How does deactivating TPM in the T480 UEFI settings affect bitlocker? Is the TPM cleared?
Clash Royale CLAN TAG#URR8PPP
My Lenovo T480 runs a Bitlocker protected Windows 10 installation. Bitlocker is configured to lock the system (request the passkey) if there are any hardware changes. I would like to keep the Bitlocker protection intact and unmodified, but have the ability to dual boot into Linux or a different Win10 from a different SSD (without changing the Bitlocker configuration). I have full access to the UEFI settings.
As far as I understand, bitlocker places something like a policy on the TPM, which then locks the laptop. Even with the Windows drive physically disconnected, the bit of bitlocker that went on the TPM will stop any bootloader from running.
This is where I get stuck: I want to be able to swap out the Windows drive and use a different OS, but I can't do that without messing with the current TPM configuration (as far as I understand).
In the UEFI settings of the T480, there's an option to deactivate TPM. Does that clear the TPM? That would render the Windows install unusable. Does it simlpy disable TPM until I re-activate it? Will the Bitlocker / TPM lock the Windows install if I disable the TPM, use the Linux drive, and then re-enable TPM?
Edit: For now, I'm trying to get dual boot with a second copy of Windows 10 working, and even with the first hard disk disconnected, I do get a blue bitlocker screen asking me for my USB key.
Edit2: Solved. I never tried what happens when I set the TPM to "hidden" in the UEFI. To recap, the setup was:
- Win10 on disk 1, with bitlocker active, key stored on TPM protected via hardware change detection
- Win10 on disk 2, no bitlocker
I installed disk2 and was able to use it fine, until I booted into disk1. I was then unable to boot disk2. I wrongly assumed that the TPM prevented me from booting a disk different from the one that was using bitlocker. In fact what happened was that disk1 decided that all drives should be bitlocker protected and encrypted disk2 for me. Thereafter disk2 was unable to unlock on its own (presumably because the master key that bitlocker used was on disk1) and failed to boot with a bitlocker error. I don't have admin rights on disk1 so I was unable to turn off bitlocker on disk2 from disk1. Reinstalled Win10 on disk2 instead, and will take care to not boot disk1 while disk2 is plugged in.
windows-10 multi-boot uefi bitlocker tpm
asked Jan 27 at 11:13
Philipp DoePhilipp Doe
183
add a comment |
My Lenovo T480 runs a Bitlocker protected Windows 10 installation. Bitlocker is configured to lock the system (request the passkey) if there are any hardware changes. I would like to keep the Bitlocker protection intact and unmodified, but have the ability to dual boot into Linux or a different Win10 from a different SSD (without changing the Bitlocker configuration). I have full access to the UEFI settings.
As far as I understand, bitlocker places something like a policy on the TPM, which then locks the laptop. Even with the Windows drive physically disconnected, the bit of bitlocker that went on the TPM will stop any bootloader from running.
This is where I get stuck: I want to be able to swap out the Windows drive and use a different OS, but I can't do that without messing with the current TPM configuration (as far as I understand).
In the UEFI settings of the T480, there's an option to deactivate TPM. Does that clear the TPM? That would render the Windows install unusable. Does it simlpy disable TPM until I re-activate it? Will the Bitlocker / TPM lock the Windows install if I disable the TPM, use the Linux drive, and then re-enable TPM?
Edit: For now, I'm trying to get dual boot with a second copy of Windows 10 working, and even with the first hard disk disconnected, I do get a blue bitlocker screen asking me for my USB key.
Edit2: Solved. I never tried what happens when I set the TPM to "hidden" in the UEFI. To recap, the setup was:
- Win10 on disk 1, with bitlocker active, key stored on TPM protected via hardware change detection
- Win10 on disk 2, no bitlocker
I installed disk2 and was able to use it fine, until I booted into disk1. I was then unable to boot disk2. I wrongly assumed that the TPM prevented me from booting a disk different from the one that was using bitlocker. In fact what happened was that disk1 decided that all drives should be bitlocker protected and encrypted disk2 for me. Thereafter disk2 was unable to unlock on its own (presumably because the master key that bitlocker used was on disk1) and failed to boot with a bitlocker error. I don't have admin rights on disk1 so I was unable to turn off bitlocker on disk2 from disk1. Reinstalled Win10 on disk2 instead, and will take care to not boot disk1 while disk2 is plugged in.
windows-10 multi-boot uefi bitlocker tpm
asked Jan 27 at 11:13
Philipp DoePhilipp Doe
183
1
The story sounds like disk1 is a company-managed OS with BitLocker enforced through Group Policy... Easy to "avoid" by encrypting disk2 with your own keys first.
– grawity
Jan 28 at 11:09
Yes, I figured I could encrypt disk2 myself to keep disk1 at bay. I'm not very familiar with bitlocker but I suppose I can chose not to use the TPM for that. Thanks for the help @grawity.
– Philipp Doe
Jan 28 at 11:15
add a comment |
My Lenovo T480 runs a Bitlocker protected Windows 10 installation. Bitlocker is configured to lock the system (request the passkey) if there are any hardware changes. I would like to keep the Bitlocker protection intact and unmodified, but have the ability to dual boot into Linux or a different Win10 from a different SSD (without changing the Bitlocker configuration). I have full access to the UEFI settings.
