How does deactivating TPM in the T480 UEFI settings affect bitlocker? Is the TPM cleared?












3















My Lenovo T480 runs a Bitlocker protected Windows 10 installation. Bitlocker is configured to lock the system (request the passkey) if there are any hardware changes. I would like to keep the Bitlocker protection intact and unmodified, but have the ability to dual boot into Linux or a different Win10 from a different SSD (without changing the Bitlocker configuration). I have full access to the UEFI settings.



As far as I understand, bitlocker places something like a policy on the TPM, which then locks the laptop. Even with the Windows drive physically disconnected, the bit of bitlocker that went on the TPM will stop any bootloader from running.



This is where I get stuck: I want to be able to swap out the Windows drive and use a different OS, but I can't do that without messing with the current TPM configuration (as far as I understand).



In the UEFI settings of the T480, there's an option to deactivate TPM. Does that clear the TPM? That would render the Windows install unusable. Does it simlpy disable TPM until I re-activate it? Will the Bitlocker / TPM lock the Windows install if I disable the TPM, use the Linux drive, and then re-enable TPM?



Edit: For now, I'm trying to get dual boot with a second copy of Windows 10 working, and even with the first hard disk disconnected, I do get a blue bitlocker screen asking me for my USB key.



Edit2: Solved. I never tried what happens when I set the TPM to "hidden" in the UEFI. To recap, the setup was:




  • Win10 on disk 1, with bitlocker active, key stored on TPM protected via hardware change detection

  • Win10 on disk 2, no bitlocker


I installed disk2 and was able to use it fine, until I booted into disk1. I was then unable to boot disk2. I wrongly assumed that the TPM prevented me from booting a disk different from the one that was using bitlocker. In fact what happened was that disk1 decided that all drives should be bitlocker protected and encrypted disk2 for me. Thereafter disk2 was unable to unlock on its own (presumably because the master key that bitlocker used was on disk1) and failed to boot with a bitlocker error. I don't have admin rights on disk1 so I was unable to turn off bitlocker on disk2 from disk1. Reinstalled Win10 on disk2 instead, and will take care to not boot disk1 while disk2 is plugged in.










share|improve this question









New contributor




Philipp Doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1





    The story sounds like disk1 is a company-managed OS with BitLocker enforced through Group Policy... Easy to "avoid" by encrypting disk2 with your own keys first.

    – grawity
    18 hours ago











  • Yes, I figured I could encrypt disk2 myself to keep disk1 at bay. I'm not very familiar with bitlocker but I suppose I can chose not to use the TPM for that. Thanks for the help @grawity.

    – Philipp Doe
    18 hours ago


















3















My Lenovo T480 runs a Bitlocker protected Windows 10 installation. Bitlocker is configured to lock the system (request the passkey) if there are any hardware changes. I would like to keep the Bitlocker protection intact and unmodified, but have the ability to dual boot into Linux or a different Win10 from a different SSD (without changing the Bitlocker configuration). I have full access to the UEFI settings.



As far as I understand, bitlocker places something like a policy on the TPM, which then locks the laptop. Even with the Windows drive physically disconnected, the bit of bitlocker that went on the TPM will stop any bootloader from running.



This is where I get stuck: I want to be able to swap out the Windows drive and use a different OS, but I can't do that without messing with the current TPM configuration (as far as I understand).



In the UEFI settings of the T480, there's an option to deactivate TPM. Does that clear the TPM? That would render the Windows install unusable. Does it simlpy disable TPM until I re-activate it? Will the Bitlocker / TPM lock the Windows install if I disable the TPM, use the Linux drive, and then re-enable TPM?



Edit: For now, I'm trying to get dual boot with a second copy of Windows 10 working, and even with the first hard disk disconnected, I do get a blue bitlocker screen asking me for my USB key.



Edit2: Solved. I never tried what happens when I set the TPM to "hidden" in the UEFI. To recap, the setup was:




  • Win10 on disk 1, with bitlocker active, key stored on TPM protected via hardware change detection

  • Win10 on disk 2, no bitlocker


I installed disk2 and was able to use it fine, until I booted into disk1. I was then unable to boot disk2. I wrongly assumed that the TPM prevented me from booting a disk different from the one that was using bitlocker. In fact what happened was that disk1 decided that all drives should be bitlocker protected and encrypted disk2 for me. Thereafter disk2 was unable to unlock on its own (presumably because the master key that bitlocker used was on disk1) and failed to boot with a bitlocker error. I don't have admin rights on disk1 so I was unable to turn off bitlocker on disk2 from disk1. Reinstalled Win10 on disk2 instead, and will take care to not boot disk1 while disk2 is plugged in.










share|improve this question









New contributor




Philipp Doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1





    The story sounds like disk1 is a company-managed OS with BitLocker enforced through Group Policy... Easy to "avoid" by encrypting disk2 with your own keys first.

    – grawity
    18 hours ago











  • Yes, I figured I could encrypt disk2 myself to keep disk1 at bay. I'm not very familiar with bitlocker but I suppose I can chose not to use the TPM for that. Thanks for the help @grawity.

