tpm bitlocker
BitLocker’s full-disk encryption normally requires a computer with a Trusted Platform Module (TPM). Try to enable BitLocker on a PC without a TPM, and you’ll be told your administrator must set a system policy option.
BitLocker的全磁盘加密通常需要一台具有受信任的平台模块(TPM)的计算机。 尝试在没有TPM的PC上启用BitLocker,然后会告诉您管理员必须设置系统策略选项。
BitLocker is available only on Professional, Enterprise, and Education editions of Windows. It’s also included with Windows 7 Ultimate, but isn’t available on any Home editions of Windows.
BitLocker仅在Windows专业版,企业版和教育版上可用。 它也包含在Windows 7 Ultimate中,但在Windows的任何Home版本中均不可用。
为什么BitLocker需要TPM? (Why Does BitLocker Require a TPM?)
BitLocker normally requires a Trusted Platform Module, or TPM, on your computer’s motherboard. This chip generates and stores the actual encryption keys. It can automatically unlock your PC’s drive when it boots so you can sign in just by typing your Windows login password. It’s simple, but the TPM is doing the hard work under the hood.
BitLocker通常在计算机的主板上需要可信平台模块或TPM。 该芯片生成并存储实际的加密密钥。 它可以在启动时自动解锁PC的驱动器,因此您只需输入Windows登录密码即可登录。 这很简单,但是TPM正在后台进行艰苦的工作。
If someone tampers with the PC or removes the drive from the computer and attempts to decrypt it, it can’t be accessed without the key stored in the TPM. The TPM won’t work if it’s moved to another PC’s motherboard, either.
如果有人篡改PC或从计算机中取出驱动器并试图对其进行解密,那么没有TPM中存储的密钥就无法访问它。 如果将TPM移至另一台PC的主板上,该TPM也将无法正常工作。
You can buy and add a TPM chip to some motherboards, but if your motherboard (or laptop) doesn’t support doing so, you may want to use BitLocker without a TPM. It’s less secure, but better than nothing.
您可以购买TPM芯片并将其添加到某些主板上,但是如果您的主板(或笔记本电脑)不支持TPM芯片,则可能要使用不带TPM的BitLocker。 它不太安全,但是总比没有好。
如何在没有TPM的情况下使用BitLocker (How to Use BitLocker Without a TPM)
You can bypass this limitation through a Group Policy change. If your PC is joined to a business or school domain, you can’t change the Group Policy setting yourself. Group policy is configured centrally by your network administrator.
您可以通过更改组策略来绕过此限制。 如果您的PC已加入企业或学校域 ,则您无法自行更改组策略设置。 组策略由您的网络管理员集中配置。
If you’re just doing this on your own PC and it isn’t joined to a domain, you can use the Local Group Policy Editor to change the setting for your own PC.
如果您只是在自己的PC上执行此操作,并且未加入域,则可以使用“本地组策略编辑器”来更改您自己PC的设置。
To open the Local Group Policy Editor, press Windows+R on your keyboard, type “gpedit.msc” into the Run dialog box, and press Enter.
要打开本地组策略编辑器,请在键盘上按Windows + R,在“运行”对话框中键入“ gpedit.msc”,然后按Enter。
Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives in the left pane.
导航到左窗格中的本地计算机策略>计算机配置>管理模板> Windows组件> BitLocker驱动器加密>操作系统驱动器。
Double-click the “Require additional authentication at startup” option in the right pane.
双击右窗格中的“启动时需要其他身份验证”选项。
Select “Enabled” at the top of the window, and ensure the “Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)” checkbox is enabled here.
选择窗口顶部的“启用”,并确保此处启用了“允许没有兼容TPM的BitLocker(需要USB闪存驱动器上的密码或启动密钥)”复选框。
Click “OK” to save your changes. You can now close the Group Policy Editor window. Your change takes effect immediately—you don’t even need to reboot.
单击“确定”保存更改。 现在,您可以关闭“组策略编辑器”窗口。 您的更改将立即生效-您甚至无需重新启动。
如何设置BitLocker (How to Set Up BitLocker)
You can now enable, configure, and use BitLocker normally. Head to Control Panel > System and Security > BitLocker Drive Encryption and click “Turn on BitLocker” to enable it for a drive.
现在,您可以正常启用,配置和使用BitLocker。 转到控制面板>系统和安全> BitLocker驱动器加密,然后单击“打开BitLocker”以将其启用为驱动器。
You’ll first be asked how you want to unlock your drive when your PC boots up. If your PC had a TPM, you could have the computer automatically unlock the drive or use a short PIN that requires the TPM present.
首先,将询问您在PC启动时如何解锁驱动器。 如果您的PC具有TPM,则可以使计算机自动解锁驱动器或使用要求提供TPM的短PIN码。
Because you don’t have a TPM, you must choose to either enter a password each time your PC boots, or provide a USB flash drive. If you provide a USB flash drive here, you’ll need that flash drive connected to your PC each time you boot up your PC to access the files.
由于您没有TPM,因此必须选择在每次启动PC时输入密码或提供USB闪存驱动器。 如果您在此处提供USB闪存驱动器,则每次启动PC来访问文件时,都需要将该闪存驱动器连接到PC。
Continue through the BitLocker setup process to enable BitLocker drive encryption, save a recovery key, and encrypt your drive. The rest of the process is the same as the normal BitLocker setup process.
继续完成BitLocker设置过程,以启用BitLocker驱动器加密,保存恢复密钥并加密驱动器。 其余过程与常规BitLocker设置过程相同。
When your PC boots, you’ll have to either enter the password or insert the USB flash drive you provided. If you can’t provide the password or USB drive, BitLocker won’t be able to decrypt your drive and you won’t be able to boot into your Windows system and access your files.
启动PC时,您将必须输入密码或插入提供的USB闪存驱动器。 如果您不能提供密码或USB驱动器,则BitLocker将无法解密您的驱动器,并且您将无法启动Windows系统并访问文件。
翻译自: https://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/
tpm bitlocker
523
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