As far as I understand, bitlocker places something like a policy on the TPM, which then locks the laptop. Even with the Windows drive physically disconnected, the bit of bitlocker that went on the TPM will stop any bootloader from running.
This is where I get stuck: I want to be able to swap out the Windows drive and use a different OS, but I can't do that without messing with the current TPM configuration (as far as I understand).
In the UEFI settings of the T480, there's an option to deactivate TPM. Does that clear the TPM? That would render the Windows install unusable. Does it simlpy disable TPM until I re-activate it? Will the Bitlocker / TPM lock the Windows install if I disable the TPM, use the Linux drive, and then re-enable TPM?
Edit: For now, I'm trying to get dual boot with a second copy of Windows 10 working, and even with the first hard disk disconnected, I do get a blue bitlocker screen asking me for my USB key.
Edit2: Solved. I never tried what happens when I set the TPM to "hidden" in the UEFI. To recap, the setup was:
- Win10 on disk 1, with bitlocker active, key stored on TPM protected via hardware change detection
- Win10 on disk 2, no bitlocker
I installed disk2 and was able to use it fine, until I booted into disk1. I was then unable to boot disk2. I wrongly assumed that the TPM prevented me from booting a disk different from the one that was using bitlocker. In fact what happened was that disk1 decided that all drives should be bitlocker protected and encrypted disk2 for me. Thereafter disk2 was unable to unlock on its own (presumably because the master key that bitlocker used was on disk1) and failed to boot with a bitlocker error. I don't have admin rights on disk1 so I was unable to turn off bitlocker on disk2 from disk1. Reinstalled Win10 on disk2 instead, and will take care to not boot disk1 while disk2 is plugged in.
windows-10 multi-boot uefi bitlocker tpm
asked Jan 27 at 11:13
Philipp DoePhilipp Doe
183
My Lenovo T480 runs a Bitlocker protected Windows 10 installation. Bitlocker is configured to lock the system (request the passkey) if there are any hardware changes. I would like to keep the Bitlocker protection intact and unmodified, but have the ability to dual boot into Linux or a different Win10 from a different SSD (without changing the Bitlocker configuration). I have full access to the UEFI settings.
As far as I understand, bitlocker places something like a policy on the TPM, which then locks the laptop. Even with the Windows drive physically disconnected, the bit of bitlocker that went on the TPM will stop any bootloader from running.
This is where I get stuck: I want to be able to swap out the Windows drive and use a different OS, but I can't do that without messing with the current TPM configuration (as far as I understand).
In the UEFI settings of the T480, there's an option to deactivate TPM. Does that clear the TPM? That would render the Windows install unusable. Does it simlpy disable TPM until I re-activate it? Will the Bitlocker / TPM lock the Windows install if I disable the TPM, use the Linux drive, and then re-enable TPM?
Edit: For now, I'm trying to get dual boot with a second copy of Windows 10 working, and even with the first hard disk disconnected, I do get a blue bitlocker screen asking me for my USB key.
Edit2: Solved. I never tried what happens when I set the TPM to "hidden" in the UEFI. To recap, the setup was:
- Win10 on disk 1, with bitlocker active, key stored on TPM protected via hardware change detection
- Win10 on disk 2, no bitlocker
I installed disk2 and was able to use it fine, until I booted into disk1. I was then unable to boot disk2. I wrongly assumed that the TPM prevented me from booting a disk different from the one that was using bitlocker. In fact what happened was that disk1 decided that all drives should be bitlocker protected and encrypted disk2 for me. Thereafter disk2 was unable to unlock on its own (presumably because the master key that bitlocker used was on disk1) and failed to boot with a bitlocker error. I don't have admin rights on disk1 so I was unable to turn off bitlocker on disk2 from disk1. Reinstalled Win10 on disk2 instead, and will take care to not boot disk1 while disk2 is plugged in.
windows-10 multi-boot uefi bitlocker tpm
windows-10 multi-boot uefi bitlocker tpm
asked Jan 27 at 11:13
Philipp DoePhilipp Doe
183
asked Jan 27 at 11:13
Philipp DoePhilipp Doe
183
edited Jan 28 at 11:10
Philipp Doe
asked Jan 27 at 11:13
Philipp DoePhilipp Doe
183
asked Jan 27 at 11:13
Philipp DoePhilipp Doe
183
asked Jan 27 at 11:13
Philipp DoePhilipp Doe
183
183
1
The story sounds like disk1 is a company-managed OS with BitLocker enforced through Group Policy... Easy to "avoid" by encrypting disk2 with your own keys first.
– grawity
Jan 28 at 11:09
Yes, I figured I could encrypt disk2 myself to keep disk1 at bay. I'm not very familiar with bitlocker but I suppose I can chose not to use the TPM for that. Thanks for the help @grawity.
– Philipp Doe
Jan 28 at 11:15
add a comment |
1
The story sounds like disk1 is a company-managed OS with BitLocker enforced through Group Policy... Easy to "avoid" by encrypting disk2 with your own keys first.
– grawity
Jan 28 at 11:09
Yes, I figured I could encrypt disk2 myself to keep disk1 at bay. I'm not very familiar with bitlocker but I suppose I can chose not to use the TPM for that. Thanks for the help @grawity.
– Philipp Doe
Jan 28 at 11:15
1
1
The story sounds like disk1 is a company-managed OS with BitLocker enforced through Group Policy... Easy to "avoid" by encrypting disk2 with your own keys first.