    – Philipp Doe
    18 hours ago
















3












3








3


2






My Lenovo T480 runs a Bitlocker protected Windows 10 installation. Bitlocker is configured to lock the system (request the passkey) if there are any hardware changes. I would like to keep the Bitlocker protection intact and unmodified, but have the ability to dual boot into Linux or a different Win10 from a different SSD (without changing the Bitlocker configuration). I have full access to the UEFI settings.



As far as I understand, bitlocker places something like a policy on the TPM, which then locks the laptop. Even with the Windows drive physically disconnected, the bit of bitlocker that went on the TPM will stop any bootloader from running.



This is where I get stuck: I want to be able to swap out the Windows drive and use a different OS, but I can't do that without messing with the current TPM configuration (as far as I understand).



In the UEFI settings of the T480, there's an option to deactivate TPM. Does that clear the TPM? That would render the Windows install unusable. Does it simlpy disable TPM until I re-activate it? Will the Bitlocker / TPM lock the Windows install if I disable the TPM, use the Linux drive, and then re-enable TPM?



Edit: For now, I'm trying to get dual boot with a second copy of Windows 10 working, and even with the first hard disk disconnected, I do get a blue bitlocker screen asking me for my USB key.



Edit2: Solved. I never tried what happens when I set the TPM to "hidden" in the UEFI. To recap, the setup was:




  • Win10 on disk 1, with bitlocker active, key stored on TPM protected via hardware change detection

  • Win10 on disk 2, no bitlocker


I installed disk2 and was able to use it fine, until I booted into disk1. I was then unable to boot disk2. I wrongly assumed that the TPM prevented me from booting a disk different from the one that was using bitlocker. In fact what happened was that disk1 decided that all drives should be bitlocker protected and encrypted disk2 for me. Thereafter disk2 was unable to unlock on its own (presumably because the master key that bitlocker used was on disk1) and failed to boot with a bitlocker error. I don't have admin rights on disk1 so I was unable to turn off bitlocker on disk2 from disk1. Reinstalled Win10 on disk2 instead, and will take care to not boot disk1 while disk2 is plugged in.










share|improve this question









New contributor




Philipp Doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












My Lenovo T480 runs a Bitlocker protected Windows 10 installation. Bitlocker is configured to lock the system (request the passkey) if there are any hardware changes. I would like to keep the Bitlocker protection intact and unmodified, but have the ability to dual boot into Linux or a different Win10 from a different SSD (without changing the Bitlocker configuration). I have full access to the UEFI settings.



As far as I understand, bitlocker places something like a policy on the TPM, which then locks the laptop. Even with the Windows drive physically disconnected, the bit of bitlocker that went on the TPM will stop any bootloader from running.



This is where I get stuck: I want to be able to swap out the Windows drive and use a different OS, but I can't do that without messing with the current TPM configuration (as far as I understand).



In the UEFI settings of the T480, there's an option to deactivate TPM. Does that clear the TPM? That would render the Windows install unusable. Does it simlpy disable TPM until I re-activate it? Will the Bitlocker / TPM lock the Windows install if I disable the TPM, use the Linux drive, and then re-enable TPM?



Edit: For now, I'm trying to get dual boot with a second copy of Windows 10 working, and even with the first hard disk disconnected, I do get a blue bitlocker screen asking me for my USB key.



Edit2: Solved. I never tried what happens when I set the TPM to "hidden" in the UEFI. To recap, the setup was:




  • Win10 on disk 1, with bitlocker active, key stored on TPM protected via hardware change detection

  • Win10 on disk 2, no bitlocker


I installed disk2 and was able to use it fine, until I booted into disk1. I was then unable to boot disk2. I wrongly assumed that the TPM prevented me from booting a disk different from the one that was using bitlocker. In fact what happened was that disk1 decided that all drives should be bitlocker protected and encrypted disk2 for me. Thereafter disk2 was unable to unlock on its own (presumably because the master key that bitlocker used was on disk1) and failed to boot with a bitlocker error. I don't have admin rights on disk1 so I was unable to turn off bitlocker on disk2 from disk1. Reinstalled Win10 on disk2 instead, and will take care to not boot disk1 while disk2 is plugged in.







windows-10 multi-boot uefi bitlocker tpm






share|improve this question









New contributor




Philipp Doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Philipp Doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 18 hours ago







Philipp Doe













New contributor




Philipp Doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked yesterday









Philipp DoePhilipp Doe

183




183




New contributor




Philipp Doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Philipp Doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Philipp Doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 1





    The story sounds like disk1 is a company-managed OS with BitLocker enforced through Group Policy... Easy to "avoid" by encrypting disk2 with your own keys first.

    – grawity
    18 hours ago











  • Yes, I figured I could encrypt disk2 myself to keep disk1 at bay. I'm not very familiar with bitlocker but I suppose I can chose not to use the TPM for that. Thanks for the help @grawity.

    – Philipp Doe
    18 hours ago
















  • 1





    The story sounds like disk1 is a company-managed OS with BitLocker enforced through Group Policy... Easy to "avoid" by encrypting disk2 with your own keys first.

