BitLocker Flow

BitLocker Drive Encryption: Scenarios, User Experience, and Flow

May 16, 2006

AbstractThis paper provides information about Microsoft® BitLocker™, a security feature that is available in certain Microsoft Windows® operating systems. It provides guidelines for IT administrators and advanced users to understand the different scenarios that BitLocker supports, the user interfaces that help set up and manage keys in the product, and the user experience flow.

This information applies for the Microsoft Windows Vista™ operating system.

The current version of this paper is maintained on the Web at: http://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerFlow.mspx

ContentsOverview..................................................................................................................................3Basic BitLocker Use Scenario (TPM-Only)..............................................................................5Two-Layer Protection Use Scenarios......................................................................................6

Two-Factor Protection: TPM and PIN.................................................................................7Two-Layer Protection: TPM and Startup Key......................................................................8

Startup Key-Only Use Scenario.............................................................................................10Recovery Use Scenarios.......................................................................................................12

Accessing a Protected Volume by Using a Recovery Key................................................13Accessing a Protected Volume by Using a Recovery Password......................................14

Disabling Protection Use Scenario........................................................................................16BitLocker Setup Wizard User Experience..............................................................................17

Control Panel Main Page..................................................................................................18Option to Use a Startup Key or PIN for Added Security....................................................18Save a Startup Key on a USB Drive.................................................................................19Set a Startup PIN..............................................................................................................20Create a Recovery Password...........................................................................................21Option to Save the Recovery Password...........................................................................22Save a Recovery Password to a USB Drive.....................................................................22Show the Recovery Password..........................................................................................23Print the Recovery Password............................................................................................23Save the Password in a Folder.........................................................................................24Recovery Warning.............................................................................................................24Encrypt the Volume...........................................................................................................25

Pre-Windows Boot and Recovery User Experience..............................................................25Key Management User Experience.......................................................................................29

Manage Keys Options.......................................................................................................30Duplicating the Recovery Password.................................................................................31Duplicating the Startup Key...............................................................................................31Resetting the PIN..............................................................................................................31

Definitions..............................................................................................................................31Appendix................................................................................................................................33

Key Architecture and Design.............................................................................................33Administration...................................................................................................................36

http://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerFlow.mspx

BitLocker Drive Encryption: Scenarios, User Experience, and Flow - 2

DisclaimerThis is a preliminary document and may be changed substantially prior to final commercial release of the software described herein.

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, email address, logo, person, place or event is intended or should be inferred.

© 2006 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, BitLocker, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

May 16, 2006© 2006 Microsoft Corporation. All rights reserved.


OverviewMicrosoft® BitLocker™ Drive Encryption is a feature in Microsoft Windows Vista™ Enterprise and Ultimate editions that protects data when a computer is in unauthorized hands or is running an exploiting operating system. BitLocker does this by preventing an unauthorized user who boots another operating system or runs a software hacking tool from breaking Windows Vista file and system protections, or even viewing the files that make up the operating system itself. The same technology also cryptographically secures the hibernation file, which contains all programs and documents that were open when the computer hibernated.

BitLocker is a hardware-based security feature that addresses the growing need for better data protection. The feature uses a hardware device, the Trusted Platform Module (TPM) 1.2 to protect user data and to ensure that a PC that is running Windows Vista has not been tampered with while the system was offline. BitLocker provides both mobile and office enterprise information workers with more data protection when their systems are lost or stolen. Specific logo requirements must be satisfied to ensure proper functioning of BitLocker with TPM. BitLocker can also be used on Windows Vista computers without a TPM.

Note: The TPM is a microcontroller root of trust and can be leveraged to provide a variety of cryptographic services. TPM v1.2 with compatible BIOS upgrades gives BitLocker the ability to validate the integrity of critical early boot components and a transparent startup experience. The nature of this chip ensures that the information that is stored there is more secure from external software attacks and physical theft.

BitLocker can be transparent to the user and is easy to deploy and manage. When a system is compromised, BitLocker has a simple and efficient recovery process for authorized users.

BitLocker Drive Encryption:

Ensures boot integrity because it is:

Resilient to attack. It protects the system from offline software-based attacks.

Locks the system when tampered with. If any monitored files are altered or deleted, the system will not boot. This alerts users to changes in their system.

Protects data while the system is offline because it:

Encrypts user data and system files. All data on the Windows volume is encrypted: user data, system files, hibernation file, page file, and temporary files.

Provides umbrella protection for third-party applications, which benefit automatically when installed on an encrypted volume.

Eases equipment recycling by:

Simplifying the recycling process. Data on the encrypted volume can be rendered useless by deleting the TPM key store.

Facilitating data deletion. Making data permanently unusable takes seconds instead of hours.

The main goal of BitLocker is to protect data on the operating system volume of the hard drive when the computer is turned off or hibernated. To achieve this, volume contents are encrypted with a full-volume encryption key (FVEK), which in turn is encrypted with a volume master key (VMK), as shown in Figure 1. Securing the VMK is an indirect way of protecting data on the disk volume. The addition of the



VMK allows the system to rekey easily when keys upstream in the trust chain are lost or compromised, given that decrypting and reencrypting the entire disk volume is expensive.

In the basic use scenario, the VMK is bound, or sealed, to the TPM 1.2 security hardware. Access to data on the protected operating system volume is possible if the TPM successfully validates the integrity of critical early boot components in the operating system. The default TPM platform validation profile secures the VMK against changes to the Master Boot Record (MBR) Code (PCR 4), the NTFS Boot Sector (PCR 8), the NTFS Boot Block (PCR 9), the NTFS Boot Manager (PCR 10), and the Volume Key and Critical Components (PCR 11).

Recovery mechanisms exist for authorized users who encounter legitimate recovery scenarios. For example, if the TPM fails validation due to a necessary upgrade, if the system board that contains the TPM is replaced, or if the hard drive that contains the operating system volume is moved to another computer, the system enters recovery mode and the user can use a recovery key that is stored on a USB key.

