Samsung Slate 8 - Bitlocker Setup without TPM

Sunday, 22 July 2012 10:43 administrator
Print

Bitlocker Setup without TPM

To use BitLocker on a the Slate 8 without a TPM, you must change the default behavior of the BitLocker setup wizard by using Group Policy editor, or configure BitLocker by using a script. When BitLocker is used without a TPM, the required encryption keys are stored on a USB flash drive that must be presented to unlock the data stored on a volume. On computers and the models of Slate 8 without a compatible TPM chipset, BitLocker can provide encryption, but not the added security of locking keys with the TPM. In this case, the user is required to create a startup key that is stored on a USB flash drive. How does this all work on the Samsung Slate 8? Read on... 

The real key Bitlocker working on the Samsun Slate 8 is the setting in the bios. I wanted to salvage the USB port and write the key to the MicroSD card. Since you cannot boot off a MicroSD this was not an option. So I purchased one of those small USB devices with the smallest size I could find. I still could not get the Slate to recognize this device until I read another article on how to set the bios on the Slate 8 to recognize legacy USB devices. I changed the setting and boot priority and everything came together. Now the  only issue  I have will be our corporate environment. We limit the use of non-secure USB devices. Since the slate is a pilot I may have to ask security to bend the rules. Or ask my manager to purchase the upgraded Samsung that supports the security chip. 

These instuctions below are right off the MS$ site and you can find these most anywhere. In my case the most important piece of this was the bios setting. Good luck... 

To turn on BitLocker Drive Encryption on a computer without a compatible TPM

  1. Save the password on a USB drive. Saves the password to a USB flash drive. 
  2. Save the password in a folder. Saves the password to a network drive or other location. 
  3. Print the password. Prints the password. Use one or more of these options to preserve the recovery password. 

For each option, select the option and follow the wizard steps to set the location for saving or printing the recovery password. When you have finished saving the recovery password, click Next.

Important

The recovery password will be required in the event the encrypted drive must be moved to another computer, or changes are made to the system startup information. This password is so important that it is recommended that you make additional copies of the password stored in safe places to assure you access to your data. You will need your recovery password to unlock the encrypted data on the volume if BitLocker enters a locked state (see Scenario 4: Recovering Data Protected by BitLocker Drive Encryption). This recovery password is unique to this particular BitLocker encryption. You cannot use it to recover encrypted data from any other BitLocker encryption session.

 

Important

Store recovery passwords apart from the computer for maximum security.

 

  • On the Encrypt the selected disk volume page, confirm that the Run BitLocker System Check check box is selected, and then click Continue. 
  • Confirm that you want to restart the computer by clicking Restart Now
  • The computer restarts and BitLocker ensures that the computer is BitLocker-compatible and ready for encryption. If it is not, you will see an error message alerting you to the problem before encryption starts. If it is ready for encryption, the Encryption in Progress status bar is displayed. You can monitor the ongoing completion status of the disk volume encryption by dragging your mouse cursor over the BitLocker Drive Encryption icon in the tool bar at the bottom of your screen or clicking on the Encryption balloon. By completing this procedure, you have encrypted the operating system volume and created a recovery password unique to that volume. 
  • The next time you turn your computer on, the USB flash drive must be plugged into a USB port on the computer. If it is not, you will not be able to access data on your encrypted volume. Store the startup key away from the computer to increase security. If you do not have the USB flash drive containing your startup key, then to access the data, you will need to use recovery mode and supply the recovery password.
Last Updated on Sunday, 22 July 2012 17:59