none
Encrypting Windows 7 partition in MacBook Pro using BitLocker; a 'different' approach!

    Question

  • Hello,

    I'm using Windows 7 Ultimate and I want to encrypt my windows partition using bitlocker in my MBP which doesn't have a TPM.

    I have read about encrypting windows using BitLocker in those computers which doesnt have a TPM, whose key is saved in a USB Flash Drive but I'm not quite sure whether MacBook will recognize USB during Pre-Boot Authentication.

    Now while installing windows 7, a 128MB partition(unused & doesn't show up in Disk Manager) was allocated automatically, other than the 100GB windows partition which I allocated. The question is, can I save the recovery key in that unused partition instead of saving it in a USB Flash Drive?

    So if this method works, it should make things more easy. The KEY will be saved in the unused partition and I can save a Flash drive! :) Has anyone tried this? If yes, how can I do it? Please help me.....

    (PS: I have Mac OS X Snow Leopard 10.6.6 installed as primary partition)

    Thank you!


    ---ABRAHAM---
    Monday, February 28, 2011 4:35 AM

Answers

  • Hi,

    I would like to share the following with you first.

    To help determine whether a computer can read from a USB device during the boot process, use the BitLocker system check as part of the BitLocker setup process. This system check performs tests to confirm that the computer can properly read from the USB devices at the appropriate time and that the computer meets other BitLocker requirements.

    So the BitLocker system will check whether your computer can read from a USB device and based on my understanding, you can not save the key to the internal disk drive.

    For detail information, please refer to the following link.

    http://technet.microsoft.com/en-us/library/ee449438(WS.10).aspx#BKMK_NoTPM

    Thanks.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Wednesday, March 02, 2011 9:10 AM

All replies

  • Hi,

    I would like to share the following with you first.

    To help determine whether a computer can read from a USB device during the boot process, use the BitLocker system check as part of the BitLocker setup process. This system check performs tests to confirm that the computer can properly read from the USB devices at the appropriate time and that the computer meets other BitLocker requirements.

    So the BitLocker system will check whether your computer can read from a USB device and based on my understanding, you can not save the key to the internal disk drive.

    For detail information, please refer to the following link.

    http://technet.microsoft.com/en-us/library/ee449438(WS.10).aspx#BKMK_NoTPM

    Thanks.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Wednesday, March 02, 2011 9:10 AM
  • Yes, MacBook Pro can read USB during boot process and it's working perfectly. The only problem is that i have to plug in my USB every time during booting. I wish there was some alternative to this.

    And one more question, can is store data in the USB in which the BitLocker Startup/Recovery Key is stored?

     

    Thanks

     


    ---ABRAHAM---
    Tuesday, March 08, 2011 4:37 AM
  • First of all two things to note:

    1. Storing startup key inside your second partition is the same as sticking your safe door's key next to it on the wall. That's why you need to have a TPM (which is preventing unauthorized access on that key) or a separatable USB storage device that shouldn't be left inserted in your computer.
    1. I tried activating BitLocker here on my early-2011 MBP and succeeded to prepare internal harddrives but failed to pass test on whether USB drives are accessible while booting or not. Nevertheless, Bitlocker setup generated startup key and stored it on USB drive right before providing restore key. Checking content of USB drive with explorer fails due to startup key files being stored as system files that are hidden by default.
      Here comes the point: regarding your question on whether you can put data on that drive there is no technical impediment as long as there is enough space to store your data. You shouldn't replace the existing (but usually hidden) startup key file.

    That's it for the notes ... here comes a question: How did you pass Bitlocker check for USB being available at startup? Obviously my MBP isn't capable of providing access on inserted USB then or testing this feature doesn't properly work.

    Thursday, March 01, 2012 4:25 PM