4

My infrastructue uses BitLocker encrypted drives with TPM but no start up PIN. Recovery keys are stored in the AD. A few of my users are worried that no startup PIN is insecure as to the old WinMagic setup with a startup PIN before booting the OS.

In our design it is clearly stated that the most important thing is that the hard drive is encrypted in case the computer is stolen or lost.

What can I tell my concerned users, that will make them understand that the startup PIN does not really introduce any extra security.

sjldk
  • 41
  • 2

3 Answers3

3

Why not just explain to them the transparent mode operation of BitLocker in conjunction with TPM and that no startup PIN is required.

You could also implement TPM + PIN if it's that big an issue with the users.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
1

What you need to make clear to your users that you were not architecting extra security, you were architecting data protection via encryption. If you previously had a startup pin then the users have a valid point as your design has lost an authentication factor that you previously had.

Jim B
  • 24,081
  • 4
  • 36
  • 60
  • I would say that they've lost one (WinMagick) and gained another (TPM). As I stated in my answer, if TPM (transparent mode) doesn't make the users feel warm and fuzzy then the OP can implement TPM + PIN. – joeqwerty Jun 09 '11 at 13:03
  • 1
    TPM is not something you KNOW, TPM is something you HAVE, if I steal your PC with just TPM - the OS starts and I only have to worry about OS security, if you have a PIN then I have to invent a way to bypass the TPM chip. – Jim B Jun 09 '11 at 13:07
0

It's only a problem if they lose the computer while it's powered on and logged in (unlocked). The design of TPM is such that any of the attack vectors used to compromise windows would invalidate the data reported to the PCR registers and cause a lockout of the drive.

Kara Marfia
  • 7,892
  • 5
  • 33
  • 57