<HTML><HEAD></HEAD> <BODY dir=ltr> <DIV dir=ltr> <DIV style="FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000"> <BLOCKQUOTE style="MARGIN-RIGHT: 0px" dir=ltr> <DIV>"Juozas K." wrote in message news:plloe0$b4d$1@trimpas.omnitel.net... </DIV> <DIV> </DIV> <DIV> </DIV> <DIV>"kef" <k@k.lt> wrote in message news:plllit$8ll$1@trimpas.omnitel.net...</DIV> <DIV> </DIV> <DIV>greiciausiai kazko nezinai. ir greiciausiai ne bitlockeris, bet "device </DIV> <DIV>encryption". as pamenu kazkur skaiciau, kad tai reiskia, jog kryptinimas is </DIV> <DIV> </DIV></BLOCKQUOTE> <DIV dir=ltr>Bitlokeris. Ir toolsu diskas ir Macrium reflect rodo kad ijungta, manage-bde taip pat. </DIV> <DIV dir=ltr>Diskas beje nepalaiko HW encryptinimo.</DIV> <BLOCKQUOTE style="MARGIN-RIGHT: 0px" dir=ltr> <DIV> </DIV> <DIV> </DIV> <DIV>apskritai su tuo bitlockeriu niuansu pilna, siuo atveju net neaisku ar </DIV> <DIV>naudojamas hardwarinis SSD kodavimas (ale OPAL ir panasiai), ar kiti </DIV> <DIV>metodai. siaip ten tikrai yra kur gilintis (bent jau man paciam), kad </DIV> <DIV>suprasti kaip teisingai visa tai sukonfiguruoti (ir patikrinti kuriuo rezimu </DIV> <DIV>tai veikia, jei veikia), tada ir visokiu klaidingu isankstiniu ispudziu </DIV> <DIV>turetu maziau kilti, ir butu isvengiama neteisingu palyginimu.</DIV> <DIV> </DIV> <DIV> </DIV></BLOCKQUOTE> <DIV dir=ltr>Ar HW issiaiskinama su manage-bde. Tai va ir aiskunausi tuo paciu ar verta turima kompa su HW encr. palaikanciu EVO ir TPM enryptinti ar ne. Daug prasmes neizvelgiu turint omeny kad reikia bios admin pass ir drausti win install disko krovima, kitaip gudrus win instalas atrakina kaip nieku nieko. Zymiai patogiau EFS encryptinimas tik tu folderiu ir failu kuriu reikia, jei ka user pass resetinimas nepades, win instalas automatiskai neatrakins. Kur geras bitlokeris tai flashkese, nebaisu kad pamesi ar pavogs.</DIV> <DIV dir=ltr> </DIV> <BLOCKQUOTE style="MARGIN-RIGHT: 0px" dir=ltr> <DIV> </DIV> <DIV>Device Encryption is a new consumer-oriented security feature of Windows 8.1 </DIV> <DIV>that automatically encrypts the Operating System (OS) drive and all fixed </DIV> <DIV>data drives. Rather than requiring the user or administrator to enable and </DIV> <DIV>configure the encryption, the platform's drives are encrypted </DIV> <DIV>out-of-the-box. The encryption is invisible during normal use: users can log </DIV> <DIV>in and use the system just as they would use an unencrypted system. If </DIV> <DIV>someone stole the system however he wouldn't be able to get at any of the </DIV> <DIV>data without knowing the user account's password. This is because the device </DIV> <DIV>encryption key is protected by a secret derived from the user account's </DIV> <DIV>password. You can check the Device Encryption status of your Windows 8.1 </DIV> <DIV>system at the bottom of the "PC Info" section in the device settings.</DIV> <DIV> </DIV></BLOCKQUOTE> <DIV dir=ltr>Kazkokia nesamone, cia kaip suprast, jei biose admin pass uzdetas ir uzdrausta bootint is win installo?</DIV> <BLOCKQUOTE style="MARGIN-RIGHT: 0px" dir=ltr> <DIV> </DIV> <DIV> </DIV> <DIV>> 3. Kita instaliacija, vietoj TPM bitlocker pass. Bootini is to pacio win </DIV> <DIV>> install disko, next, recovery - command prompt. "Ka tu man bitlocker pass </DIV> <DIV>> kisi???, vesk N zenkli bitlocker recovery key..., jei turi "</DIV> <DIV> </DIV> <DIV>nepakomentuosiu, reikia daugiau zinoti :) bet zinau, kad ir secure boot su </DIV> <DIV>visu tuo bitlockeriu siejasi. ijungus/isjungus galima pamatyti visai </DIV> <DIV>kitokius rezultatus.