After BitLocker authenticates access to a protected operating system volume, a filter driver in the Windows Vista file system stack uses the FVEK to encrypt and decrypt disk sectors transparently as data is written to and read from the protected volume. When the computer hibernates, an encrypted hibernation file is saved to the protected volume. Pending access authentication, this saved file is decrypted when the computer resumes from hibernation.

This document presents multiple BitLocker user scenarios and describes setup, management, and recovery. Screenshots, diagrams, and examples demonstrate how a local or domain administrator can use the BitLocker Setup Wizard, the key management user interface (UI), or easily-deployable scripts to turn on and manage BitLocker, and how a users can access their data in recovery scenarios.

Note that because Windows Vista has not been released, actual screenshots, text, and flows may change.

Notes on Terminology in This DocumentThe term volume means an area of storage on a hard disk. A volume is formatted

by using a file system, such as NTFS, and has a drive letter that is assigned to it. This is different from a partition, which is a portion of a physical disk that functions as though it were a physically separate disk. After a partition is created, it must be formatted and assigned a drive letter before data can be stored on it. A volume could exist for each partition on a hard drive, or volumes can span multiple partitions. BitLocker works with volumes, not partitions.

The term boot volume is the volume that contains the Windows operating system and its support files, In this document, the Windows Vista terminology operating system volume is used. The system volume is the volume that contains the required hardware-specific files to load Windows on x86-based computers after the BIOS has booted the platform. In this document, this is called the system (active) volume. For BitLocker to work, the system volume must not be encrypted, must differ from the operating system volume, and must be formatted with NTFS.

Basic BitLocker Use Scenario (TPM-Only)A user wants to protect data on his or her laptop in case the computer is lost or stolen. The laptop contains a compatible TPM (version 1.2, with BIOS support) and has two volumes: a system volume and an operating system volume with a version of Windows that supports BitLocker.



Scenario Enable/Disable: This scenario can be enabled or disabled by using the Security item in Windows Vista Control Panel. For more information, see "BitLocker Setup Wizard User Experience," later in this paper.

When BitLocker is turned on, the operating system volume is encrypted and the VMK is protected by sealing it to the TPM.

When BitLocker is disabled, the VMK is available through a clear key, so the data is still encrypted, but accessible to anyone.

When BitLocker is turned off, the volume is decrypted and all keys must be re-created if BitLocker is turned on again at a later time.

Key Change/Duplication: All keys in this scenario are not visible to the user and cannot be changed, duplicated, or revoked.

Protected Volume Move: A move of the protected operating system volume to another TPM-enabled machine requires a recovery key or password-based recovery. The VMK must also be resealed to the new TPM. This also applies to scenarios where the system board (with the old TPM) must be changed. For more information, see "Recovery Use Scenarios," later in this paper.

When BitLocker is enabled, data on the operating system volume is protected by encrypting volume contents with the FVEK, encrypting the FVEK with the VMK, and sealing the VMK to the TPM. When BitLocker is turned off, the volume is decrypted and all keys are removed. New keys are created if BitLocker is turned on again at a later time.

During BitLocker setup, creation of a recovery password or recovery key is highly recommended. Users require the recovery key or password to access data if the computer enters recovery mode. The following circumstances trigger recovery mode:

A hard disk that contains a BitLocker-protected operating system volume is moved to another computer.

A system board is changed.

The TPM on the computer fails to validate successfully.

Other circumstances change the boot sequence.

For more information, see "Recovery Use Scenarios," later in this paper.

User Interface Support1. In Control Panel, navigate to the BitLocker icon in the Security item to turn on

BitLocker.

2. Click Turn On BitLocker to run the BitLocker Setup Wizard.

3. Create a recovery key or a recovery password as part of the setup process, skipping all other options.

For more information, see "BitLocker Setup Wizard User Experience," later in this paper.

4. After BitLocker is turned on, navigate to the Security item in Control Panel to turn off or disable BitLocker.

Scripting SupportNote: The method names in this section are exposed through the BITLOCKER Windows Management Instrumentation (WMI) Provider, Win32_EncryptableVolume.

1. Use ProtectKeyWithTPM to secure the encryption key for the volume to the TPM.



2. Create recovery binary large objects (BLOBs):

Use ProtectKeyWithExternalKey to create a recovery key.

Use ProtectKeyWithNumericalPassword to create a recovery password.

3. Use Encrypt to encrypt the volume.

4. Use GetConversionStatus to indicate when the volume is fully encrypted.

5. Use GetProtectionStatus to ensure that BitLocker protection is turned on.

6. Use Decrypt to decrypt the volume and turn off BitLocker protection.

Disk

Cleartext data

Volume Encryption Key (FVEK)

Decryption performed on

data using FVEK

Unseal performed on VMK by TPM

Da

ta

FVEK

TPM

VM

K

En

cryp

ted

Dis

k S

ect

ors

Encrypted Volume

Figure 1. Accessing a BitLocker-enabled volume with TPM protection

Two-Layer Protection Use ScenariosBitLocker offers two types of two-layer protection use scenarios:

Two-factor authentication

Two-layer key protection

In the first type, the user is authenticated with two-factor authentication: what the user has (the TPM) and what the user knows (a PIN). In the second type, the user uses two things (the TPM and a USB device) to authenticate.



Two-Factor Protection: TPM and PINA user wants to protect the data on his computer with two-factor authentication: what he has (TPM)] and what he knows (PIN). He is willing to type the PIN each time the computer starts.

When the PIN is created, it is linked to the VMK. Now when BitLocker is enabled, the user must enter the PIN to access any information on the encrypted volume.