    – grawity
    18 hours ago











  • Yes, I figured I could encrypt disk2 myself to keep disk1 at bay. I'm not very familiar with bitlocker but I suppose I can chose not to use the TPM for that. Thanks for the help @grawity.

    – Philipp Doe
    18 hours ago










1




1





The story sounds like disk1 is a company-managed OS with BitLocker enforced through Group Policy... Easy to "avoid" by encrypting disk2 with your own keys first.

– grawity
18 hours ago





The story sounds like disk1 is a company-managed OS with BitLocker enforced through Group Policy... Easy to "avoid" by encrypting disk2 with your own keys first.

– grawity
18 hours ago













Yes, I figured I could encrypt disk2 myself to keep disk1 at bay. I'm not very familiar with bitlocker but I suppose I can chose not to use the TPM for that. Thanks for the help @grawity.

– Philipp Doe
18 hours ago







Yes, I figured I could encrypt disk2 myself to keep disk1 at bay. I'm not very familiar with bitlocker but I suppose I can chose not to use the TPM for that. Thanks for the help @grawity.

– Philipp Doe
18 hours ago












2 Answers
2






active

oldest

votes


















9















As far as I understand, bitlocker places something like a policy on the TPM, which then locks the laptop. Even with the Windows drive physically disconnected, the bit of bitlocker that went on the TPM will stop any bootloader from running.




No. Do not confuse BitLocker and Secure Boot. Do not be mistaken about what goes on the TPM.



Specifically, the only bit of BitLocker that goes into the TPM is a decryption key for your disk's master key.





  • The TPM is, essentially, a place for secure tamper-proof storage – like a smartcard. It is passive and cannot affect the rest of the system by itself. It has its own firmware, but it doesn't store nor run any OS-provided code; it's mainly limited to cryptographic operations – e.g. the OS can ask the TPM to encrypt or decrypt data.



    As you already discovered, the TPM also has a feature to store data sealed with the current system state (e.g. the drive you booted from, the bootloader hash reported by UEFI, plus whatever OS/kernel hashes reported by the bootloader itself). A "policy" in this context is a set of conditions telling the TPM when it is allowed to release the stored data, if the OS asks for it.




  • BitLocker is Windows' system for disk encryption. It prevents someone from accessing your Windows drive without knowing the key, but it doesn't prevent the system itself from doing anything else, including booting any other OS from any other drive.



    BitLocker can use the TPM as a place to store its keys, which are sealed against the exact OS that you're running. If you try to boot from a different drive, or change the bootloader somehow, the TPM will refuse to release the keys and BitLocker will ask for the recovery password.



    But if you boot an OS that doesn't ask the TPM to unseal that data, well, nothing happens. The OS just boots as usual – the TPM does not actively try to prevent it.




  • Secure Boot is the UEFI lockdown system. It can actively prevent the system from booting "untrusted" bootloaders and operating systems, which generally means "not signed by Microsoft" although can be customized.



    (Note that Secure Boot in its default mode doesn't bind to a specific OS installation; it will boot any OS that has a recognizable signature. This even includes a Linux bootloader called "Shim".)




Secure Boot can exist on systems even without a TPM, and similarly, TPMs can exist on systems without Secure Boot, or indeed without UEFI.



Some manufacturers (e.g. HP) use the TPM memory to store Secure Boot settings, to exempt them from the usual "remove battery to clear firmware settings" trick. This still doesn't turn the TPM into anything other than a smartcard.




I want to be able to swap out the Windows drive and use Linux, but I can't do that without messing with the current TPM configuration (as far as I understand).




No, you can freely dual-boot with the TPM enabled. (As mentioned, the TPM is passive.) In fact you can even have Linux use the same TPM to seal its own keys for LUKS disk encryption.



However, you may need to disable Secure Boot if it currently prevents Linux from booting.



Changing Secure Boot settings will prevent Windows from accessing the BitLocker key, but won't clear it. You can re-enable Secure Boot later and regain access – or you can keep Secure Boot permanently disabled, and just have Windows store a new key in the TPM. (This happens automatically as soon as you input the BitLocker recovery key.)



Make sure you actually have the recovery key before trying this.




Does that clear the TPM?




The official "T480 User Guide" is unclear about this, but I would guess that the TPM's contents remain intact, because the manual lists a separate "Clear TPM contents" option. If disabling the TPM cleared it, the two options would be redundant.




That would render the Windows install unusable.




No, that would only mean you'll need to input the BitLocker recovery key.



Once you've unlocked the drive with the recovery key, BitLocker will also automatically create a new key and store it in the TPM again (if it is enabled), re-sealed against the new system state.



If you don't have the recovery key, use manage-bde -protectors to obtain it before you start tinkering with TPM or Secure Boot settings. It can also be obtained through the control panel and sometimes even stored with your Microsoft account.






share|improve this answer


























  • Thanks for the detailed answer. I used to think of the TPM like a smartcard, but the fact that I still get a bitlocker screen when I remove the first SSD made me think it might have a more active role. I should have said I'm currently trying to dual boot another copy of Windows 10; sorry. That one's a pretty fresh install and I never configured it to use bitlocker / TPM for anything. Could it nonetheless be that the reason I can't boot it is because it tries to access the TPM which then of course blocks access and the secondary Windows fails to boot even though it has no use for the TPM keys?

