BitLocker Drive Encryption

Applies To: Windows Server 2008 R2

BitLocker Drive Encryption (BitLocker) is a component of Windows Vista Ultimate Edition and Windows Vista Enterprise Edition and is an optional component of Windows Server 2008 that helps to protect data by encrypting the entire volume and checking the integrity of early startup components. For more information, see "BitLocker Drive Encryption Technical Overview" in Windows Server 2008 Help and Support or on the Web at https://go.microsoft.com/fwlink/?LinkId=99542.

Managed Entities

The following is a list of the managed entities that are included in this managed entity:

Name Description

BitLocker API

An application programming interface (API) is the gateway between the application programs, including the Windows interface, and the underlying components of the operating system. The BitLocker API is implemented in the dynamic link library (DLL) named fveapi.dll. The Windows interface and the BitLocker Windows Management Instrumentation (WMI) provider use the commands in the API. These API commands control the operation of the BitLocker filter driver. The API and the filter driver together provide the functionality of BitLocker Drive Encryption.

BitLocker Filter Driver

The BitLocker filter driver is the main component that implements live encryption/decryption functionality. It converts the volume from decrypted to encrypted when BitLocker is set up.

TPM Driver

The Microsoft TPM Driver is the software component that allows the Windows operating system to communicate with the Trusted Platform Module (TPM) hardware component. It is called exclusively by the TPM Base Service (TBS).

A TPM is a hardware component of the computer that has security features to perform cryptographic operations, store cryptographic keys, generate random numbers, record measurements of platform components like the BIOS or software components, and so forth. Software applications can use TPM features to provide solutions with enhanced security.

BitLocker Drive Encryption in some configurations uses the TPM to seal a cryptographic key so that it can be accessed only if the computer is configured in the same way as when the key was sealed.

TPM WMI Provider

The Trusted Platform Module (TPM) Windows Management Instrumentation (WMI) provider is a component of Windows that allows access to management and configuration information for the TPM by means of WMI.

A TPM is a hardware component of the computer that has security features to perform cryptographic operations, store cryptographic keys, generate random numbers, record measurements of platform components like the BIOS or software components, and so forth. Software applications can use TPM features to provide solutions with enhanced security. BitLocker Drive Encryption can use the TPM to seal a cryptographic key so that it can be accessed only if platform components have the same measurement as when the key was sealed.

The TPM Management Console, BitLocker Setup Wizard, and the manage-bde.wsf command-line tool use the TPM WMI provider when configuring BitLocker. If Windows is configured by local policy or Group Policy settings to automatically back up the TPM owner password, the TPM Management Console or BitLocker Setup Wizard will use the TPM WMI provider to perform the backup.

TPM Base Services

The Trusted Platform Module (TPM) Base Services (TBS) is a software component that allows the Windows operating system and applications to use services provided by the TPM. Because multiple applications on a computer share a single TPM hardware component and TPM driver, the TBS virtualizes certain limited TPM resources. The TBS uses priorities specified by calling applications to cooperatively schedule TPM access.

A TPM is a hardware component of the computer that has security features to perform cryptographic operations, store cryptographic keys, generate random numbers, record measurements of platform components like the BIOS or software components, and so forth. Software applications can use TPM features to provide solutions with enhanced security. BitLocker Drive Encryption in some configurations uses the TPM to seal a cryptographic key so that it can be accessed only if certain platform components have the same measurement as when the key was first sealed.

The TBS is used by BitLocker, and can also be used by other applications.

Core Security