Using this new encryption method won’t work on older Windows builds.
When Windows 10 (version 1511 or codename ‘Threshold 2’) came out on Novemit came with a new disk encryption mode (XTS-AES). Once you have figured out how much of the drive you want encrypted you as asked what encryption mode that you’d like to use. The default setting here is to encrypt used disk space only, but the slower and better option in our opinion is to encrypt the entire drive. That way we have two different backup methods that can be stored in different places.Īfter your recovery key is backed up the next button will be available to click and you can move onto how much of the drive that you’d like to encrypt. We picked the options to save a file to a USB drive and also print a recovery key. When using Intel PTT you are given the option to save it to your Microsoft account, as a file on a different drive or printed out. Once that completes in a few seconds you’ll be asked how do you want to back up your recovery key. Click ‘Turn on BitLocker’ next to the drive that you are wanting it enabled on.īitLocker will then begin by initializing the drive as you can see in the screenshot below. This also means that a motherboard failure resulting in a board replacement might cause a major headache.įrom here you can load Windows like normal and go to ‘Manage BitLocker’ in Control Panel. Once you select enabled you are hit with a warning that lets you know if the recovery key is ever lost or if the UEFI/BIOS chip is replaced that the encrypted drive cannot be restored. Intel PTT Setting in ASUS ROG MAXIMUS XI EXTREME Motherboard UEFI The first thing that you need to do is to go into your desktop boards UEFI (BIOS) and enable the feature as it is likely disabled by default.
To enable BitLocker for full-disk encryption on a PC without an option for a TPM you’ll need to need to use Intel PTT. The ASUS ROG MAXIMUS X APEX (Intel Z370) did include a TPM header, so this is a change that has just recently taken place. For example the ASUS ROG MAXIMUS XI EXTREME is one of the flagship Intel Z390 boards at $572.99 shipped and it doesn’t have a TPM header on the board.
While Intel PTT has been around for roughly six years it is only now starting to get mainstream attention as motherboard makers have begun removing TPM pin headers from their boards to reduce costs and to free up motherboard surface area for other features. Windows 10 has an additional feature called “Device Encryption”. It should be noted that BitLocker is available on most versions of Windows 7, 8, and 10. So, you get enhanced drive security without the having to buy TPM Modules like you had to in the past. This is because Intel PTT supports all Microsoft requirements for firmware Trusted Platform Module (fTPM) 2.0. Intel PTT works on pretty much every processor/chipset since 4th Gen Core (Haswell) processors were introduced and it even supports BitLocker. Intel PTT is basically the firmware alternative to a the hardware based TPM. That is because you can use Intel Platform Trust Technology (Intel PTT) which was introduced back in 2013. There is an alternative though and you do not have to have a TPM to enjoy BitLocker in Windows. This optional hardware-based solution takes a bit of time and effort to get enabled, but it is preferred by many as it separates your security infrastructure from the host system, making it very difficult to spoof, tamper or defeat. Once enabled, any changes or attacks to low-level (root) system assets should be caught and not allowed to run. Each TPM chip has a unique and hidden RSA key burned into it during production making each one truly unique. This is because the TPM has a microcontroller on-board that generates and stores keys, passwords, and digital certificates.
Once enabled your drive will be secure even if it is removed from the system. The good news is that for under $20 you can pick up a TPM 2.0 module for your existing desktop board that will allow you to take your system security to the next level by enabling whole-disk encryption! ASUS TPM-M R2.0 Module w/ ROG MAXIMUS X APEX BoardīitLocker by Microsoft is one of the most common ways to secure data with a TPM. Most laptops have a module already included, but it is an ‘extra’ option on most desktop boards. Most desktop motherboards have a pin header on them that allows users to buy a Trusted Platform Module (TPM) for enhanced security.