    – Philipp Doe
    yesterday











  • A fresh install may still use BitLocker by default; you don't know until you've looked at the status screen (e.g. manage-bde). Moreover, if it's a self-encrypting SSD (with OPAL feature) and if you had enabled bde with "Hardware encryption" on the disk previously, then the disk itself might be still carrying the BitLocker PBA from that previous installation.

    – grawity
    yesterday











  • I just plugged disk 2 into another computer, and the Windows partinion on it is Bitlocker encrypted. Wtf. My guess at this stage is that the settings on disk 1 are such that it encrypted disk 2 as soon as it saw it. For some reason, I can't boot disk 2 though.

    – Philipp Doe
    yesterday



















2














You can set Security Chip to Active/Inactive/Disabled (T440s). This does not clear anything. However the option Clear Security Chip obviously clears the encryption keys and also changing Security Chip Selection from Discrete TPM (TPM 1.2) to Intel PTT (TPM 2.0) will do so (popup opens "All encryption keys will be cleared in the security chip. Do you really want to continue? [Yes]/[No]").






share|improve this answer








New contributor




Freddy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });






    Philipp Doe is a new contributor. Be nice, and check out our Code of Conduct.










    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1398899%2fhow-does-deactivating-tpm-in-the-t480-uefi-settings-affect-bitlocker-is-the-tpm%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    9















    As far as I understand, bitlocker places something like a policy on the TPM, which then locks the laptop. Even with the Windows drive physically disconnected, the bit of bitlocker that went on the TPM will stop any bootloader from running.




    No. Do not confuse BitLocker and Secure Boot. Do not be mistaken about what goes on the TPM.



    Specifically, the only bit of BitLocker that goes into the TPM is a decryption key for your disk's master key.





    • The TPM is, essentially, a place for secure tamper-proof storage – like a smartcard. It is passive and cannot affect the rest of the system by itself. It has its own firmware, but it doesn't store nor run any OS-provided code; it's mainly limited to cryptographic operations – e.g. the OS can ask the TPM to encrypt or decrypt data.



      As you already discovered, the TPM also has a feature to store data sealed with the current system state (e.g. the drive you booted from, the bootloader hash reported by UEFI, plus whatever OS/kernel hashes reported by the bootloader itself). A "policy" in this context is a set of conditions telling the TPM when it is allowed to release the stored data, if the OS asks for it.




    • BitLocker is Windows' system for disk encryption. It prevents someone from accessing your Windows drive without knowing the key, but it doesn't prevent the system itself from doing anything else, including booting any other OS from any other drive.



      BitLocker can use the TPM as a place to store its keys, which are sealed against the exact OS that you're running. If you try to boot from a different drive, or change the bootloader somehow, the TPM will refuse to release the keys and BitLocker will ask for the recovery password.



      But if you boot an OS that doesn't ask the TPM to unseal that data, well, nothing happens. The OS just boots as usual – the TPM does not actively try to prevent it.




    • Secure Boot is the UEFI lockdown system. It can actively prevent the system from booting "untrusted" bootloaders and operating systems, which generally means "not signed by Microsoft" although can be customized.



      (Note that Secure Boot in its default mode doesn't bind to a specific OS installation; it will boot any OS that has a recognizable signature. This even includes a Linux bootloader called "Shim".)




    Secure Boot can exist on systems even without a TPM, and similarly, TPMs can exist on systems without Secure Boot, or indeed without UEFI.



    Some manufacturers (e.g. HP) use the TPM memory to store Secure Boot settings, to exempt them from the usual "remove battery to clear firmware settings" trick. This still doesn't turn the TPM into anything other than a smartcard.




    I want to be able to swap out the Windows drive and use Linux, but I can't do that without messing with the current TPM configuration (as far as I understand).




    No, you can freely dual-boot with the TPM enabled. (As mentioned, the TPM is passive.) In fact you can even have Linux use the same TPM to seal its own keys for LUKS disk encryption.



    However, you may need to disable Secure Boot if it currently prevents Linux from booting.



    Changing Secure Boot settings will prevent Windows from accessing the BitLocker key, but won't clear it. You can re-enable Secure Boot later and regain access – or you can keep Secure Boot permanently disabled, and just have Windows store a new key in the TPM. (This happens automatically as soon as you input the BitLocker recovery key.)



    Make sure you actually have the recovery key before trying this.




    Does that clear the TPM?




    The official "T480 User Guide" is unclear about this, but I would guess that the TPM's contents remain intact, because the manual lists a separate "Clear TPM contents" option. If disabling the TPM cleared it, the two options would be redundant.




    That would render the Windows install unusable.




    No, that would only mean you'll need to input the BitLocker recovery key.



    Once you've unlocked the drive with the recovery key, BitLocker will also automatically create a new key and store it in the TPM again (if it is enabled), re-sealed against the new system state.