– grawity
Jan 28 at 11:09
The story sounds like disk1 is a company-managed OS with BitLocker enforced through Group Policy... Easy to "avoid" by encrypting disk2 with your own keys first.
– grawity
Jan 28 at 11:09
Yes, I figured I could encrypt disk2 myself to keep disk1 at bay. I'm not very familiar with bitlocker but I suppose I can chose not to use the TPM for that. Thanks for the help @grawity.
– Philipp Doe
Jan 28 at 11:15
Yes, I figured I could encrypt disk2 myself to keep disk1 at bay. I'm not very familiar with bitlocker but I suppose I can chose not to use the TPM for that. Thanks for the help @grawity.
– Philipp Doe
Jan 28 at 11:15
add a comment |
2 Answers
2
active
oldest
votes
As far as I understand, bitlocker places something like a policy on the TPM, which then locks the laptop. Even with the Windows drive physically disconnected, the bit of bitlocker that went on the TPM will stop any bootloader from running.
No. Do not confuse BitLocker and Secure Boot. Do not be mistaken about what goes on the TPM.
Specifically, the only bit of BitLocker that goes into the TPM is a decryption key for your disk's master key.
The TPM is, essentially, a place for secure tamper-proof storage – like a smartcard. It is passive and cannot affect the rest of the system by itself. It has its own firmware, but it doesn't store nor run any OS-provided code; it's mainly limited to cryptographic operations – e.g. the OS can ask the TPM to encrypt or decrypt data.
As you already discovered, the TPM also has a feature to store data sealed with the current system state (e.g. the drive you booted from, the bootloader hash reported by UEFI, plus whatever OS/kernel hashes reported by the bootloader itself). A "policy" in this context is a set of conditions telling the TPM when it is allowed to release the stored data, if the OS asks for it.
BitLocker is Windows' system for disk encryption. It prevents someone from accessing your Windows drive without knowing the key, but it doesn't prevent the system itself from doing anything else, including booting any other OS from any other drive.
BitLocker can use the TPM as a place to store its keys, which are sealed against the exact OS that you're running. If you try to boot from a different drive, or change the bootloader somehow, the TPM will refuse to release the keys and BitLocker will ask for the recovery password.
But if you boot an OS that doesn't ask the TPM to unseal that data, well, nothing happens. The OS just boots as usual – the TPM does not actively try to prevent it.
Secure Boot is the UEFI lockdown system. It can actively prevent the system from booting "untrusted" bootloaders and operating systems, which generally means "not signed by Microsoft" although can be customized.
(Note that Secure Boot in its default mode doesn't bind to a specific OS installation; it will boot any OS that has a recognizable signature. This even includes a Linux bootloader called "Shim".)
Secure Boot can exist on systems even without a TPM, and similarly, TPMs can exist on systems without Secure Boot, or indeed without UEFI.
Some manufacturers (e.g. HP) use the TPM memory to store Secure Boot settings, to exempt them from the usual "remove battery to clear firmware settings" trick. This still doesn't turn the TPM into anything other than a smartcard.
I want to be able to swap out the Windows drive and use Linux, but I can't do that without messing with the current TPM configuration (as far as I understand).
No, you can freely dual-boot with the TPM enabled. (As mentioned, the TPM is passive.) In fact you can even have Linux use the same TPM to seal its own keys for LUKS disk encryption.
However, you may need to disable Secure Boot if it currently prevents Linux from booting.
Changing Secure Boot settings will prevent Windows from accessing the BitLocker key, but won't clear it. You can re-enable Secure Boot later and regain access – or you can keep Secure Boot permanently disabled, and just have Windows store a new key in the TPM. (This happens automatically as soon as you input the BitLocker recovery key.)
Make sure you actually have the recovery key before trying this.
Does that clear the TPM?
The official "T480 User Guide" is unclear about this, but I would guess that the TPM's contents remain intact, because the manual lists a separate "Clear TPM contents" option. If disabling the TPM cleared it, the two options would be redundant.
That would render the Windows install unusable.
No, that would only mean you'll need to input the BitLocker recovery key.
Once you've unlocked the drive with the recovery key, BitLocker will also automatically create a new key and store it in the TPM again (if it is enabled), re-sealed against the new system state.
If you don't have the recovery key, use manage-bde -protectors to obtain it before you start tinkering with TPM or Secure Boot settings. It can also be obtained through the control panel and sometimes even stored with your Microsoft account.
answered Jan 27 at 12:19
grawitygrawity
238k37505559
Thanks for the detailed answer. I used to think of the TPM like a smartcard, but the fact that I still get a bitlocker screen when I remove the first SSD made me think it might have a more active role. I should have said I'm currently trying to dual boot another copy of Windows 10; sorry. That one's a pretty fresh install and I never configured it to use bitlocker / TPM for anything. Could it nonetheless be that the reason I can't boot it is because it tries to access the TPM which then of course blocks access and the secondary Windows fails to boot even though it has no use for the TPM keys?
– Philipp Doe
Jan 27 at 16:54
A fresh install may still use BitLocker by default; you don't know until you've looked at the status screen (e.g.manage-bde). Moreover, if it's a self-encrypting SSD (with OPAL feature) and if you had enabled bde with "Hardware encryption" on the disk previously, then the disk itself might be still carrying the BitLocker PBA from that previous installation.
