From d2c33ae322ad32414be08568e4b36063f0d668a2 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 11 Mar 2021 11:53:36 -0800 Subject: [PATCH] Update windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../information-protection/bitlocker/bitlocker-upgrading-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md index b96edcaede..f2ec6bb94e 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md @@ -38,7 +38,7 @@ No user action is required for BitLocker in order to apply updates from Microsof Users need to suspend BitLocker for Non-Microsoft software updates, such as: - Some TPM firmware updates if these updates clear the TPM outside of the Windows API. Not every TPM firmware update will clear the TPM and this happens if a known vulnerability has been discovered in the TPM firmware. Users don’t have to suspend BitLocker if the TPM firmware update uses Windows API to clear the TPM because in this case, BitLocker will be automatically suspended. We recommend users testing their TPM firmware updates if they don’t want to suspend BitLocker protection. -- Non-Microsoft application updates that modify UEFI\BIOS configuration +- Non-Microsoft application updates that modify the UEFI\BIOS configuration. - Manual or 3rd party updates to secure boot databases (only If BitLocker uses Secure Boot for Integrity validation) - Updates to UEFI\BIOS firmware, installation of additional UEFI drivers or UEFI applications without using Windows Update mechanism (only If BitLocker does not use Secure Boot for Integrity validation and you update) - You can check if BitLocker uses Secure Boot for integrity validation with manage-bde -protectors -get C: (and see if "Uses Secure Boot for integrity validation" is reported)