    If you don't have the recovery key, use manage-bde -protectors to obtain it before you start tinkering with TPM or Secure Boot settings. It can also be obtained through the control panel and sometimes even stored with your Microsoft account.






    share|improve this answer


























    • Thanks for the detailed answer. I used to think of the TPM like a smartcard, but the fact that I still get a bitlocker screen when I remove the first SSD made me think it might have a more active role. I should have said I'm currently trying to dual boot another copy of Windows 10; sorry. That one's a pretty fresh install and I never configured it to use bitlocker / TPM for anything. Could it nonetheless be that the reason I can't boot it is because it tries to access the TPM which then of course blocks access and the secondary Windows fails to boot even though it has no use for the TPM keys?

      – Philipp Doe
      yesterday











    • A fresh install may still use BitLocker by default; you don't know until you've looked at the status screen (e.g. manage-bde). Moreover, if it's a self-encrypting SSD (with OPAL feature) and if you had enabled bde with "Hardware encryption" on the disk previously, then the disk itself might be still carrying the BitLocker PBA from that previous installation.

      – grawity
      yesterday











    • I just plugged disk 2 into another computer, and the Windows partinion on it is Bitlocker encrypted. Wtf. My guess at this stage is that the settings on disk 1 are such that it encrypted disk 2 as soon as it saw it. For some reason, I can't boot disk 2 though.

      – Philipp Doe
      yesterday
















    9















    As far as I understand, bitlocker places something like a policy on the TPM, which then locks the laptop. Even with the Windows drive physically disconnected, the bit of bitlocker that went on the TPM will stop any bootloader from running.




    No. Do not confuse BitLocker and Secure Boot. Do not be mistaken about what goes on the TPM.



    Specifically, the only bit of BitLocker that goes into the TPM is a decryption key for your disk's master key.





    • The TPM is, essentially, a place for secure tamper-proof storage – like a smartcard. It is passive and cannot affect the rest of the system by itself. It has its own firmware, but it doesn't store nor run any OS-provided code; it's mainly limited to cryptographic operations – e.g. the OS can ask the TPM to encrypt or decrypt data.



      As you already discovered, the TPM also has a feature to store data sealed with the current system state (e.g. the drive you booted from, the bootloader hash reported by UEFI, plus whatever OS/kernel hashes reported by the bootloader itself). A "policy" in this context is a set of conditions telling the TPM when it is allowed to release the stored data, if the OS asks for it.




    • BitLocker is Windows' system for disk encryption. It prevents someone from accessing your Windows drive without knowing the key, but it doesn't prevent the system itself from doing anything else, including booting any other OS from any other drive.



      BitLocker can use the TPM as a place to store its keys, which are sealed against the exact OS that you're running. If you try to boot from a different drive, or change the bootloader somehow, the TPM will refuse to release the keys and BitLocker will ask for the recovery password.



      But if you boot an OS that doesn't ask the TPM to unseal that data, well, nothing happens. The OS just boots as usual – the TPM does not actively try to prevent it.




    • Secure Boot is the UEFI lockdown system. It can actively prevent the system from booting "untrusted" bootloaders and operating systems, which generally means "not signed by Microsoft" although can be customized.



      (Note that Secure Boot in its default mode doesn't bind to a specific OS installation; it will boot any OS that has a recognizable signature. This even includes a Linux bootloader called "Shim".)




    Secure Boot can exist on systems even without a TPM, and similarly, TPMs can exist on systems without Secure Boot, or indeed without UEFI.



    Some manufacturers (e.g. HP) use the TPM memory to store Secure Boot settings, to exempt them from the usual "remove battery to clear firmware settings" trick. This still doesn't turn the TPM into anything other than a smartcard.




    I want to be able to swap out the Windows drive and use Linux, but I can't do that without messing with the current TPM configuration (as far as I understand).




    No, you can freely dual-boot with the TPM enabled. (As mentioned, the TPM is passive.) In fact you can even have Linux use the same TPM to seal its own keys for LUKS disk encryption.



    However, you may need to disable Secure Boot if it currently prevents Linux from booting.



    Changing Secure Boot settings will prevent Windows from accessing the BitLocker key, but won't clear it. You can re-enable Secure Boot later and regain access – or you can keep Secure Boot permanently disabled, and just have Windows store a new key in the TPM. (This happens automatically as soon as you input the BitLocker recovery key.)



    Make sure you actually have the recovery key before trying this.




    Does that clear the TPM?




    The official "T480 User Guide" is unclear about this, but I would guess that the TPM's contents remain intact, because the manual lists a separate "Clear TPM contents" option. If disabling the TPM cleared it, the two options would be redundant.




    That would render the Windows install unusable.




    No, that would only mean you'll need to input the BitLocker recovery key.



    Once you've unlocked the drive with the recovery key, BitLocker will also automatically create a new key and store it in the TPM again (if it is enabled), re-sealed against the new system state.



    If you don't have the recovery key, use manage-bde -protectors to obtain it before you start tinkering with TPM or Secure Boot settings. It can also be obtained through the control panel and sometimes even stored with your Microsoft account.






    share|improve this answer


























    • Thanks for the detailed answer. I used to think of the TPM like a smartcard, but the fact that I still get a bitlocker screen when I remove the first SSD made me think it might have a more active role. I should have said I'm currently trying to dual boot another copy of Windows 10; sorry. That one's a pretty fresh install and I never configured it to use bitlocker / TPM for anything. Could it nonetheless be that the reason I can't boot it is because it tries to access the TPM which then of course blocks access and the secondary Windows fails to boot even though it has no use for the TPM keys?

      – Philipp Doe
      yesterday











    • A fresh install may still use BitLocker by default; you don't know until you've looked at the status screen (e.g. manage-bde). Moreover, if it's a self-encrypting SSD (with OPAL feature) and if you had enabled bde with "Hardware encryption" on the disk previously, then the disk itself might be still carrying the BitLocker PBA from that previous installation.

      – grawity
      yesterday











    • I just plugged disk 2 into another computer, and the Windows partinion on it is Bitlocker encrypted. Wtf. My guess at this stage is that the settings on disk 1 are such that it encrypted disk 2 as soon as it saw it. For some reason, I can't boot disk 2 though.

      – Philipp Doe
      yesterday














    9












    9








    9








    As far as I understand, bitlocker places something like a policy on the TPM, which then locks the laptop. Even with the Windows drive physically disconnected, the bit of bitlocker that went on the TPM will stop any bootloader from running.




    No. Do not confuse BitLocker and Secure Boot. Do not be mistaken about what goes on the TPM.



    Specifically, the only bit of BitLocker that goes into the TPM is a decryption key for your disk's master key.





    • The TPM is, essentially, a place for secure tamper-proof storage – like a smartcard. It is passive and cannot affect the rest of the system by itself. It has its own firmware, but it doesn't store nor run any OS-provided code; it's mainly limited to cryptographic operations – e.g. the OS can ask the TPM to encrypt or decrypt data.



      As you already discovered, the TPM also has a feature to store data sealed with the current system state (e.g. the drive you booted from, the bootloader hash reported by UEFI, plus whatever OS/kernel hashes reported by the bootloader itself). A "policy" in this context is a set of conditions telling the TPM when it is allowed to release the stored data, if the OS asks for it.




    • BitLocker is Windows' system for disk encryption. It prevents someone from accessing your Windows drive without knowing the key, but it doesn't prevent the system itself from doing anything else, including booting any other OS from any other drive.



      BitLocker can use the TPM as a place to store its keys, which are sealed against the exact OS that you're running. If you try to boot from a different drive, or change the bootloader somehow, the TPM will refuse to release the keys and BitLocker will ask for the recovery password.



      But if you boot an OS that doesn't ask the TPM to unseal that data, well, nothing happens. The OS just boots as usual – the TPM does not actively try to prevent it.




    • Secure Boot is the UEFI lockdown system. It can actively prevent the system from booting "untrusted" bootloaders and operating systems, which generally means "not signed by Microsoft" although can be customized.



      (Note that Secure Boot in its default mode doesn't bind to a specific OS installation; it will boot any OS that has a recognizable signature. This even includes a Linux bootloader called "Shim".)




    Secure Boot can exist on systems even without a TPM, and similarly, TPMs can exist on systems without Secure Boot, or indeed without UEFI.



    Some manufacturers (e.g. HP) use the TPM memory to store Secure Boot settings, to exempt them from the usual "remove battery to clear firmware settings" trick. This still doesn't turn the TPM into anything other than a smartcard.




    I want to be able to swap out the Windows drive and use Linux, but I can't do that without messing with the current TPM configuration (as far as I understand).




    No, you can freely dual-boot with the TPM enabled. (As mentioned, the TPM is passive.) In fact you can even have Linux use the same TPM to seal its own keys for LUKS disk encryption.



    However, you may need to disable Secure Boot if it currently prevents Linux from booting.



    Changing Secure Boot settings will prevent Windows from accessing the BitLocker key, but won't clear it. You can re-enable Secure Boot later and regain access – or you can keep Secure Boot permanently disabled, and just have Windows store a new key in the TPM. (This happens automatically as soon as you input the BitLocker recovery key.)



    Make sure you actually have the recovery key before trying this.




    Does that clear the TPM?




    The official "T480 User Guide" is unclear about this, but I would guess that the TPM's contents remain intact, because the manual lists a separate "Clear TPM contents" option. If disabling the TPM cleared it, the two options would be redundant.




    That would render the Windows install unusable.




    No, that would only mean you'll need to input the BitLocker recovery key.



    Once you've unlocked the drive with the recovery key, BitLocker will also automatically create a new key and store it in the TPM again (if it is enabled), re-sealed against the new system state.



    If you don't have the recovery key, use manage-bde -protectors to obtain it before you start tinkering with TPM or Secure Boot settings. It can also be obtained through the control panel and sometimes even stored with your Microsoft account.






    share|improve this answer
















    As far as I understand, bitlocker places something like a policy on the TPM, which then locks the laptop. Even with the Windows drive physically disconnected, the bit of bitlocker that went on the TPM will stop any bootloader from running.




    No. Do not confuse BitLocker and Secure Boot. Do not be mistaken about what goes on the TPM.