The PIN can be changed, but it cannot be stored or backed up. Like the basic BitLocker use scenario, the creation of a recovery password or recovery key is highly recommended to access a BitLocker-enabled disk volume in recovery scenarios (for example, if the user forgets the PIN).


BitLocker and enable PIN support.

Click Turn On BitLocker to run the BitLocker Setup Wizard.

Create a recovery key or a recovery password as part of the setup process.

Use the Create PIN? dialog box to enable PIN authentication.

For more information, see screen 2a in Figure 7, later in this paper.

2. Reset or change the PIN through the Manage Keys link in the Control Panel BitLocker item.

The following security notes exist in Windows Vista:

After BitLocker protection is turned on; the PIN cannot be added without first decrypting the disk and turning off BitLocker.

After the PIN is created and BitLocker protection is turned on, the PIN cannot be removed without first turning off BitLocker.

Scripting Support1. Use ProtectKeyWithTPMAndPIN to secure the encryption key for the volume to

the TPM, enhanced with PIN authentication.

Note that this method can be used even if a TPM-only authentication BLOB already exists or BitLocker protection has already been turned on.

2. Create recovery BLOBs:







7. Use DeleteKeyProtector to remove the TPM-plus-PIN authentication BLOB.

8. Use ProtectKeyWithTPMAndPIN once again to re-create the TPM-plus-PIN BLOB (with possibly a different PIN).



Disk

Cleartext data



data using FVEK

Unseal performed on

VMK

Dat

aFVEK

TPM

TPM Key

VM

K

Enc

rypt

ed D

isk

Sec

tors

Sealed VMK

Encrypted Volume

PIN

Hashed PIN

Figure 2. Accessing a BitLocker-enabled volume with PIN-enhanced TPM protection

Two-Layer Protection: TPM and Startup KeyA user wants to protect the data on her computer with two-layer authentication: TPM and USB flash drive that contains a startup key. She is willing to insert the USB flash drive that contains the startup key each time before the computer starts.

Scenario Enable/Disable: The two-layer authentication scenario can be enabled and disabled starting with the Security item in Windows Vista Control Panel and using the follow-on Create Startup Key dialog box (see screen 2b in Figure 7, later in this paper). The first version of BitLocker has no UI that allows the user to easily turn on or turn off the two-layer protection at a later time, after BitLocker setup. If the user decides to turn off two-layer protection by removing the startup key layer, she must disable and reenable BitLocker.

Key Change/Duplication: Except for the PIN, all keys in this scenario are not visible to the user and cannot be changed, duplicated, or revoked. The PIN value can be reset in the Control Panel BitLocker item, but cannot be stored or escrowed.

The startup key is stored on the computer that is encrypted by the VMK, but cannot be backed up automatically. Like the BitLocker use scenario, the creation of a recovery password or recovery key is highly recommended to access a BitLocker-enabled disk volume in recovery scenarios (for example, losing the USB flash drive that contains the startup key).



Although the startup key is required from power-up until Windows logon, it should be removed afterwards to secure two-layer authentication.


BitLocker and enable startup key support.

Click Turn On BitLocker to run the BitLocker Setup Wizard.

Create a recovery key and/or a recovery password as part of the setup process.

Use the Create a startup key for added security dialog box to add a startup key.

For more information, see screen 1 in Figure 7, later in this paper

2. Duplicate the startup key through the Manage Keys link in the Control Panel BitLocker item.


After BitLocker protection is turned on, the startup key cannot be added without first decrypting the disk and turning off BitLocker.

After the startup key is created and BitLocker protection is turned on, the startup key cannot be removed without first turning off BitLocker.

After the startup key is created and BitLocker protection is turned on, the startup key cannot be changed without first turning off BitLocker.

Scripting Support1. Use ProtectKeyWithTPMAndStartupKey to secure the encryption key for the

volume to the TPM, enhanced with startup key authentication.

2. Create recovery BLOBs:







7. Use DeleteKeyProtector to remove the TPM-plus-startup-key authentication BLOB.

8. Use ProtectKeyWithTPMAndStartupKey again to re-create the TPM-plus-startup-key BLOB (with possibly a different startup key).



Disk

Cleartext data

Volume Encryption Key (FVEK)Decryption

performed on data using

FVEK

Unseal performed on VMK

Dat

a

FVEK

TPM

TPM keyInte

rmed

iate

key

Enc

rypt

ed d

isk

sect

ors

Encrypted Volume

USB device with Startup

Key

EK

Combining keys by using SHA256

VM

K

Sealed VMK

Figure 3. Accessing a BitLocker-enabled volume with startup key–enhanced TPM protection

Startup Key–Only Use ScenarioA user wants to protect his data on a system without a compatible TPM. He is willing to insert the USB flash drive that contains the startup key each time the computer starts.

Scenario Enable/Disable: This scenario can be enabled and disabled by using the Security item in Windows Vista Control Panel. The user must create a startup key by using the wizard when turning on BitLocker. This scenario can also be enabled through scripting. When the feature is disabled, the volume is decrypted and all keys are destroyed and must be re-created if the feature is reenabled at a later time.

Key Change/Duplication: The startup key is created for the user and is visible for saving to a file in a user-determined location. The startup key can be copied but cannot be changed.

Volume Move: Moving the protected volume to another computer without a TPM 1.2 requires only the presence of the USB flash drive that stores the startup key. Moving the protected volume to a TPM-enabled computer requires the startup key (or, as usual, the recovery key or password-based recovery).

When the user has a computer without an appropriate TPM and wants to leverage BitLocker functionality (and has a system volume and an operating system volume configured), he enables it through the BitLocker item in Windows Vista Control



Panel. The system generates a startup key when the user inserts a USB flash drive, and saves the startup key. The USB device is now required for booting (or resuming from hibernation).

The user inserts the USB flash drive and turns on the computer. The PC boots into the operating system, and the user can start using the system normally. For a diagram of the process of decrypting data on a protected volume by using external media only (for example, no TPM), see Figure 4.