– grawity
Jan 27 at 17:05
I just plugged disk 2 into another computer, and the Windows partinion on it is Bitlocker encrypted. Wtf. My guess at this stage is that the settings on disk 1 are such that it encrypted disk 2 as soon as it saw it. For some reason, I can't boot disk 2 though.
– Philipp Doe
Jan 27 at 18:18
add a comment |
You can set Security Chip to Active/Inactive/Disabled (T440s). This does not clear anything. However the option Clear Security Chip obviously clears the encryption keys and also changing Security Chip Selection from Discrete TPM (TPM 1.2) to Intel PTT (TPM 2.0) will do so (popup opens "All encryption keys will be cleared in the security chip. Do you really want to continue? [Yes]/[No]").
answered Jan 27 at 15:46
FreddyFreddy
1213
T480 only has TPM 2.0. No support for TPM 1.2
– fpmurphy
Feb 6 at 15:48
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "3"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1398899%2fhow-does-deactivating-tpm-in-the-t480-uefi-settings-affect-bitlocker-is-the-tpm%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
As far as I understand, bitlocker places something like a policy on the TPM, which then locks the laptop. Even with the Windows drive physically disconnected, the bit of bitlocker that went on the TPM will stop any bootloader from running.
No. Do not confuse BitLocker and Secure Boot. Do not be mistaken about what goes on the TPM.
Specifically, the only bit of BitLocker that goes into the TPM is a decryption key for your disk's master key.
The TPM is, essentially, a place for secure tamper-proof storage – like a smartcard. It is passive and cannot affect the rest of the system by itself. It has its own firmware, but it doesn't store nor run any OS-provided code; it's mainly limited to cryptographic operations – e.g. the OS can ask the TPM to encrypt or decrypt data.
As you already discovered, the TPM also has a feature to store data sealed with the current system state (e.g. the drive you booted from, the bootloader hash reported by UEFI, plus whatever OS/kernel hashes reported by the bootloader itself). A "policy" in this context is a set of conditions telling the TPM when it is allowed to release the stored data, if the OS asks for it.
BitLocker is Windows' system for disk encryption. It prevents someone from accessing your Windows drive without knowing the key, but it doesn't prevent the system itself from doing anything else, including booting any other OS from any other drive.
BitLocker can use the TPM as a place to store its keys, which are sealed against the exact OS that you're running. If you try to boot from a different drive, or change the bootloader somehow, the TPM will refuse to release the keys and BitLocker will ask for the recovery password.
But if you boot an OS that doesn't ask the TPM to unseal that data, well, nothing happens. The OS just boots as usual – the TPM does not actively try to prevent it.
Secure Boot is the UEFI lockdown system. It can actively prevent the system from booting "untrusted" bootloaders and operating systems, which generally means "not signed by Microsoft" although can be customized.
(Note that Secure Boot in its default mode doesn't bind to a specific OS installation; it will boot any OS that has a recognizable signature. This even includes a Linux bootloader called "Shim".)
Secure Boot can exist on systems even without a TPM, and similarly, TPMs can exist on systems without Secure Boot, or indeed without UEFI.
Some manufacturers (e.g. HP) use the TPM memory to store Secure Boot settings, to exempt them from the usual "remove battery to clear firmware settings" trick. This still doesn't turn the TPM into anything other than a smartcard.
I want to be able to swap out the Windows drive and use Linux, but I can't do that without messing with the current TPM configuration (as far as I understand).
No, you can freely dual-boot with the TPM enabled. (As mentioned, the TPM is passive.) In fact you can even have Linux use the same TPM to seal its own keys for LUKS disk encryption.
However, you may need to disable Secure Boot if it currently prevents Linux from booting.
Changing Secure Boot settings will prevent Windows from accessing the BitLocker key, but won't clear it. You can re-enable Secure Boot later and regain access – or you can keep Secure Boot permanently disabled, and just have Windows store a new key in the TPM. (This happens automatically as soon as you input the BitLocker recovery key.)
Make sure you actually have the recovery key before trying this.
Does that clear the TPM?
The official "T480 User Guide" is unclear about this, but I would guess that the TPM's contents remain intact, because the manual lists a separate "Clear TPM contents" option. If disabling the TPM cleared it, the two options would be redundant.
That would render the Windows install unusable.
No, that would only mean you'll need to input the BitLocker recovery key.
Once you've unlocked the drive with the recovery key, BitLocker will also automatically create a new key and store it in the TPM again (if it is enabled), re-sealed against the new system state.
If you don't have the recovery key, use manage-bde -protectors to obtain it before you start tinkering with TPM or Secure Boot settings. It can also be obtained through the control panel and sometimes even stored with your Microsoft account.
answered Jan 27 at 12:19
grawitygrawity
238k37505559
Thanks for the detailed answer. I used to think of the TPM like a smartcard, but the fact that I still get a bitlocker screen when I remove the first SSD made me think it might have a more active role. I should have said I'm currently trying to dual boot another copy of Windows 10; sorry. That one's a pretty fresh install and I never configured it to use bitlocker / TPM for anything. Could it nonetheless be that the reason I can't boot it is because it tries to access the TPM which then of course blocks access and the secondary Windows fails to boot even though it has no use for the TPM keys?
– Philipp Doe
Jan 27 at 16:54
A fresh install may still use BitLocker by default; you don't know until you've looked at the status screen (e.g.manage-bde). Moreover, if it's a self-encrypting SSD (with OPAL feature) and if you had enabled bde with "Hardware encryption" on the disk previously, then the disk itself might be still carrying the BitLocker PBA from that previous installation.
– grawity
Jan 27 at 17:05
I just plugged disk 2 into another computer, and the Windows partinion on it is Bitlocker encrypted. Wtf. My guess at this stage is that the settings on disk 1 are such that it encrypted disk 2 as soon as it saw it. For some reason, I can't boot disk 2 though.
– Philipp Doe
Jan 27 at 18:18
add a comment |
As far as I understand, bitlocker places something like a policy on the TPM, which then locks the laptop. Even with the Windows drive physically disconnected, the bit of bitlocker that went on the TPM will stop any bootloader from running.
No. Do not confuse BitLocker and Secure Boot. Do not be mistaken about what goes on the TPM.
Specifically, the only bit of BitLocker that goes into the TPM is a decryption key for your disk's master key.
The TPM is, essentially, a place for secure tamper-proof storage – like a smartcard. It is passive and cannot affect the rest of the system by itself. It has its own firmware, but it doesn't store nor run any OS-provided code; it's mainly limited to cryptographic operations – e.g. the OS can ask the TPM to encrypt or decrypt data.
As you already discovered, the TPM also has a feature to store data sealed with the current system state (e.g. the drive you booted from, the bootloader hash reported by UEFI, plus whatever OS/kernel hashes reported by the bootloader itself). A "policy" in this context is a set of conditions telling the TPM when it is allowed to release the stored data, if the OS asks for it.
BitLocker is Windows' system for disk encryption. It prevents someone from accessing your Windows drive without knowing the key, but it doesn't prevent the system itself from doing anything else, including booting any other OS from any other drive.
BitLocker can use the TPM as a place to store its keys, which are sealed against the exact OS that you're running. If you try to boot from a different drive, or change the bootloader somehow, the TPM will refuse to release the keys and BitLocker will ask for the recovery password.
But if you boot an OS that doesn't ask the TPM to unseal that data, well, nothing happens. The OS just boots as usual – the TPM does not actively try to prevent it.
Secure Boot is the UEFI lockdown system. It can actively prevent the system from booting "untrusted" bootloaders and operating systems, which generally means "not signed by Microsoft" although can be customized.
(Note that Secure Boot in its default mode doesn't bind to a specific OS installation; it will boot any OS that has a recognizable signature. This even includes a Linux bootloader called "Shim".)
Secure Boot can exist on systems even without a TPM, and similarly, TPMs can exist on systems without Secure Boot, or indeed without UEFI.
Some manufacturers (e.g. HP) use the TPM memory to store Secure Boot settings, to exempt them from the usual "remove battery to clear firmware settings" trick. This still doesn't turn the TPM into anything other than a smartcard.
I want to be able to swap out the Windows drive and use Linux, but I can't do that without messing with the current TPM configuration (as far as I understand).
No, you can freely dual-boot with the TPM enabled. (As mentioned, the TPM is passive.) In fact you can even have Linux use the same TPM to seal its own keys for LUKS disk encryption.
However, you may need to disable Secure Boot if it currently prevents Linux from booting.
Changing Secure Boot settings will prevent Windows from accessing the BitLocker key, but won't clear it. You can re-enable Secure Boot later and regain access – or you can keep Secure Boot permanently disabled, and just have Windows store a new key in the TPM. (This happens automatically as soon as you input the BitLocker recovery key.)
Make sure you actually have the recovery key before trying this.
Does that clear the TPM?
The official "T480 User Guide" is unclear about this, but I would guess that the TPM's contents remain intact, because the manual lists a separate "Clear TPM contents" option. If disabling the TPM cleared it, the two options would be redundant.
That would render the Windows install unusable.
No, that would only mean you'll need to input the BitLocker recovery key.
Once you've unlocked the drive with the recovery key, BitLocker will also automatically create a new key and store it in the TPM again (if it is enabled), re-sealed against the new system state.
If you don't have the recovery key, use manage-bde -protectors to obtain it before you start tinkering with TPM or Secure Boot settings. It can also be obtained through the control panel and sometimes even stored with your Microsoft account.
answered Jan 27 at 12:19
grawitygrawity
238k37505559
Thanks for the detailed answer. I used to think of the TPM like a smartcard, but the fact that I still get a bitlocker screen when I remove the first SSD made me think it might have a more active role. I should have said I'm currently trying to dual boot another copy of Windows 10; sorry. That one's a pretty fresh install and I never configured it to use bitlocker / TPM for anything. Could it nonetheless be that the reason I can't boot it is because it tries to access the TPM which then of course blocks access and the secondary Windows fails to boot even though it has no use for the TPM keys?
– Philipp Doe
Jan 27 at 16:54
A fresh install may still use BitLocker by default; you don't know until you've looked at the status screen (e.g.manage-bde). Moreover, if it's a self-encrypting SSD (with OPAL feature) and if you had enabled bde with "Hardware encryption" on the disk previously, then the disk itself might be still carrying the BitLocker PBA from that previous installation.
