BitLocker is a drive encryption technology introduced by Microsoft in its Windows Vista Operating System.

Default ConfigurationEdit

BitLocker is off by default on a clean RTM install of the Windows Vista Ultimate Operating System.

OEM Default ConfigurationsEdit

There are no known configurations of OEM machines with BitLocker enabled by default.

Hardware RequirementsEdit

  • Two NTFS drive partitions.
  • For TPM
    • Trusted Platform Module (TPM) microchip, version 1.2, turned on.
    • Trusted Computing Group (TCG)-compliant BIOS.
  • For non-TPM
    • USB flash drive.
    • A BIOS that can read and write to a USB flash drive.

Software RequirementsEdit

BitLocker will be available in Windows Vista Ultimate and Windows Vista Enterprise versions only.


TODO TPM (Trusted Platform Module) USB Memory Stick

Back doorsEdit

There is no plan to implement back-door access in BitLocker.

Detection using WMIEdit

To detect BitLocker or TPM you can use the Security WMI Providers. The reference page has links to both the BitLocker Provider and the TPM provider. Search for "Security WMI Providers Reference" if the link no longer works. As an example, the "GetEncryptionMethod" method of Win32_EncryptableVolume on the BitLocker provider indicates the encryption algorithm and key size used on the volume.

Detection Without WMIEdit

When you need to detect BitLocker from a different Operating System, you can look at the BIOS Parameter Block (BPB) which is located in the first bytes of the first sector of the volume. The 8 bytes starting at offset 3 should be "-FVE-FS-". Further information can be found on the System Integrity Team Blog.


The BitLocker cryptographic algorithm has been published.

External LinksEdit