Using the Control Panel BitLocker item, the user can create a backup (copy) of the startup key on a destination of his choosing.

Another scenario is volume recovery. If the user’s system is damaged and he must move the hard drive to a new machine, he can use the recovery key on his external device to decrypt and recover the volume.

The overall BitLocker security of a system that uses a startup-key-only scenario is not at the same high level as the security of a system that uses a TPM.

User Interface Support1. Create and save a startup key as part of the BitLocker Setup Wizard.

For more information, see screen 1 in Figure 7, later in this paper.

2. Save the created startup key as part of the key management interface.

3. Insert the startup key as part of the boot process.


After creation, the startup key cannot be changed.

After creation, the startup key cannot be removed or revoked.

Scripting Support1. Use ProtectKeyWithExternalKey to create an external key that is used as a

startup key for a computer without a compatible TPM.

2. Use SaveExternalKeyToFile to write a file that contains the startup key to a USB flash drive or another location.

3. Use UnlockWithExternalKey to unlock a volume with a startup key.

4. Use GetKeyProtectors to list the created external keys for a disk volume.

5. Use DeleteKeyProtector to remove the external key authentication BLOB that is associated with a created startup key.

6. Use GetKeyProtectorExternalKey to retrieve the key contents of a created startup key BLOB.



Cleartext Data



data using FVEK

Dat

a

FVEK

Enc

rypt

ed d

isk

sect

ors

Encrypted Volume USB device with

Startup Key

Sta

rtup

Key

Decrypting of the VMK

VM

K

Figure 4. Volume decryption process with startup key from external media and no TPM

If an external device is lost, the startup key can be revoked through volume reencryption. The volume must be recovered by using the recovery key or the recovery password and a new startup key generated. All other volumes that also use the lost startup key must undergo a similar procedure.

Recovery Use ScenariosRecovery is using a recovery key or password to decrypt a copy of the VMK. The TPM is not involved in recovery scenarios, so recovery is possible if the TPM fails boot component validation, malfunctions, or is inaccessible.

Various scenarios can trigger recovery:

Upgrade of the system board or TPM.

Damage to a computer that causes the user to move the BitLocker-enabled volume to a different computer with a different TPM or no TPM at all.

Turning off, disabling, or clearing the TPM.

Upgrading critical early boot components that causes the TPM to fail validation.

Forgetting the PIN if TPM-plus-PIN authentication has been enabled.

Losing the USB flash drive that contains the startup key if TPM-plus-startup-key authentication has been enabled.

Redeploying desktops or laptops to others in the enterprise (such as to users with different security clearances).



Retasking desktops in place (changing the purpose of that machine, for example, an IT administrator reinstalling the operating system remotely).

BitLocker cannot distinguish between a legitimate upgrade to critical early boot components by the user and a malicious change to these same boot components by an attacker. Both cases trigger recovery, and anyone with access to recovery tokens can read BitLocker-protected data. For these reasons, it is important to keep recovery keys and passwords secure and accessible only to authorized individuals.

If the cause of recovery is unknown, avoid unknowingly accepting malicious changes to critical files by validating and resetting critical boot components to a known-good state.

Accessing a Protected Volume by Using a Recovery Key A user cannot boot into her BitLocker-enabled operating system volume because the system is in recovery mode. She previously created a recovery key and saved it onto a USB flash drive.

The recovery key can be created and saved to a USB flash drive during BitLocker setup, and be managed and copied after BitLocker is enabled.

By inserting the USB flash drive that contains the recovery key into the computer when it starts, the user can access the operating system volume regardless of the state of the TPM.

User Interface Support1. Create a recovery key as part of the BitLocker Setup Wizard.


2. Make a copy of the created recovery key as part of the key management interface.

3. Input the recovery key as part of the pre-Windows text-mode recovery interface.

For more information, see "Pre-Windows Boot and Recovery User Experience," later in this paper.

The following security notes exist in BitLocker:

After creation, the recovery key cannot be changed.

After creation, the recovery key cannot be removed or revoked.

After BitLocker is enabled, a new recovery key cannot be added.

Scripting Support1. Use ProtectKeyWithExternalKey to create a recovery key.

Note that this method can be used even if a recovery key BLOB already exists or BitLocker protection has already been turned on.

2. Use SaveExternalKeyToFile to write a file that contains the recovery key to a USB flash drive or another location.

3. Use UnlockWithExternalKey to unlock a volume with the recovery key.

4. Use GetKeyProtectors to list the created recovery keys for a disk volume.

5. Use DeleteKeyProtector to remove the external key authentication BLOB that is associated with a created recovery key.

6. Use GetKeyProtectorExternalKey to retrieve the key contents of a created recovery key BLOB.



Cleartext Data



data using FVEK

Dat

a

FVEK

Enc

rypt

ed d

isk

sect

ors

Encrypted Volume USB device with RK

RK

Decrypting of the VMK

VM

K

Figure 5. Accessing a BitLocker-enabled volume with recovery key

Accessing a Protected Volume by Using a Recovery Password A user cannot boot into his BitLocker-enabled operating system volume because recovery was triggered. He previously created a recovery password and either wrote it down, printed it, or saved it to a file.

The recovery password is randomly generated during BitLocker setup and can be managed and copied after BitLocker is enabled. Through the wizard, the recovery password can be printed or saved to a file for future use.

The domain administrator can configure Group Policy to automatically generate recovery passwords and transparently back them up to Microsoft Active Directory® when BitLocker is enabled. Furthermore, the domain administrator can choose to prevent BitLocker from being enabled unless the computer is connected to the network and Active Directory backup of the recovery password is successful.

The domain administrator can retrieve a stored recovery password when the protected computer is in recovery mode. For example, if an employee must recover his operating system volume while traveling, he can call IT help desk support and obtain the appropriate recovery password.

