Bitlocker question

[Cameo]

I am ready to upgrade my 64-bit Home Premium installation to Pro and
wondering if it's worth to spend the extra bucs to upgrade to Ultimate
instead, just so I also get the Bitlocker encryption. Or ... I could
spend the extra bucs later for a 3rd party encryption software that also
integrates transparently with Win7. When I worked at my previous
employer, we used to have such a 3rd party encryption software on our
company laptops that once installed, were virtually transparent to use;
once you logged into your Windows account, that username & password was
automatically used by the encryption software as well. You could
designate individual folders for encryption (such as "MyDocuments",) not
just the entire HD. I wish I remembered what the software's name was,
though it may not have been available for retail customers.

I wonder if Bitlocker is also as easy to use and if it has a folder-only
encryption option. I tried TrueCrypt ones, but I did find it very
convenient to use and I could not figure out how to encrypt existing
folders with it.

 

[Seth]

I am ready to upgrade my 64-bit Home Premium installation to Pro and
wondering if it's worth to spend the extra bucs to upgrade to Ultimate
instead, just so I also get the Bitlocker encryption. Or ... I could spend
the extra bucs later for a 3rd party encryption software that also
integrates transparently with Win7. When I worked at my previous employer,
we used to have such a 3rd party encryption software on our company
laptops that once installed, were virtually transparent to use; once you
logged into your Windows account, that username & password was
automatically used by the encryption software as well. You could designate
individual folders for encryption (such as "MyDocuments",) not just the
entire HD. I wish I remembered what the software's name was, though it may
not have been available for retail customers.

I wonder if Bitlocker is also as easy to use and if it has a folder-only
encryption option. I tried TrueCrypt ones, but I did find it very
convenient to use and I could not figure out how to encrypt existing
folders with it.

BitLocker is whole disk. On a modern machine with a TPM chip, it integrates
completely into Windows and ties the hard drive to the machine it is in. A
person couldn't just simply take your drive, pop it into a USB adapter and
read the files, any files.

On machines without TPM, it's implementation is slightly different and will
differ by choices made at installation time, but still remains "whole disk".

 

[Cameo]

BitLocker is whole disk. On a modern machine with a TPM chip, it
integrates completely into Windows and ties the hard drive to the
machine it is in. A person couldn't just simply take your drive, pop
it into a USB adapter and read the files, any files.

On machines without TPM, it's implementation is slightly different and
will differ by choices made at installation time, but still remains
"whole disk".

How do I know if my laptop has that chip?

 

[Cameo]

BitLocker is whole disk. On a modern machine with a TPM chip, it
integrates completely into Windows and ties the hard drive to the
machine it is in. A person couldn't just simply take your drive, pop
it into a USB adapter and read the files, any files.

One more thing ... What about image backups one makes -- say with
Acronis -- and would want to restore such a backup to a new HD in case
the old gets damaged? Would it be possible with BitLocker installed?
Also, besides the Win7 partition I still keep the original Vista on a
separate, smaller partition (Dual Boot) on the same HD. If Bitlocker
encodes that partition, too, I could no longer boot up into Vista, would
I?

 

[Seth]

How do I know if my laptop has that chip?

Check in your BIOS or at the laptop makers website. it would be listed in
the specs.

 

[Seth]

One more thing ... What about image backups one makes -- say with
Acronis -- and would want to restore such a backup to a new HD in case the
old gets damaged? Would it be possible with BitLocker installed?
Also, besides the Win7 partition I still keep the original Vista on a
separate, smaller partition (Dual Boot) on the same HD. If Bitlocker
encodes that partition, too, I could no longer boot up into Vista, would
I?

Should work with Vista, but I never tried it in a dual boot scenario. Would
work with Acronis if imaged while in Windows as the data is decrypted as it
is read. Don't think it would work form an Acronis boot disk though.

 

[Cameo]

Check in your BIOS or at the laptop makers website. it would be listed
in the specs.

Well, I checked both the BIOS and the specs of this HP tx1410us notebook
and could not find any reference to TPM in it even though I bought it
new in Feb. 2008. So, I guess Bitlocker would not work for me then,
right?

 

[Gene E. Bloch]

Well, I checked both the BIOS and the specs of this HP tx1410us notebook
and could not find any reference to TPM in it even though I bought it
new in Feb. 2008. So, I guess Bitlocker would not work for me then,
right?

I have no personal idea (TrueCrypt satisfies my limited needs), but this is
found in the quotes in the thread you're replying to:

"On machines without TPM, it's implementation is slightly different and
will differ by choices made at installation time, but still remains 'whole
disk'."

It's the first text in the quoted part or your reply; it seems to say that
it doesn't need TPM to work.

 

[Cameo]

I have no personal idea (TrueCrypt satisfies my limited needs), but
this is
found in the quotes in the thread you're replying to:

"On machines without TPM, it's implementation is slightly different
and
will differ by choices made at installation time, but still remains
'whole
disk'."

It's the first text in the quoted part or your reply; it seems to say
that
it doesn't need TPM to work.

Oops, that's embarrassing! It slipped my mind.

 

[Gene E. Bloch]

Oops, that's embarrassing! It slipped my mind.

Well, then, do I get points for tripping you up?

Probably I should instead just get demerits for being a nag...

 

[Seth]

Well, I checked both the BIOS and the specs of this HP tx1410us notebook
and could not find any reference to TPM in it even though I bought it new
in Feb. 2008. So, I guess Bitlocker would not work for me then, right?

It can still be used, it just won't be as transparent.

 

[Cameo]

It can still be used, it just won't be as transparent.

OK, so does that mean that the encryption without hardware TPM will
mean a big performance hit on the CPU? I also wonder how I could still
boot into my Vista partition on the same HD even though I implement the
TPM in the Win7 partition. In my mind Vista would not "know" about the
TPM and thus could not be able to decrypt the HD to use it or even boot
up. What is it I am missing here?

 

[Seth]

OK, so does that mean that the encryption without hardware TPM will
mean a big performance hit on the CPU? I also wonder how I could still
boot into my Vista partition on the same HD even though I implement the
TPM in the Win7 partition. In my mind Vista would not "know" about the TPM
and thus could not be able to decrypt the HD to use it or even boot up.
What is it I am missing here?

No performance difference as the TPM isn't an encryption accelerator (at
least no performance hit vs. a TPM equipped machine, any encryption will hit
performance vs. non-encrypted).

Can't answer the question regarding dual-boot as non of my machines use dual
boot nor do I support it in my environment.

I do have to question what is the point in dual-booting with Vista and
Windows 7 though. What does one need with Vista when you have Windows 7? Is
there something you have that won't work in Windows 7 that does work in
Vista?