[syslinux] SYSLINUX PXE LOCALBOOT Bitlockers
Gene Cumm
gene.cumm at gmail.com
Fri May 2 16:08:27 PDT 2014
On Tue, Apr 29, 2014 at 2:43 PM, Ian Bannerman <ian at internals.io> wrote:
> Any deviation from the expected boot process will prevent BitLocker from
> accessing the volume key in the TPM. One reason this behavior exists is to
> prevent malicious code from being loaded (such as via booting first to CD /
> USB / PXE, loading malware, and then continuing to boot to Windows). So
> what's happening here is the deviation from firmware -> PXE -> HDD is
> detected and the volume key is not released.
>
> There is no circumventing this behavior.
>
> --Ian
I started wondering if you could use a TPM for key management but
disable the system integrity check.
http://technet.microsoft.com/en-us/library/hh831507.aspx#BKMK_WhatIsBitLocker
seems the closest to saying no (though indirectly).
The wording of "On computers that have a Trusted Platform Module (TPM)
version 1.2 or 2.0, BitLocker uses the enhanced security capabilities"
doesn't say it's optional.
--
-Gene
A: Because it messes up the order in which people normally read text,
especially the archives of mailing lists.
Q: Why is Top-posting such a bad thing?
More information about the Syslinux
mailing list