User Interface Support1. Create, save, or print a recovery password as part of the BitLocker Setup

Wizard.


2. Save or print a copy of the created recovery password as part of the key management interface.



3. Input the recovery password as part of the pre-Windows text-mode recovery interface.

For more information, see "Pre-Windows Boot and Recovery User Experience," later in this paper.


After creation, the recovery password cannot be changed.

After creation, the recovery password cannot be removed or revoked.

After BitLocker is enabled, a new recovery password cannot be added.

Scripting Support1. Use ProtectKeyWithNumericalPassword to create a recovery password.

Note that this method can be used even if a recovery password BLOB already exists or BitLocker protection has already been turned on.

If Active Directory backup is enabled or required by Group Policy, this method also stores the recovery password to Active Directory.

2. Use UnlockWithNumericalPassword to unlock a volume with a recovery password.

3. Use GetKeyProtectors to list the created recovery passwords for a disk volume.

4. Use DeleteKeyProtector to remove the numerical password authentication BLOB that is associated with a created recovery password.

5. Use GetKeyProtectorNumericalPassword to retrieve the numerical password content of a created recovery password BLOB.

Cleartext Data

Volume Encryption Key (FVEK)Decryption

performed on data using FVEK

Dat

a

FVEK

Enc

rypt

ed d

isk

sect

ors

Encrypted Volume

Rec

over

y pa

ssw

ord

F-key password obtained from Admin

Decryption of the VMK using the

password

VM

K

Figure 6. Accessing a BitLocker-enabled volume with recovery password



Disabling Protection Use ScenarioWhen BitLocker is disabled, the volume is encrypted but the VMK is freely available on disk, encrypted with a symmetric clear key that is stored on the hard disk. The availability of the clear key disables the security that BitLocker offers, but ensures that all subsequent computer boots will succeed under any circumstance.

The administrator may be required to temporarily disable BitLocker in the following scenarios:

The machine reboots for maintenance without requiring user input (for example, of PIN or startup key).

Upgrade of critical early boot components without triggering BitLocker recovery.

Installation of another operating system may change the boot manager.

Repartition of the disk may change the partition table.

Other system tasks may change the boot components that are validated by the TPM.

Upgrade of the system board to replace or remove the TPM without triggering BitLocker recovery.

Turning off, disabling, or clearing the TPM without triggering BitLocker recovery.

Moving a BitLocker-protected disk to another machine without triggering BitLocker recovery.

Losing all recovery tokens and needing to safely create new ones before triggering BitLocker recovery.

When BitLocker is reenabled, the clear key is removed from the disk volume and BitLocker protection is turned on again.

Exposing the VMK even for a brief period is a security risk because it is possible that an attacker has accessed the VMK and FVEK when these keys were exposed by the clear key.

Scenario Enable/Disable: This scenario can be enabled or disabled through the BitLocker item in Windows Vista Control Panel. When clear key is enabled, the volume remains encrypted, but the clear key is stored locally on disk. When clear key is disabled, the volume remains encrypted and the clear key is removed from the disk.

Key Change/Duplication: The clear key is stored, as the name suggests, in the clear on the local hard drive, in a predetermined location. It cannot be copied, nor can it be changed, because it is not visible to the user and is not stored as a file. All other keys (VMK and FVEK) in this scenario are unseen to the user and cannot be changed, duplicated, or revoked.

Volume Move: Moving the protected volume to another TPM-enabled machine does not require any additional steps because the key that protects the VMK is stored locally, in the clear.

User Interface Support1. In Control Panel, navigate to the BitLocker icon in the Security item.

Click the Disable BitLocker link to disable BitLocker.

For more information, see "BitLocker Setup Wizard User Experience," later in this paper.

2. After BitLocker is disabled, navigate to the Control Panel BitLocker item to enable BitLocker.



Scripting Support1. Use DisableKeyProtectors to disable BitLocker protection and authentication

without decrypting the volume.

2. Perform the task and optionally reboot the computer.

3. Use EnableKeyProtectors to enable BitLocker protection and update the validation of any boot components that may have changed.

4. Use GetKeyProtectorPlatformValidationProfile to determine the boot components that the TPM validated.

BitLocker Setup Wizard User ExperienceThe BitLocker Setup Wizard allows administrators or users to enable BitLocker. Administrators can specify how the encryption key is protected and begin encryption of the disk volume that contains Windows Vista.

This wizard is available from the BitLocker icon in the Security item of Control Panel by clicking the Turn On BitLocker link.

The flow for BitLocker Setup Wizard is shown in Figure 7. Each screenshot is also available at a larger scale later in this section.

Figure 7. BitLocker Setup Wizard user interface flow



Control Panel Main Page

Figure 8. Control Panel Main Page with TPM Initialized

Option to Use a Startup Key or PIN for Added Security

Figure 9. Option to use a startup key or PIN for added security (screen 1 in Figure 7)



This screen is used to choose either a startup key (on a USB flash drive) or a PIN for additional security, assuming that a TPM is present. Users can also choose not to add this layer of protection.

If a TPM is not being used, only the Save a Startup Key on a USB Drive option is available. The Set a Startup PIN and Don't Use a Startup Key or Pin options are unavailable because they rely on a TPM.

For more information, see "Two-Layer Protection: TPM and Startup Key," earlier in this paper.

Save a Startup Key on a USB Drive

Figure 10. Save a startup key on a USB drive (screen 2b in Figure 7)

This screen is used to choose a USB drive on which to save a startup key. With this option, the user must insert the key before starting the computer.



Set a Startup PIN

Figure 11. Create a PIN (screen 2a in Figure 7)

This screen offers the option to enter a 4- to 20-digit PIN. Setting a PIN adds an extra factor of authentication protection. For more information, see "Two-Factor Protection: TPM and PIN," earlier in this paper.

Domain administrators can require or disallow PIN creation.



Create a Recovery Password

Figure 12. Create Recovery Password (screen 3 in Figure 7)

This screen is used to create a recovery password. For more information on how the recovery password is used, see "Accessing a Protected Volume by Using a Recovery Password," earlier in this paper. If the user chooses to create a recovery password, screen 4 (shown in Figure 13) appears, which has options on the format of the recovery password.

Domain administrators can use their Group Policy to require or disallow recovery password creation.



Option to Save the Recovery Password

Figure 13. Save the recovery password (screen 4 in Figure 7)

This screen is used to save the recovery password to a USB drive or a folder, to display the password, or to print the password. For more information on how the recovery password is used, see "Accessing a Protected Volume Using a Recovery Password," earlier in this paper.

Save a Recovery Password to a USB Drive

Figure 14. Save recovery password to USB (screen 4a in Figure 7)

This screen is used to save a recovery password on a USB flash drive. For more information on how this recovery password is used, see "Recovery Scenario by Using a Recovery Key," earlier in this paper.



Users should not save the recovery password on the same USB flash drive that they use for the startup key. If they lose that flash drive, they may lose access to their data.

Domain administrators can use Group Policy to require or disallow recovery password creation.

Show the Recovery Password

Figure 15. Show recovery password (screen 4b in Figure 7)

This screen is used to display a recovery password on screen.


Print the Recovery Password

Figure 16. Print recovery password (screen 4c in Figure 7)

This screen is used to print the recovery password.




Save the Password in a Folder

Figure 17. Save recovery password to a folder (screen 4d in Figure 7)

This screen offers the option to save a recovery key as a file to a folder, such as a folder on a network share. For more information on how this recovery key is used, see "Recovery Scenario by Using a Recovery Key," earlier in this paper.


Recovery Warning

Figure 18. Warning to create recovery options (screen 5 in Figure 7)

This screen appears only if none of these four recovery creation options has been chosen:

Save a recovery password to a file.

Print a recovery password.

Save a recovery key to a pluggable USB storage device.

Save a recovery key file to a folder.

Domain administrators can turn off the appearance of this warning screen through Group Policy.



Encrypt the Volume

Figure 19. Encrypt the volume (screen 6 in Figure 7)

This screen notifies the users that the encryption of the volume is about to begin. The amount of time that this step takes is directly related to the size of the volume. However, encryption is performed in the background so that the computer can continue to be used while the volume is being encrypted. In addition, the administrator can pause and resume encryption at any time. Encryption is automatically paused when the computer is turned off or hibernated and can be resumed when the computer is turned on again. Encryption takes approximately one minute per gigabyte (GB).

Pre-Windows Boot and Recovery User ExperienceWhen a BitLocker-enabled operating system volume boots, Windows Vista boot code must perform authentication steps before unlocking or allowing access to the protected volume.

BitLocker attempts to unlock a volume in the following sequence:

1. Clear key: Protection has been disabled and the VMK is freely accessible. No authentication is necessary.

2. Authentication that does not require UI to be presented:

TPM: The TPM successfully validates early boot components to unseal the VMK.

TPM plus startup key: The TPM successfully validates early boot components, and a USB flash drive that contains the startup key has been inserted.

3. Authentication for which text-mode UI must be presented to the user:

TPM plus PIN: The user must enter the correct PIN before the TPM can be successfully validated.



Recovery key and/or startup key: The user must insert the USB flash drive that holds the recovery key or startup key.

Recovery password: The user must enter the correct recovery password.



Figure 20 illustrates the flow of this boot-time unlocking process and shows when pre-Windows text-mode interface is presented to the user.

Figure 20. Flow to unlock an operating system volume



For all system boot process scenarios, if the required method of authentication is present, the operating system volume unlocks and continues booting.

If the required method of authentication is not present, the interface appears as shown in the following paragraphs.

If the Startup Key is not present (screen 1):The key required to unlock this volume was not found.Please insert removable storage media containing the Startup Key or the Recovery Key.Then press ENTER to reboot.

If the media is inserted and the correct key is found (screen 0 in Figure 20):You may now remove the media.

When the PIN is enabled, when booting (or resuming from hibernation), the user sees a screen that requests the PIN (screen 2 in Figure 20):

To start this computer, type its BitLocker Drive Encryption startup PIN and then press Enter.

[

Use function keys F1 through F9 for 1 through 9, and F10 for 0. Use the Tab, Home, End, and Arrow keys to move the cursor.

If you do not have the correct startup PIN, press Escape.

If the PIN that is entered is incorrect, the following error text appears (screen 3 in Figure 20):

The startup PIN you entered is not correct for this disk volume.

To re-enter the startup PIN, press Enter.

If you do not have the correct startup PIN, press Escape.

Pressing ESC opens a screen that is determined by the recovery mechanism that the user set up. If the user did not set up an external media recovery key, the password-based recovery screen appears. If the user did set up a recovery key, the external media-based recovery-key screen appears.

At boot time, if the USB storage device that contains the recovery key has not been inserted, the key has not been found, or the key is incorrect, the following message appears (screen 1 in Figure 20):

The key required to unlock this volume was not found.

Please insert removable storage media containing the Startup Key or the Recovery Key.Then press ENTER to reboot.

The same message appears if the recovery key is not found on the inserted USB storage device, is found but is invalid, and so on.

Pressing ESC opens the password-based recovery screen, if a recovery password was set. The recovery screen now appears (screen 5 in Figure 20):

To start this computer, type its 48-digit BitLocker Drive Encryption recovery password and then press Enter.

__ ______ ______ ______ ______ ______ ______ ______



Use function keys F1 through F9 for 1 through 9, and F10 for 0. Use the Tab, Home, End, and Arrow keys to move the cursor.

If you do not have the correct recovery password, press Escape.

If an incorrect password was entered, the error text that is associated with this screen appears (screen 6 in Figure 20):

The recovery password you entered is not correct for this disk volume.

To re-enter the recovery password, press Enter.

If you do not have the correct recovery password, press Escape.

Pressing ESC opens the last screen (screen 7 in Figure 20):This computer’s system disk volume has been locked by BitLocker Drive Encryption. The files in this volume are encrypted and cannot be recovered without the BitLocker Drive Encryption recovery key or recovery password.

If you have the correct BitLocker Drive Encryption recovery key or recovery password, click Escape to reboot.

To permanently erase the unrecoverable files and reinstall Windows: insert your Windows product CD and then restart the computer.

The same screen appears if no recovery mechanisms have been set.

Key Management User ExperienceWhen the volume has been encrypted and protected with BitLocker, the Manage Keys feature allows local and domain administrators to duplicate keys and reset the PIN. Links in the console appear only for the keys that have been created at BitLocker setup time.



The flow for managing keys is shown in Figure 21. Each screenshot is subsequently available at a larger scale later in this section.

Figure 21. Managing keys UI flow

Manage Keys Options

Figure 22. Manage keys (screen m1 in Figure 21)

This screen shows the user all the key management options that this feature offers:

Duplicate the recovery password

Duplicate the recovery key

Reset PIN

Each of these keys and authentication values is defined in earlier sections of this document, along with use scenarios for each.



Duplicating the Recovery PasswordScreen 4 (in Figure 21) enables the user to print out the optional 48-digit recovery password or to save it on another computer.

Duplicating the Startup KeyScreen 2b (in Figure 21) enables the user to save the startup key to a USB flash drive.

Resetting the PINScreen 2a (in Figure 21) enables the user to reset the PIN. This screen is similar to screen 2a in the BitLocker Setup Wizard.

DefinitionsBLOB

binary large object; any cryptographically-protected piece of data. For example, the VMK is sealed to the TPM but the resulting BLOB returned by the TPM_Seal operation is actually stored on disk. Similarly, the VMK can be encrypted by a clear key, external key, or recovery password and stored on disk as a BLOB.

BDEBitLocker Drive Encryption; the Windows Vista feature that enables disk volumes to be encrypted and protected with a TPM.

BitLocker disabledA condition in which the disk volume is encrypted, but the FVEK that is used to encrypt the operating system volume is freely available via a clear key. Although the volume is encrypted, security is effectively disabled.

BitLocker enabled A condition in which data on the volume is encrypted as it is written and decrypted as it is read. When the computer starts, successful validation of critical early boot components by the TPM (in conjunction with a startup key or PIN, if configured), input of a recovery password, or a insertion of USB flash drive that contains a recovery key is required to decrypt the VMK and access the volume.

BitLocker offWhen BitLocker protection is off on a disk volume, a condition in which the disk volume is not encrypted and BitLocker protection is not in effect. This is a disk volume with a standard clear text file format.

BitLocker onSame as BitLocker enabled.

clear keyA key that is stored in the clear on the disk volume. This key is used to freely access the VMK and, in turn, the FVEK when BitLocker protection is disabled but the disk volume remains encrypted. See BitLocker disabled.

external keyA key that is stored external to the system (for example, USB flash drive). This key can be used as a startup key or a recovery key. A copy of the external key is stored encrypted on disk by the VMK and can be retrieved by an administrator after Windows has loaded.

external key fileA file that contains the external key in plaintext. The name and contents of the file are internal to Microsoft and may change from version to version.



FVEKfull-volume encryption key; the algorithm-specific key that is used to encrypt (and optionally, diffuse) data on disk sectors. Currently this key can vary from 128 bits through 512 bits. The default encryption algorithm that is used on disk volumes is AES 128 bit with diffuser.

operating system volumeA volume that contains an operating system (such as Windows Vista) that can be loaded by the computer’s boot manager.

PINpersonal identification number; an administrator-specified secret value that must be entered each time the computer starts (or resumes from hibernation). The PIN can have 4 to 20 digits, is limited to function-key input, and is stored internally as a 256-bit hash of the entered Unicode characters. This value is never appears to the user in any form or for any reason. The PIN is used to provide another factor of protection in conjunction with TPM authentication.

recovery keyA key that is used for recovering data that is encrypted on a BitLocker volume. This key is cryptographically equivalent to a startup key. If available, the recovery key decrypts the VMK, which in turn decrypts the FVEK. (Note that this is not the same as the recovery password.)

recovery passwordA numerical password that is specified by the administrator for recovery. It consists of 48 digits that are divided into 8 groups. Each group of 6 digits is checked by mod-11 before being compressed into corresponding 16 bits of passphrase data. A copy of the passphrase data is stored on disk that are encrypted by the VMK, and thus the recovery password can be retrieved by an administrator after Windows has loaded. (Note that this is not the same as the recovery key.)

startup keyA key that is stored on a USB flash drive that must be inserted each time the computer starts. The startup key is used to provide another factor of protection in conjunction with TPM authentication.

system (active) volumeThe first volume that the computer accesses when it starts up. This volume contains the hardware-specific files that are required to load Windows and includes the computer’s boot manager (for loading multiple operating systems). In general, the system volume can be, but does not have to be, the same volume as the operating system (boot) volume. However, for BitLocker to function, the system volume must differ from the operating system volume and, also, must not be encrypted.

TPMTrusted Platform Module; security hardware that provides a hardware-based root of trust and can be leveraged to provide a variety of cryptographic services. TPM v1.2 with compatible BIOS upgrades provides BitLocker with the secure startup capabilities to validate the integrity of critical early boot components and a transparent startup experience.

VMKVMK; the key that is used to encrypt the FVEK.



