Читать книгу Windows Server 2022 & Powershell All-in-One For Dummies - Sara Perrott - Страница 138

BitLocker Drive Encryption is responsible for encrypting the entire hard drive and its contents on systems where it has been enabled. On modern systems with a TPM 1.2 or later chip, BitLocker ensures that the system has not been tampered with while the system was offline. Assuming the hardware checks out okay, it will boot.

Systems with older TPM chips can still use BitLocker, but it is not as user-friendly. Older TPM chips (pre-1.2) do not check for system integrity like the newer TPM chips do either.

TPM stands for Trusted Platform Module. It’s a chip on your computer’s motherboard, and it’s what generates the keys that BitLocker uses to provide the full disk encryption. It keeps half of the key, and the other half of the key is stored on disk. This prevents a thief from stealing a BitLocker-encrypted hard drive and booting it in another system.

BitLocker can lock the startup process until the user enters a PIN. This ensures that the user is the authorized user and will prevent data loss from an unencrypted drive if the system is stolen while offline.