![]() ![]() Prior to transitioning to the operating system, the OS Loader ensures that it will hand off at most one key (VMK) to the operating system. With access to the unencrypted data on the volume, Windows loads normally. The BCD MAC is generated using the VMK, ensuring that it cannot be easily rewritten.After the operating system loader is started, Windows can use the VMK to decrypt the FVEK and then use the FVEK to decrypt the BitLocker-encrypted volume. It does so by comparing them to a previously generated digital signature known as a message authenticity check (MAC). The Windows Boot Manager also verifies that the boot configuration data (BCD) settings have not been modified. ![]() To ensure that the operating system loader is valid, the Windows Boot Manager verifies that operating system loader executables match a set of requirements. The VMK must be passed to the operating system loader however, the Windows Boot Manager must avoid passing it to a potentially malicious operating system loader and thus compromising the security of the VMK. Operating system startup At this point, the Windows Boot Manager has validated the system integrity and now has access to the VMK.If any measurement does not match the recorded value, the TPM does not supply the decryption key, and BitLocker gives the user the option to enter the recovery key. If the hashes of the measurements written to the PCR match those taken when BitLocker was set up, the TPM will supply the VMK. VMK retrieval The Windows Boot Manager requests that the TPM decrypt the VMK.User authentication (optional) If user authentication is configured, the Windows Boot Manager collects a key from USB storage or a PIN from the user.System integrity verification (if a TPM is present) Features of the computer and the Windows Boot Manager write values to the PCRs of the TPM as the boot process proceeds, including a measurement of the MBR executable code. ![]() The stages of BitLocker startup are as follows: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |