Share via


Bitlocker Secure Startup

3/21/2011

This package is a Feature Pack in the category Security. The name of the package as it appears on disk and for use with some command-line tools is WinEmb-Security-SecureStartUp.

This package includes BitLocker Drive Encryption, which is a Windows Embedded Standard 7 feature that helps you secure your digital assets by combining software-based encryption with hardware validation. BitLocker can optionally use a Trusted Platform Module (TPM) to protect user data and to help ensure that your Standard 7 device has not been tampered with while the system was offline. BitLocker provides enhanced data protection if a device is lost or stolen and secure data deletion when it comes time to decommission assets.

Settings

No settings provided.

Services

  • BDESVC
  • BitLocker Drive Encryption Filter Driver

Dependencies

Package Dependencies

This package depends upon features provided by the following packages:

Group Dependencies

No group dependencies.

Optional Supporting Packages

You can select any number of packages from the following list:

You can use the optional packages to enable the following functions:

To do this Use these packages

Provide support for the BitLocker Drive Encryption UI Launcher (bdeuisrv.exe).

.NET Framework 2.0 Client Profile

Common Uses

Notes

BitLocker requires a separate active partition from the Standard 7 partition. When BitLocker is activated, the Standard 7 partition is encrypted.

The separate active partition contains important Standard 7 start files and must have the following properties:

  • Minimum 100 megabytes (MB)
  • Not encrypted or used to store user files

A system administrator must run the BitLocker setup wizard after installation to activate BitLocker. When using a TPM, a system administrator should initialize it before activating BitLocker.

Important

We recommend that the system administrator create a recovery password or recovery key in case a problem develops on the drive encrypted with BitLocker.

Due to the requirement for an active partition that is separate from the Standard 7 partition, it is not possible to use BitLocker to encrypt a system volume on a USB drive that reports its media type as removable.

You must include the Windows Search package in your image for the Turn on BitLocker command to be available when right-clicking a drive in Windows Explorer.

For a complete description and step-by-step instructions on how to use BitLocker, see Windows BitLocker Drive Encryption Step-by-Step Guide. For a complete set of hardware and firmware requirements to support BitLocker, see Windows Vista BitLocker Client Platform Requirements.