Getting Started with BitLocker Drive Encryption
Updated: August 10, 2010
Applies To: Windows 7
BitLocker Drive Encryption provides enhanced protection against data theft or exposure on computers that are lost or stolen as well as providing protection for removable drives such as USB flash drives and external hard drives through BitLocker To Go™. If you want to learn more about concepts behind the BitLocker unlock and recovery methods, review the BitLocker Drive Encryption Design Guide for Windows 7 (http://go.microsoft.com/fwlink/?LinkId=167126).
System requirements for BitLocker
The system requirements for running BitLocker are slightly different, depending on whether you will be encrypting an operating system drive or a data drive.
To encrypt the drive that Windows is installed on—the operating system drive—BitLocker stores its own encryption and decryption key in a hardware device that is separate from your hard disk, so you must have one of the following:
A computer with a Trusted Platform Module (TPM). If your computer was manufactured with a TPM version 1.2 or higher, BitLocker protects keys with the TPM.
A removable USB device, such as a USB flash drive. If your computer does not have a version 1.2 or higher TPM, BitLocker will store its key on the USB device.
To turn on BitLocker Drive Encryption on the operating system drive, your computer's hard disk must meet the following requirements:
The hard disk must contain at least two partitions: the operating system partition and the active system partition. The operating system partition is where Windows is installed and will be encrypted. The active system partition must remain unencrypted so that the computer can be started, and this partition must be at least 100 MB in size. By default in Windows 7, the system partition will not be given a letter and will be hidden from the user. If your computer does not have a separate, active partition, the required partitions will be created for you during BitLocker setup. By default during Windows setup, a separate, hidden system partition is created. It is a best practice for users to run as a standard user to prevent access to the system partition.
The operating system and active system partitions must be formatted with the NTFS file system. Other partitions can be formatted with NTFS, FAT, FAT32, or exFAT.
The BIOS must be compatible with the TPM or support USB devices during computer startup. If this is not the case, you will need to update the BIOS before using BitLocker.
You can use BitLocker to encrypt fixed data drives (such as internal hard drives) and removable data drives (such as external hard drives and USB flash drives). To encrypt a data drive, it must be formatted by using the FAT, FAT16, FAT32, or NTFS file system and must be at least 64 MB in size.