BitLocker installation

Hi,
Why do we need two partitions for bitlocker a smaller partition and a
bigger partition as per the installation guideline? I see it not used in
anyway. Am I missing something?

Thanks,
Vipin

Hi Vipin,

All disk encryption products have either physically a decrypted partition,
or at least a hidden decrypted region on a disk. (In many cases, this aspect
of the architecture is 'hidden', but the requirement is always the same).

For BitLocker specifically, the following needs to happen:

1) Enough code must be loaded to show UI that is or can be localized to any
language. Microsoft considers localization an extremely important
requirement.
2) Code that can obtain a key with user interaction (to see this, try a USB
key with the key not present, or TPM+Pin, or Recovery password).
3) Code to decrypt a disk on the fly.

The code above lives in "BOOTMGR", with data files (e.g. localization fonts
and BCD settings) in the "\BOOT" directory. To store these on an encrypted
disk is a chicken & egg scenario.
-
Jamie Hunter [MS]

"Vipin" <Vipin@nospam.com> wrote in message
news:%23jHX1f2qGHA.4812@TK2MSFTNGP04.phx.gbl...
> Hi,
> Why do we need two partitions for bitlocker a smaller partition and a
> bigger partition as per the installation guideline? I see it not used in
> anyway. Am I missing something?
>
> Thanks,
> Vipin
>
>
>

Thanks for the explanation, helpful.
One question, I can not open the boot\bcd.log file. It seems to be always
locked up by a process.

Vipin

"Jamie Hunter [MS]" <jamiehun@nospam.microsoft.com> wrote in message
news:8EFF31A4-4054-4664-886F-67DEE8C6FD99@microsoft.com...
> Hi Vipin,
>
> All disk encryption products have either physically a decrypted partition,
> or at least a hidden decrypted region on a disk. (In many cases, this
> aspect of the architecture is 'hidden', but the requirement is always the
> same).
>
> For BitLocker specifically, the following needs to happen:
>
> 1) Enough code must be loaded to show UI that is or can be localized to
> any language. Microsoft considers localization an extremely important
> requirement.
> 2) Code that can obtain a key with user interaction (to see this, try a
> USB key with the key not present, or TPM+Pin, or Recovery password).
> 3) Code to decrypt a disk on the fly.
>
> The code above lives in "BOOTMGR", with data files (e.g. localization
> fonts and BCD settings) in the "\BOOT" directory. To store these on an
> encrypted disk is a chicken & egg scenario.
> -
> Jamie Hunter [MS]
>
> "Vipin" <Vipin@nospam.com> wrote in message
> news:%23jHX1f2qGHA.4812@TK2MSFTNGP04.phx.gbl...
>> Hi,
>> Why do we need two partitions for bitlocker a smaller partition and
>> a bigger partition as per the installation guideline? I see it not used
>> in anyway. Am I missing something?
>>
>> Thanks,
>> Vipin
>>
>>
>>
>

If you look under registry, you'll find the BCD exposed under
HKEY_LOCAL_MACHINE\BCDxxxxxxxx The correct way of manipulating BCD is via
the WMI interface (programatically) or BCDEDIT (manually). If you're trying
to copy the BCD settings to a new partition (given the questions) - to be
done successfully this requires some non-trivial code. We're working on a
tool to do that for BitLocker.
-
Jamie Hunter [MS]

"Vipin" <Vipin@nospam.com> wrote in message
news:eOtoVA3qGHA.1796@TK2MSFTNGP03.phx.gbl...
> Thanks for the explanation, helpful.
> One question, I can not open the boot\bcd.log file. It seems to be always
> locked up by a process.
>
> Vipin
>
> "Jamie Hunter [MS]" <jamiehun@nospam.microsoft.com> wrote in message
> news:8EFF31A4-4054-4664-886F-67DEE8C6FD99@microsoft.com...
>> Hi Vipin,
>>
>> All disk encryption products have either physically a decrypted
>> partition, or at least a hidden decrypted region on a disk. (In many
>> cases, this aspect of the architecture is 'hidden', but the requirement
>> is always the same).
>>
>> For BitLocker specifically, the following needs to happen:
>>
>> 1) Enough code must be loaded to show UI that is or can be localized to
>> any language. Microsoft considers localization an extremely important
>> requirement.
>> 2) Code that can obtain a key with user interaction (to see this, try a
>> USB key with the key not present, or TPM+Pin, or Recovery password).
>> 3) Code to decrypt a disk on the fly.
>>
>> The code above lives in "BOOTMGR", with data files (e.g. localization
>> fonts and BCD settings) in the "\BOOT" directory. To store these on an
>> encrypted disk is a chicken & egg scenario.
>> -
>> Jamie Hunter [MS]
>>
>> "Vipin" <Vipin@nospam.com> wrote in message
>> news:%23jHX1f2qGHA.4812@TK2MSFTNGP04.phx.gbl...
>>> Hi,
>>> Why do we need two partitions for bitlocker a smaller partition and
>>> a bigger partition as per the installation guideline? I see it not used
>>> in anyway. Am I missing something?
>>>
>>> Thanks,
>>> Vipin
>>>
>>>
>>>
>>
>
>