– grawity
Jan 27 at 17:05
I just plugged disk 2 into another computer, and the Windows partinion on it is Bitlocker encrypted. Wtf. My guess at this stage is that the settings on disk 1 are such that it encrypted disk 2 as soon as it saw it. For some reason, I can't boot disk 2 though.
– Philipp Doe
Jan 27 at 18:18
add a comment |
As far as I understand, bitlocker places something like a policy on the TPM, which then locks the laptop. Even with the Windows drive physically disconnected, the bit of bitlocker that went on the TPM will stop any bootloader from running.
No. Do not confuse BitLocker and Secure Boot. Do not be mistaken about what goes on the TPM.
Specifically, the only bit of BitLocker that goes into the TPM is a decryption key for your disk's master key.
The TPM is, essentially, a place for secure tamper-proof storage – like a smartcard. It is passive and cannot affect the rest of the system by itself. It has its own firmware, but it doesn't store nor run any OS-provided code; it's mainly limited to cryptographic operations – e.g. the OS can ask the TPM to encrypt or decrypt data.
As you already discovered, the TPM also has a feature to store data sealed with the current system state (e.g. the drive you booted from, the bootloader hash reported by UEFI, plus whatever OS/kernel hashes reported by the bootloader itself). A "policy" in this context is a set of conditions telling the TPM when it is allowed to release the stored data, if the OS asks for it.
BitLocker is Windows' system for disk encryption. It prevents someone from accessing your Windows drive without knowing the key, but it doesn't prevent the system itself from doing anything else, including booting any other OS from any other drive.
BitLocker can use the TPM as a place to store its keys, which are sealed against the exact OS that you're running. If you try to boot from a different drive, or change the bootloader somehow, the TPM will refuse to release the keys and BitLocker will ask for the recovery password.
But if you boot an OS that doesn't ask the TPM to unseal that data, well, nothing happens. The OS just boots as usual – the TPM does not actively try to prevent it.
Secure Boot is the UEFI lockdown system. It can actively prevent the system from booting "untrusted" bootloaders and operating systems, which generally means "not signed by Microsoft" although can be customized.
(Note that Secure Boot in its default mode doesn't bind to a specific OS installation; it will boot any OS that has a recognizable signature. This even includes a Linux bootloader called "Shim".)
Secure Boot can exist on systems even without a TPM, and similarly, TPMs can exist on systems without Secure Boot, or indeed without UEFI.
Some manufacturers (e.g. HP) use the TPM memory to store Secure Boot settings, to exempt them from the usual "remove battery to clear firmware settings" trick. This still doesn't turn the TPM into anything other than a smartcard.
I want to be able to swap out the Windows drive and use Linux, but I can't do that without messing with the current TPM configuration (as far as I understand).
No, you can freely dual-boot with the TPM enabled. (As mentioned, the TPM is passive.) In fact you can even have Linux use the same TPM to seal its own keys for LUKS disk encryption.
However, you may need to disable Secure Boot if it currently prevents Linux from booting.
Changing Secure Boot settings will prevent Windows from accessing the BitLocker key, but won't clear it. You can re-enable Secure Boot later and regain access – or you can keep Secure Boot permanently disabled, and just have Windows store a new key in the TPM. (This happens automatically as soon as you input the BitLocker recovery key.)
Make sure you actually have the recovery key before trying this.
Does that clear the TPM?
The official "T480 User Guide" is unclear about this, but I would guess that the TPM's contents remain intact, because the manual lists a separate "Clear TPM contents" option. If disabling the TPM cleared it, the two options would be redundant.
That would render the Windows install unusable.
No, that would only mean you'll need to input the BitLocker recovery key.
Once you've unlocked the drive with the recovery key, BitLocker will also automatically create a new key and store it in the TPM again (if it is enabled), re-sealed against the new system state.
If you don't have the recovery key, use manage-bde -protectors to obtain it before you start tinkering with TPM or Secure Boot settings. It can also be obtained through the control panel and sometimes even stored with your Microsoft account.
answered Jan 27 at 12:19
grawitygrawity
238k37505559
As far as I understand, bitlocker places something like a policy on the TPM, which then locks the laptop. Even with the Windows drive physically disconnected, the bit of bitlocker that went on the TPM will stop any bootloader from running.
No. Do not confuse BitLocker and Secure Boot. Do not be mistaken about what goes on the TPM.
Specifically, the only bit of BitLocker that goes into the TPM is a decryption key for your disk's master key.
The TPM is, essentially, a place for secure tamper-proof storage – like a smartcard. It is passive and cannot affect the rest of the system by itself. It has its own firmware, but it doesn't store nor run any OS-provided code; it's mainly limited to cryptographic operations – e.g. the OS can ask the TPM to encrypt or decrypt data.
As you already discovered, the TPM also has a feature to store data sealed with the current system state (e.g. the drive you booted from, the bootloader hash reported by UEFI, plus whatever OS/kernel hashes reported by the bootloader itself). A "policy" in this context is a set of conditions telling the TPM when it is allowed to release the stored data, if the OS asks for it.
BitLocker is Windows' system for disk encryption. It prevents someone from accessing your Windows drive without knowing the key, but it doesn't prevent the system itself from doing anything else, including booting any other OS from any other drive.
BitLocker can use the TPM as a place to store its keys, which are sealed against the exact OS that you're running. If you try to boot from a different drive, or change the bootloader somehow, the TPM will refuse to release the keys and BitLocker will ask for the recovery password.
But if you boot an OS that doesn't ask the TPM to unseal that data, well, nothing happens. The OS just boots as usual – the TPM does not actively try to prevent it.
Secure Boot is the UEFI lockdown system. It can actively prevent the system from booting "untrusted" bootloaders and operating systems, which generally means "not signed by Microsoft" although can be customized.
(Note that Secure Boot in its default mode doesn't bind to a specific OS installation; it will boot any OS that has a recognizable signature. This even includes a Linux bootloader called "Shim".)
Secure Boot can exist on systems even without a TPM, and similarly, TPMs can exist on systems without Secure Boot, or indeed without UEFI.
Some manufacturers (e.g. HP) use the TPM memory to store Secure Boot settings, to exempt them from the usual "remove battery to clear firmware settings" trick. This still doesn't turn the TPM into anything other than a smartcard.
I want to be able to swap out the Windows drive and use Linux, but I can't do that without messing with the current TPM configuration (as far as I understand).
No, you can freely dual-boot with the TPM enabled. (As mentioned, the TPM is passive.) In fact you can even have Linux use the same TPM to seal its own keys for LUKS disk encryption.
However, you may need to disable Secure Boot if it currently prevents Linux from booting.
Changing Secure Boot settings will prevent Windows from accessing the BitLocker key, but won't clear it. You can re-enable Secure Boot later and regain access – or you can keep Secure Boot permanently disabled, and just have Windows store a new key in the TPM. (This happens automatically as soon as you input the BitLocker recovery key.)
Make sure you actually have the recovery key before trying this.
Does that clear the TPM?
The official "T480 User Guide" is unclear about this, but I would guess that the TPM's contents remain intact, because the manual lists a separate "Clear TPM contents" option. If disabling the TPM cleared it, the two options would be redundant.
That would render the Windows install unusable.
No, that would only mean you'll need to input the BitLocker recovery key.
Once you've unlocked the drive with the recovery key, BitLocker will also automatically create a new key and store it in the TPM again (if it is enabled), re-sealed against the new system state.
If you don't have the recovery key, use manage-bde -protectors to obtain it before you start tinkering with TPM or Secure Boot settings. It can also be obtained through the control panel and sometimes even stored with your Microsoft account.
answered Jan 27 at 12:19
grawitygrawity
238k37505559
edited Jan 27 at 15:06
answered Jan 27 at 12:19
grawitygrawity
238k37505559
answered Jan 27 at 12:19
grawitygrawity
238k37505559
answered Jan 27 at 12:19
grawitygrawity
238k37505559
238k37505559
Thanks for the detailed answer. I used to think of the TPM like a smartcard, but the fact that I still get a bitlocker screen when I remove the first SSD made me think it might have a more active role. I should have said I'm currently trying to dual boot another copy of Windows 10; sorry. That one's a pretty fresh install and I never configured it to use bitlocker / TPM for anything. Could it nonetheless be that the reason I can't boot it is because it tries to access the TPM which then of course blocks access and the secondary Windows fails to boot even though it has no use for the TPM keys?
– Philipp Doe
Jan 27 at 16:54
A fresh install may still use BitLocker by default; you don't know until you've looked at the status screen (e.g.manage-bde). Moreover, if it's a self-encrypting SSD (with OPAL feature) and if you had enabled bde with "Hardware encryption" on the disk previously, then the disk itself might be still carrying the BitLocker PBA from that previous installation.
– grawity
Jan 27 at 17:05
I just plugged disk 2 into another computer, and the Windows partinion on it is Bitlocker encrypted. Wtf. My guess at this stage is that the settings on disk 1 are such that it encrypted disk 2 as soon as it saw it. For some reason, I can't boot disk 2 though.
– Philipp Doe
Jan 27 at 18:18
add a comment |
Thanks for the detailed answer. I used to think of the TPM like a smartcard, but the fact that I still get a bitlocker screen when I remove the first SSD made me think it might have a more active role. I should have said I'm currently trying to dual boot another copy of Windows 10; sorry. That one's a pretty fresh install and I never configured it to use bitlocker / TPM for anything. Could it nonetheless be that the reason I can't boot it is because it tries to access the TPM which then of course blocks access and the secondary Windows fails to boot even though it has no use for the TPM keys?
– Philipp Doe
Jan 27 at 16:54
A fresh install may still use BitLocker by default; you don't know until you've looked at the status screen (e.g.manage-bde). Moreover, if it's a self-encrypting SSD (with OPAL feature) and if you had enabled bde with "Hardware encryption" on the disk previously, then the disk itself might be still carrying the BitLocker PBA from that previous installation.
– grawity
Jan 27 at 17:05
I just plugged disk 2 into another computer, and the Windows partinion on it is Bitlocker encrypted. Wtf. My guess at this stage is that the settings on disk 1 are such that it encrypted disk 2 as soon as it saw it. For some reason, I can't boot disk 2 though.
– Philipp Doe
Jan 27 at 18:18
Thanks for the detailed answer. I used to think of the TPM like a smartcard, but the fact that I still get a bitlocker screen when I remove the first SSD made me think it might have a more active role. I should have said I'm currently trying to dual boot another copy of Windows 10; sorry. That one's a pretty fresh install and I never configured it to use bitlocker / TPM for anything. Could it nonetheless be that the reason I can't boot it is because it tries to access the TPM which then of course blocks access and the secondary Windows fails to boot even though it has no use for the TPM keys?
