Secure Startup - Full Volume Encryption: Technical Overview
Updated: April 25, 2005
File name: secure-start_tech.doc
About This Download
Microsoft is committed to simplifying and improving the security of the Microsoft Windows family of operating systems. With the upcoming client version release of Windows Vista, Microsoft will continue this commitment by delivering security innovations that include the Secure Startup feature.
Secure Startup is a hardware-based security feature that addresses the growing concern for better data protection. The feature uses a Trusted Platform Module (TPM 1.2) to protect user data and to ensure that a PC running Windows Vista has not been tampered with while the system was offline. Secure Startup provides both mobile and office enterprise information workers with more data protection when their systems are lost or stolen.
The TPM is a microcontroller that stores keys, passwords, and digital certificates. It typically is affixed to the motherboard of a PC. The nature of this silicon ensures that the information stored there is more secure from external software attacks and physical theft.
Secure Startup protects data by preventing unauthorized users from breaking Windows file and system protection on lost or stolen computers. This protection is achieved by encrypting the entire Windows volume. With full volume encryption, all user and system files are encrypted.
Secure Startup is transparent to the user and is easy to deploy and manage. When a system is compromised, Secure Startup has a simple and efficient recovery process.
This paper provides information about the Secure Startup feature in Windows Vista. It provides insight into the feature for enterprise business decision-makers who want to learn what Secure Startup does to address the growing data security issue.
This paper assumes the reader understands Trusted Platform Model (TPM) technology.
Included in this white paper: