From 5a4846e4a27c13678d06052d1724bd78e1a74866 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 31 Aug 2020 10:42:31 +0530 Subject: [PATCH 1/6] updated three changes --- .../bitlocker/bcd-settings-and-bitlocker.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md index 7dd0eb0898..876cf87f79 100644 --- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md @@ -18,14 +18,14 @@ ms.date: 02/28/2019 ms.custom: bitlocker --- -# BCD settings and BitLocker +# Boot Configuration Data settings and BitLocker **Applies to** - Windows 10 -This topic for IT professionals describes the BCD settings that are used by BitLocker. +This topic for IT professionals describes the Boot Configuration Data (BCD) settings that are used by BitLocker. -When protecting data at rest on an operating system volume, during the boot process BitLocker verifies that the security sensitive boot configuration data (BCD) settings have not changed since BitLocker was last enabled, resumed, or recovered. +When protecting data at rest on an operating system volume, during the boot process BitLocker verifies that the security sensitive BCD settings have not changed since BitLocker was last enabled, resumed, or recovered. ## BitLocker and BCD Settings From 73105181a182d03ed2786da8e9bfa0aea77d6050 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 31 Aug 2020 13:27:03 +0530 Subject: [PATCH 2/6] Update bitlocker-basic-deployment.md Changed instances of "volumes" to "drives" and "volume" to "partition" depending on the context. --- .../bitlocker/bitlocker-basic-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 1167e9121a..2ee647806e 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -27,7 +27,7 @@ This topic for the IT professional explains how BitLocker features can be used t ## Using BitLocker to encrypt volumes -BitLocker provides full volume encryption (FVE) for operating system volumes, as well as fixed and removable data volumes. To support fully encrypted operating system volumes, BitLocker uses an unencrypted system volume for the files required to boot, decrypt, and load the operating system. This volume is automatically created during a new installation of both client and server operating systems. +BitLocker provides full volume encryption (FVE) for operating system volumes, as well as fixed and removable data drives. To support fully encrypted operating system drives, BitLocker uses an unencrypted system partition for the files required to boot, decrypt, and load the operating system. This volume is automatically created during a new installation of both client and server operating systems. In the event that the drive was prepared as a single contiguous space, BitLocker requires a new volume to hold the boot files. BdeHdCfg.exe can create these volumes. From 4c82c1ab3ed15514f17ceef3a9208662032db858 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 31 Aug 2020 15:03:33 +0530 Subject: [PATCH 3/6] Update bitlocker-countermeasures.md --- .../bitlocker/bitlocker-countermeasures.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 6de06c740a..58a32fafe6 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -43,7 +43,7 @@ Before Windows starts, you must rely on security features implemented as part of ### Trusted Platform Module -A TPM is a microchip designed to provide basic security-related functions, primarily involving encryption keys. +A trusted platform module (TPM) is a microchip designed to provide basic security-related functions, primarily involving encryption keys. On some platforms, TPM can alternatively be implemented as a part of secure firmware. BitLocker binds encryption keys with the TPM to ensure that a computer has not been tampered with while the system was offline. For more info about TPM, see [Trusted Platform Module](https://docs.microsoft.com/windows/device-security/tpm/trusted-platform-module-overview). From f8d98a189eb44481869a6567fea85b46f4a85278 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 31 Aug 2020 15:06:46 +0530 Subject: [PATCH 4/6] Update bitlocker-countermeasures.md --- .../bitlocker/bitlocker-countermeasures.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 58a32fafe6..868d7192fc 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -126,7 +126,7 @@ For SBP-2 and 1394 (a.k.a. Firewire), refer to the “SBP-2 Mitigation” sectio ## Attack countermeasures -This section covers countermeasures for specific types attacks. +This section covers countermeasures for specific types of attacks. ### Bootkits and rootkits @@ -172,7 +172,7 @@ Mitigation: Targeted attack with plenty of time; this attacker will open the case, will solder, and will use sophisticated hardware or software. Mitigation: -- Pre-boot authentication set to TPM with a PIN protector (with a sophisticated alphanumeric PIN to help the TPM anti-hammering mitigation). +- Pre-boot authentication set to TPM with a PIN protector (with a sophisticated alphanumeric PIN [enhanced pin] to help the TPM anti-hammering mitigation). -And- From af75f977e4678298edae82a02296678b3f8b93a5 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 31 Aug 2020 15:19:41 +0530 Subject: [PATCH 5/6] Update bitlocker-countermeasures.md --- .../bitlocker/bitlocker-countermeasures.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 868d7192fc..981252ffbf 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -162,7 +162,7 @@ The following sections cover mitigations for different types of attackers. Physical access may be limited by a form factor that does not expose buses and memory. For example, there are no external DMA-capable ports, no exposed screws to open the chassis, and memory is soldered to the mainboard. -This attacker of opportunity does not use destructive methods or sophisticated forensics hardware/software. +This attacker of opportunity does not use destructive methods or sophisticated forensics hardware/software. Mitigation: - Pre-boot authentication set to TPM only (the default) From 5965d132940474f3efe746f4a31d6551e01f96d5 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 31 Aug 2020 15:37:16 +0530 Subject: [PATCH 6/6] Update bitlocker-device-encryption-overview-windows-10.md --- .../bitlocker-device-encryption-overview-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md index 34008453ad..358ea6cfab 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -23,7 +23,7 @@ ms.custom: bitlocker - Windows 10 This topic explains how BitLocker Device Encryption can help protect data on devices running Windows 10. -For a general overview and list of topics about BitLocker, see [BitLocker](bitlocker-overview.md). +For a general overview and list of topics about BitLocker, see [BitLocker](bitlocker-overview.md). When users travel, their organization’s confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives. Windows consistently improves data protection by improving existing options and by providing new strategies.