deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 13:23:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into v-benzyd-5358673

Browse Source
This commit is contained in:
Benzy Dharmanayagam
2021-09-01 11:41:16 +05:30
committed by GitHub
parent 93f73639d4 3dc06dfbc0
commit c1a25e1c73
571 changed files with 6183 additions and 5427 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
View File

@ -92,7 +92,7 @@ On computers with a compatible TPM, operating system drives that are BitLocker-p
In the following Group Policy example, TPM + PIN is required to unlock an operating system drive:
![Pre-boot authentication setting in Group Policy](images/pre-boot-authentication-group-policy.png)
![Pre-boot authentication setting in Group Policy.](images/pre-boot-authentication-group-policy.png)
Pre-boot authentication with a PIN can mitigate an attack vector for devices that use a bootable eDrive because an exposed eDrive bus can allow an attacker to capture the BitLocker encryption key during startup.
Pre-boot authentication with a PIN can also mitigate DMA port attacks during the window of time between when BitLocker unlocks the drive and Windows boots to the point that Windows can set any port-related policies that have been configured.
@ -113,7 +113,7 @@ This Kernel DMA Protection is available only for new systems beginning with Wind
You can use the System Information desktop app (MSINFO32) to check if a device has kernel DMA protection enabled:
![Kernel DMA protection](images/kernel-dma-protection.png)
![Kernel DMA protection.](images/kernel-dma-protection.png)
If kernel DMA protection *not* enabled, follow these steps to protect Thunderbolt™ 3 enabled ports: