BitLocker is a drive encryption technology introduced by Microsoft in its Windows Vista Operating System.
BitLocker is off by default on a clean RTM install of the Windows Vista Ultimate Operating System.
OEM Default ConfigurationsEdit
There are no known configurations of OEM machines with BitLocker enabled by default.
- Two NTFS drive partitions.
- For TPM
- Trusted Platform Module (TPM) microchip, version 1.2, turned on.
- Trusted Computing Group (TCG)-compliant BIOS.
- For non-TPM
- USB flash drive.
- A BIOS that can read and write to a USB flash drive.
BitLocker will be available in Windows Vista Ultimate and Windows Vista Enterprise versions only.
TODO TPM (Trusted Platform Module) USB Memory Stick
There is no plan to implement back-door access in BitLocker.
Detection using WMIEdit
To detect BitLocker or TPM you can use the Security WMI Providers. The reference page has links to both the BitLocker Provider and the TPM provider. Search for "Security WMI Providers Reference" if the link no longer works. As an example, the "GetEncryptionMethod" method of Win32_EncryptableVolume on the BitLocker provider indicates the encryption algorithm and key size used on the volume.
Detection Without WMIEdit
When you need to detect BitLocker from a different Operating System, you can look at the BIOS Parameter Block (BPB) which is located in the first bytes of the first sector of the volume. The 8 bytes starting at offset 3 should be "-FVE-FS-". Further information can be found on the System Integrity Team Blog.
The BitLocker cryptographic algorithm has been published.
- http://www.cobynsoft.com/software/cobynsofts-ad-bitlocker-password-audit/ Cobynsoft's AD Bitlocker Password Audit for Windows
- http://www.schneier.com/blog/archives/2006/05/bitlocker.html - Excellent summary and the comments are worth reading.
- http://blogs.msdn.com/si_team/archive/2006/03/02/542590.aspx Blog entry describing acceptability of back-door access.
- http://news.bbc.co.uk/1/hi/uk_politics/4713018.stm BBC News article about concern over no back-door access.
- http://windowsconnected.com/blogs/joshs_blog/archive/2005/12/28/122.aspx Steps to create a BitLocker drive pre-RTM.
- http://www.microsoft.com/technet/windowsvista/library/c61f2a12-8ae6-4957-b031-97b4d762cf31.mspx Article on how to setup BitLocker.