Appendix

Key Architecture and DesignTo achieve a higher level of security without greatly affecting usability, BitLocker supports different types of cryptographic algorithms and encryption layers, including multifactor authentication. In general, to add additional layers of security when protecting data, multifactor security uses:

What you have (for example, the TPM or a USB flash drive with a startup key)

What you know (for example, a PIN)

What you are

The main goal of BitLocker is to protect user data on the operating system volume. To achieve this, disk sectors are encrypted with a full-volume encryption key (FVEK), which is always encrypted with the volume master key (VMK), which, in turn, is bound to the TPM (in TPM scenarios).

The VMK directly protects the FVEK and therefore, protecting the VNK becomes critical. This strategy of protecting the VMK indirectly protects the encrypted volume and has the advantages that:

The system can regenerate keys upstream in the chain if one or more of these keys are lost or compromised.

The recovery process can be done without decrypting and reencrypting the entire volume, which is expensive in terms of the user’s time.



Figure A1 shows the BitLocker key architecture:

Recovery Password

This key is only present temporarily when the Administrator has disabled the feature. When Cornerstone is enabled it is deleted.

Clear Salt128 Bit

Temp Key256 Bit

Clear Key

TPM

TPM plus PIN

PCRConfiguration

PCRConfiguration

+

TPM plus Startup Key

Temp Key256 Bit

PCRConfiguration

Auth Data

SRK RSA2048 Bit

SRK RSA2048 Bit

SRK RSA2048 Bit

KeySequence

KeySequence

External Key256 Bit

Derived Key256 BitRSA

AES256 + Diffuser Encrypted

AESAES

Full Volume Encryption Key

512 Bit

AES128 + Diffuser Encrypted

AESAES


512 Bit

AES128Encrypted

AESAES


128 Bit

AES256Encrypted

AESAES


256 Bit

To validate:WinLoad.exeHibrsm32.exeHibrsm64.exe

AESValidation

Info

Default

SHA256

Encode

KeyStretch

Derived Key128 Bit

Clear Key256 Bit

Volume Master Key

256 Bit

RSA

AES

AES

RSA

AES

Only one option exists per volume

Data, unprotected on the Volume

Data, RSA sealed by the TPM on the Volume

Data, AES encrypted on the Volume

Temporary generated key, not stored

Protected data “What you know”

Protected data “What you have”

TPM Protected data

Symbol Legend

SHA256

External Key256 Bit

AES

Recovery Key

Figure A1. Key architecture and design



As Figure A1 shows, there are several different ways to encrypt the VMK.

Protecting the Volume Master Key (VMK)Authentication scenario

VMK BLOB Algorithm to encrypt VMK

Default: TPM only SRK(VMK) RSA

TPM plus PIN (SRK+SHA256(PIN))(VMK) RSA

TPM plus startup key SHA256(SRK(DerivedKey), StartupKey)(VMK) AES

Recovery key RecoveryKey(VMK) AES

Recovery password (Chained-hashing(Password),Salt)(VMK) AES

Clear key ClearKey(VMK) AES

Keys are generated at BitLocker setup time and related BLOBs are stored on the protected disk volume.

The SRK is the storage root key that the TPM holds. It is a 2,048-bit RSA key pair that is generated when ownership of the TPM is taken. The SRK referred to here as an RSA key is actually the public key; the private key member of the pair is never shown. The SRK is stored within the nonvolatile protected memory of the TPM and cannot be removed. This helps ensure that the private key material cannot be leaked and prevents keys from being used on any platform other than the one on which they were created. However, mechanisms are available to migrate keys from one TPM to another, for backup and disaster recovery purposes.

All TPM key operations are based off the SRK. When ownership of the TPM is taken, the new owner must specify two pieces of authorization information: the ownership authorization and the SRK usage authorization. This SRK usage authorization is required for each TPM operation. Because this is undesirable from a usability point of view and secure startup requires that this information be known very early in the boot process, the TPM administrative tools sets this usage authorization to a known value of all zeroes (20 bytes of 0). The SRK is rekeyed each time the owner changes.

Derived keys are generated from other data (for example, numeric password) and become part of the basis for another key. In the preceding table, DerivedKey is a 256-bit intermediate symmetric key, randomly generated and stored on disk that is encrypted with the SRK.

The design to store the BLOBs with their corresponding disk volume implies that if a volume is moved to another machine and then back onto a machine with the original TPM, all existing protection BLOBs remain in effect and recovery is not triggered.

The only way to change the VMK and FVEK for an encrypted volume is to decrypt and reencrypt the volume. After BitLocker protection is on, the key management UI allows administrators to reset the PIN and copy the startup key, recovery key, and recovery password. Scripting allows administrators to add, remove, copy, and change PIN, startup key, recovery key, and recovery password.

When the two-factor (or two-layer) authentication is enabled (for example, through creating a PIN or startup key), the VMK BLOB that was encrypted with only the TPM is removed. This causes the system, at next boot, to require the two-layer authentication, instead of working with only a TPM. Script writers must remove any TPM-only BLOBs from the disk volume if the intention is to apply the TPM-plus-PIN or TPM-plus-startup-key authentication instead of the TPM-only authentication.



AdministrationThe administrator controls all aspects that are related to BitLocker Drive Encryption. By using Group Policy (GP), the administrator can enable, disable, or make optional authentication scenarios and recovery mechanisms.

By using BitLocker Group Policy, the administrator can:

Set Group Policy to enable backup of BitLocker and TPM recovery information to Active Directory.

Set up UI policies to:

Establish which security scenarios are enabled, disabled, or optional.

Establish which recovery mechanisms are enabled, disabled, or optional.

Modify as required default settings, which are everything optional, except for the recovery password, which is mandatory. Note that there is no scripting support for the UI setup GP configuration.

Set up encryption and validation policies (for example, the disk volume’s encryption method).


Documents

BitLocker Flow