Driver
Dependencies
Package Dependencies
This package depends upon features provided by the following packages:
Group Dependencies
No group dependencies.
Optional Supporting Packages
You can select any number of packages from the following list:
You can use the optional packages to enable the following functions:
To do this | Use these packages |
---|---|
Provide support for the BitLocker Drive Encryption UI Launcher (bdeuisrv.exe). |
Common Uses
Notes
BitLocker requires a separate active partition from the Standard 7 partition. When BitLocker is activated, the Standard 7 partition is encrypted.
The separate active partition contains important Standard 7 start files and must have the following properties:
- Minimum 100 megabytes (MB)
- Not encrypted or used to store user files
A system administrator must run the BitLocker setup wizard after installation to activate BitLocker. When using a TPM, a system administrator should initialize it before activating BitLocker.
Important
We recommend that the system administrator create a recovery password or recovery key in case a problem develops on the drive encrypted with BitLocker.
Due to the requirement for an active partition that is separate from the Standard 7 partition, it is not possible to use BitLocker to encrypt a system volume on a USB drive that reports its media type as removable.
You must include the Windows Search package in your image for the Turn on BitLocker command to be available when right-clicking a drive in Windows Explorer.
For a complete description and step-by-step instructions on how to use BitLocker, see Windows BitLocker Drive Encryption Step-by-Step Guide. For a complete set of hardware and firmware requirements to support BitLocker, see Windows Vista BitLocker Client Platform Requirements.