– Philipp Doe
Jan 27 at 16:54
Thanks for the detailed answer. I used to think of the TPM like a smartcard, but the fact that I still get a bitlocker screen when I remove the first SSD made me think it might have a more active role. I should have said I'm currently trying to dual boot another copy of Windows 10; sorry. That one's a pretty fresh install and I never configured it to use bitlocker / TPM for anything. Could it nonetheless be that the reason I can't boot it is because it tries to access the TPM which then of course blocks access and the secondary Windows fails to boot even though it has no use for the TPM keys?
– Philipp Doe
Jan 27 at 16:54
A fresh install may still use BitLocker by default; you don't know until you've looked at the status screen (e.g.
manage-bde). Moreover, if it's a self-encrypting SSD (with OPAL feature) and if you had enabled bde with "Hardware encryption" on the disk previously, then the disk itself might be still carrying the BitLocker PBA from that previous installation.– grawity
Jan 27 at 17:05
A fresh install may still use BitLocker by default; you don't know until you've looked at the status screen (e.g.
manage-bde). Moreover, if it's a self-encrypting SSD (with OPAL feature) and if you had enabled bde with "Hardware encryption" on the disk previously, then the disk itself might be still carrying the BitLocker PBA from that previous installation.– grawity
Jan 27 at 17:05
I just plugged disk 2 into another computer, and the Windows partinion on it is Bitlocker encrypted. Wtf. My guess at this stage is that the settings on disk 1 are such that it encrypted disk 2 as soon as it saw it. For some reason, I can't boot disk 2 though.
– Philipp Doe
Jan 27 at 18:18
I just plugged disk 2 into another computer, and the Windows partinion on it is Bitlocker encrypted. Wtf. My guess at this stage is that the settings on disk 1 are such that it encrypted disk 2 as soon as it saw it. For some reason, I can't boot disk 2 though.
– Philipp Doe
Jan 27 at 18:18
add a comment |
You can set Security Chip to Active/Inactive/Disabled (T440s). This does not clear anything. However the option Clear Security Chip obviously clears the encryption keys and also changing Security Chip Selection from Discrete TPM (TPM 1.2) to Intel PTT (TPM 2.0) will do so (popup opens "All encryption keys will be cleared in the security chip. Do you really want to continue? [Yes]/[No]").
answered Jan 27 at 15:46
FreddyFreddy
1213
T480 only has TPM 2.0. No support for TPM 1.2
– fpmurphy
Feb 6 at 15:48
add a comment |
You can set Security Chip to Active/Inactive/Disabled (T440s). This does not clear anything. However the option Clear Security Chip obviously clears the encryption keys and also changing Security Chip Selection from Discrete TPM (TPM 1.2) to Intel PTT (TPM 2.0) will do so (popup opens "All encryption keys will be cleared in the security chip. Do you really want to continue? [Yes]/[No]").
answered Jan 27 at 15:46
FreddyFreddy
1213
T480 only has TPM 2.0. No support for TPM 1.2
– fpmurphy
Feb 6 at 15:48
add a comment |
You can set Security Chip to Active/Inactive/Disabled (T440s). This does not clear anything. However the option Clear Security Chip obviously clears the encryption keys and also changing Security Chip Selection from Discrete TPM (TPM 1.2) to Intel PTT (TPM 2.0) will do so (popup opens "All encryption keys will be cleared in the security chip. Do you really want to continue? [Yes]/[No]").
answered Jan 27 at 15:46
FreddyFreddy
1213
You can set Security Chip to Active/Inactive/Disabled (T440s). This does not clear anything. However the option Clear Security Chip obviously clears the encryption keys and also changing Security Chip Selection from Discrete TPM (TPM 1.2) to Intel PTT (TPM 2.0) will do so (popup opens "All encryption keys will be cleared in the security chip. Do you really want to continue? [Yes]/[No]").
answered Jan 27 at 15:46
FreddyFreddy
1213
answered Jan 27 at 15:46
FreddyFreddy
1213
answered Jan 27 at 15:46
FreddyFreddy
1213
answered Jan 27 at 15:46
FreddyFreddy
1213
1213
T480 only has TPM 2.0. No support for TPM 1.2
– fpmurphy
Feb 6 at 15:48
add a comment |
T480 only has TPM 2.0. No support for TPM 1.2
– fpmurphy
Feb 6 at 15:48
T480 only has TPM 2.0. No support for TPM 1.2
– fpmurphy
Feb 6 at 15:48
T480 only has TPM 2.0. No support for TPM 1.2
– fpmurphy
Feb 6 at 15:48
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1398899%2fhow-does-deactivating-tpm-in-the-t480-uefi-settings-affect-bitlocker-is-the-tpm%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
The story sounds like disk1 is a company-managed OS with BitLocker enforced through Group Policy... Easy to "avoid" by encrypting disk2 with your own keys first.
– grawity
Jan 28 at 11:09
Yes, I figured I could encrypt disk2 myself to keep disk1 at bay. I'm not very familiar with bitlocker but I suppose I can chose not to use the TPM for that. Thanks for the help @grawity.
– Philipp Doe
Jan 28 at 11:15