</DIV> <DIV> </DIV></BLOCKQUOTE> <DIV dir=ltr>O, aciu, gali buti, reikes pasidomet kaip ten reikalai del secure boot, gal prasytu pass o ne recovery.</DIV> <BLOCKQUOTE style="MARGIN-RIGHT: 0px" dir=ltr> <DIV> </DIV> <DIV> </DIV> <DIV>If you change the secure boot setting (on to off or vv) though by fiddling </DIV> <DIV>with the BIOS settings it will trigger a change that requires your whole 48 </DIV> <DIV>digit bitlocker key to be entered so if you want to change it suspend </DIV> <DIV>bitlocker and then restart (so you can make your BIOS change).</DIV> <DIV> </DIV> <DIV>You need to do the same "suspend bitlocker/reboot" cycle for any other BIOS </DIV> <DIV>change that impacts on boot.</DIV> <DIV> </DIV></BLOCKQUOTE> <DIV dir=ltr>Tai juo labiau hemoras kai tenka krautis ka nors kito.</DIV> <BLOCKQUOTE style="MARGIN-RIGHT: 0px" dir=ltr> <DIV> </DIV> <DIV> </DIV> <DIV><A href="https://www.tenforums.com/antivirus-firewalls-system-security/90970-secure-boot-bitlocker.html">https://www.tenforums.com/antivirus-firewalls-system-security/90970-secure-boot-bitlocker.html</A></DIV> <DIV> </DIV></BLOCKQUOTE> <DIV dir=ltr>Aciu. Yra idomaus.</DIV> <BLOCKQUOTE style="MARGIN-RIGHT: 0px" dir=ltr> <DIV> </DIV> <DIV> </DIV> <DIV>sakau, bent jau as kai pasigilinau tai issiziojau, kiek visokiu povandeniniu </DIV> <DIV>akmenu sitame reikale uzslepta :) uz "bitlocker" slepiasi daug dalyku, net </DIV> <DIV>gi priklauso nuo to, koks stovi SSD. kai nesigilini tai atrodo paprasta. bet </DIV> <DIV>kai paskaitinejau, tai pradejau abejoti kaip teisingai ijungti ta suknista </DIV> <DIV>encryptiona skirtingais atvejais (OPAL, etc) apskritai :D</DIV> <DIV> </DIV> <DIV>pvz:</DIV> <DIV> </DIV> <DIV>Requirements</DIV> <DIV>These are the system requirements according to TechNet:</DIV> <DIV> </DIV> <DIV>For data drives:</DIV> <DIV> </DIV> <DIV> a.. The drive must be in an uninitialized state.</DIV> <DIV> b.. The drive must be in a security inactive state.</DIV> <DIV>If the drive is used as a startup drive the following apply additionally:</DIV> <DIV> </DIV> <DIV> a.. The computer must always boot natively from UEFI.</DIV> <DIV> b.. The computer must have the Compatibility Support Module (CSM) disabled </DIV> <DIV>in UEFI.</DIV> <DIV> c.. The computer must be UEFI 2.3.1 based and have the </DIV> <DIV>EFI_STORAGE_SECURITY_COMMAND_PROTOCOL defined.</DIV> <DIV> </DIV> <DIV>https://helgeklein.com/blog/2015/01/how-to-enable-bitlocker-hardware-encryption-with-ssd/ </DIV> <DIV> </DIV></BLOCKQUOTE> <DIV>Sita maciau, kas dar karta daro idomu, verta $^%^&tis ar ne. Dar ir turint omeny kad imidzo atstatymui is backupo kad nedingtu tas HW encryptinimas irgi biski reikia pabut shamanu:</DIV> <DIV><A title=https://answers.microsoft.com/en-us/windows/forum/windows_10-update-winpc/how-to-restore-a-system-image-backup-to-a-hardware/c4140eed-0323-4134-befb-c10335790b64 href="https://answers.microsoft.com/en-us/windows/forum/windows_10-update-winpc/how-to-restore-a-system-image-backup-to-a-hardware/c4140eed-0323-4134-befb-c10335790b64">https://answers.microsoft.com/en-us/windows/forum/windows_10-update-winpc/how-to-restore-a-system-image-backup-to-a-hardware/c4140eed-0323-4134-befb-c10335790b64</A></DIV> <DIV> </DIV> <DIV>Gal galetu kas patikrinti ar atrakina win install->next->recovery->command prompt HW encryptinta diska su TPM ar ne? </DIV> <DIV> </DIV> <DIV> </DIV></DIV></DIV></BODY></HTML>