From 122646d0f80b154c4cbf189ad1f092a9aa7f40d2 Mon Sep 17 00:00:00 2001 From: Jonah Aragon Date: Wed, 11 Oct 2023 10:33:19 +0000 Subject: [PATCH] Add more information about Bitlocker (#2302) Signed-off-by: Daniel Gray Signed-off-by: Freddy --- docs/encryption.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/encryption.md b/docs/encryption.md index c6047922df..9de95cd19c 100644 --- a/docs/encryption.md +++ b/docs/encryption.md @@ -87,7 +87,7 @@ Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/Tru ## OS Full Disk Encryption -Modern operating systems include [FDE](https://en.wikipedia.org/wiki/Disk_encryption) and will have a [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor). +For encrypting the drive your operating system boots from, we generally recommend enabling the encryption software that comes with your operating system rather than using a third-party tool. This is because your operating system's native encryption tools often make use of OS and hardware-specific features like the [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor) in your device to protect your computer against more advanced physical attacks. For secondary drives and external drives which you *don't* boot from, we still recommend using open-source tools like [VeraCrypt](#veracrypt-disk) over the tools below, because they offer additional flexibility and let you avoid vendor lock-in. ### BitLocker @@ -95,7 +95,7 @@ Modern operating systems include [FDE](https://en.wikipedia.org/wiki/Disk_encryp ![BitLocker logo](assets/img/encryption-software/bitlocker.png){ align=right } - **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). [ElcomSoft](https://en.wikipedia.org/wiki/ElcomSoft), a forensics company, has written about it in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/). + **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/). [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation} @@ -103,7 +103,7 @@ BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-o ??? example "Enabling BitLocker on Windows Home" - To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. + To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide. 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":