    Specifically, the only bit of BitLocker that goes into the TPM is a decryption key for your disk's master key.





    • The TPM is, essentially, a place for secure tamper-proof storage – like a smartcard. It is passive and cannot affect the rest of the system by itself. It has its own firmware, but it doesn't store nor run any OS-provided code; it's mainly limited to cryptographic operations – e.g. the OS can ask the TPM to encrypt or decrypt data.



      As you already discovered, the TPM also has a feature to store data sealed with the current system state (e.g. the drive you booted from, the bootloader hash reported by UEFI, plus whatever OS/kernel hashes reported by the bootloader itself). A "policy" in this context is a set of conditions telling the TPM when it is allowed to release the stored data, if the OS asks for it.




    • BitLocker is Windows' system for disk encryption. It prevents someone from accessing your Windows drive without knowing the key, but it doesn't prevent the system itself from doing anything else, including booting any other OS from any other drive.



      BitLocker can use the TPM as a place to store its keys, which are sealed against the exact OS that you're running. If you try to boot from a different drive, or change the bootloader somehow, the TPM will refuse to release the keys and BitLocker will ask for the recovery password.



      But if you boot an OS that doesn't ask the TPM to unseal that data, well, nothing happens. The OS just boots as usual – the TPM does not actively try to prevent it.




    • Secure Boot is the UEFI lockdown system. It can actively prevent the system from booting "untrusted" bootloaders and operating systems, which generally means "not signed by Microsoft" although can be customized.



      (Note that Secure Boot in its default mode doesn't bind to a specific OS installation; it will boot any OS that has a recognizable signature. This even includes a Linux bootloader called "Shim".)




    Secure Boot can exist on systems even without a TPM, and similarly, TPMs can exist on systems without Secure Boot, or indeed without UEFI.



    Some manufacturers (e.g. HP) use the TPM memory to store Secure Boot settings, to exempt them from the usual "remove battery to clear firmware settings" trick. This still doesn't turn the TPM into anything other than a smartcard.




    I want to be able to swap out the Windows drive and use Linux, but I can't do that without messing with the current TPM configuration (as far as I understand).




    No, you can freely dual-boot with the TPM enabled. (As mentioned, the TPM is passive.) In fact you can even have Linux use the same TPM to seal its own keys for LUKS disk encryption.



    However, you may need to disable Secure Boot if it currently prevents Linux from booting.



    Changing Secure Boot settings will prevent Windows from accessing the BitLocker key, but won't clear it. You can re-enable Secure Boot later and regain access – or you can keep Secure Boot permanently disabled, and just have Windows store a new key in the TPM. (This happens automatically as soon as you input the BitLocker recovery key.)



    Make sure you actually have the recovery key before trying this.




    Does that clear the TPM?




    The official "T480 User Guide" is unclear about this, but I would guess that the TPM's contents remain intact, because the manual lists a separate "Clear TPM contents" option. If disabling the TPM cleared it, the two options would be redundant.




    That would render the Windows install unusable.




    No, that would only mean you'll need to input the BitLocker recovery key.



    Once you've unlocked the drive with the recovery key, BitLocker will also automatically create a new key and store it in the TPM again (if it is enabled), re-sealed against the new system state.



    If you don't have the recovery key, use manage-bde -protectors to obtain it before you start tinkering with TPM or Secure Boot settings. It can also be obtained through the control panel and sometimes even stored with your Microsoft account.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited yesterday

























    answered yesterday









    grawitygrawity

    236k37498553




    236k37498553













    • Thanks for the detailed answer. I used to think of the TPM like a smartcard, but the fact that I still get a bitlocker screen when I remove the first SSD made me think it might have a more active role. I should have said I'm currently trying to dual boot another copy of Windows 10; sorry. That one's a pretty fresh install and I never configured it to use bitlocker / TPM for anything. Could it nonetheless be that the reason I can't boot it is because it tries to access the TPM which then of course blocks access and the secondary Windows fails to boot even though it has no use for the TPM keys?

      – Philipp Doe
      yesterday











    • A fresh install may still use BitLocker by default; you don't know until you've looked at the status screen (e.g. manage-bde). Moreover, if it's a self-encrypting SSD (with OPAL feature) and if you had enabled bde with "Hardware encryption" on the disk previously, then the disk itself might be still carrying the BitLocker PBA from that previous installation.

      – grawity
      yesterday











    • I just plugged disk 2 into another computer, and the Windows partinion on it is Bitlocker encrypted. Wtf. My guess at this stage is that the settings on disk 1 are such that it encrypted disk 2 as soon as it saw it. For some reason, I can't boot disk 2 though.

      – Philipp Doe
      yesterday



















    • Thanks for the detailed answer. I used to think of the TPM like a smartcard, but the fact that I still get a bitlocker screen when I remove the first SSD made me think it might have a more active role. I should have said I'm currently trying to dual boot another copy of Windows 10; sorry. That one's a pretty fresh install and I never configured it to use bitlocker / TPM for anything. Could it nonetheless be that the reason I can't boot it is because it tries to access the TPM which then of course blocks access and the secondary Windows fails to boot even though it has no use for the TPM keys?

      – Philipp Doe
      yesterday











    • A fresh install may still use BitLocker by default; you don't know until you've looked at the status screen (e.g. manage-bde). Moreover, if it's a self-encrypting SSD (with OPAL feature) and if you had enabled bde with "Hardware encryption" on the disk previously, then the disk itself might be still carrying the BitLocker PBA from that previous installation.

      – grawity
      yesterday











    • I just plugged disk 2 into another computer, and the Windows partinion on it is Bitlocker encrypted. Wtf. My guess at this stage is that the settings on disk 1 are such that it encrypted disk 2 as soon as it saw it. For some reason, I can't boot disk 2 though.

      – Philipp Doe
      yesterday

















    Thanks for the detailed answer. I used to think of the TPM like a smartcard, but the fact that I still get a bitlocker screen when I remove the first SSD made me think it might have a more active role. I should have said I'm currently trying to dual boot another copy of Windows 10; sorry. That one's a pretty fresh install and I never configured it to use bitlocker / TPM for anything. Could it nonetheless be that the reason I can't boot it is because it tries to access the TPM which then of course blocks access and the secondary Windows fails to boot even though it has no use for the TPM keys?

    – Philipp Doe
    yesterday





    Thanks for the detailed answer. I used to think of the TPM like a smartcard, but the fact that I still get a bitlocker screen when I remove the first SSD made me think it might have a more active role. I should have said I'm currently trying to dual boot another copy of Windows 10; sorry. That one's a pretty fresh install and I never configured it to use bitlocker / TPM for anything. Could it nonetheless be that the reason I can't boot it is because it tries to access the TPM which then of course blocks access and the secondary Windows fails to boot even though it has no use for the TPM keys?

    – Philipp Doe
    yesterday













    A fresh install may still use BitLocker by default; you don't know until you've looked at the status screen (e.g. manage-bde). Moreover, if it's a self-encrypting SSD (with OPAL feature) and if you had enabled bde with "Hardware encryption" on the disk previously, then the disk itself might be still carrying the BitLocker PBA from that previous installation.

    – grawity
    yesterday





    A fresh install may still use BitLocker by default; you don't know until you've looked at the status screen (e.g. manage-bde). Moreover, if it's a self-encrypting SSD (with OPAL feature) and if you had enabled bde with "Hardware encryption" on the disk previously, then the disk itself might be still carrying the BitLocker PBA from that previous installation.

    – grawity
    yesterday













    I just plugged disk 2 into another computer, and the Windows partinion on it is Bitlocker encrypted. Wtf. My guess at this stage is that the settings on disk 1 are such that it encrypted disk 2 as soon as it saw it. For some reason, I can't boot disk 2 though.

    – Philipp Doe
    yesterday





    I just plugged disk 2 into another computer, and the Windows partinion on it is Bitlocker encrypted. Wtf. My guess at this stage is that the settings on disk 1 are such that it encrypted disk 2 as soon as it saw it. For some reason, I can't boot disk 2 though.

    – Philipp Doe
    yesterday













    2














    You can set Security Chip to Active/Inactive/Disabled (T440s). This does not clear anything. However the option Clear Security Chip obviously clears the encryption keys and also changing Security Chip Selection from Discrete TPM (TPM 1.2) to Intel PTT (TPM 2.0) will do so (popup opens "All encryption keys will be cleared in the security chip. Do you really want to continue? [Yes]/[No]").






    share|improve this answer








    New contributor




    Freddy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.

























      2














      You can set Security Chip to Active/Inactive/Disabled (T440s). This does not clear anything. However the option Clear Security Chip obviously clears the encryption keys and also changing Security Chip Selection from Discrete TPM (TPM 1.2) to Intel PTT (TPM 2.0) will do so (popup opens "All encryption keys will be cleared in the security chip. Do you really want to continue? [Yes]/[No]").






      share|improve this answer








      New contributor




      Freddy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.























        2












        2








        2







        You can set Security Chip to Active/Inactive/Disabled (T440s). This does not clear anything. However the option Clear Security Chip obviously clears the encryption keys and also changing Security Chip Selection from Discrete TPM (TPM 1.2) to Intel PTT (TPM 2.0) will do so (popup opens "All encryption keys will be cleared in the security chip. Do you really want to continue? [Yes]/[No]").






        share|improve this answer








        New contributor




        Freddy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.










        You can set Security Chip to Active/Inactive/Disabled (T440s). This does not clear anything. However the option Clear Security Chip obviously clears the encryption keys and also changing Security Chip Selection from Discrete TPM (TPM 1.2) to Intel PTT (TPM 2.0) will do so (popup opens "All encryption keys will be cleared in the security chip. Do you really want to continue? [Yes]/[No]").







        share|improve this answer








        New contributor




        Freddy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        share|improve this answer



        share|improve this answer






        New contributor




        Freddy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        answered yesterday









        FreddyFreddy

        1213




        1213




        New contributor




        Freddy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.





        New contributor





        Freddy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






        Freddy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






















            Philipp Doe is a new contributor. Be nice, and check out our Code of Conduct.










            draft saved

            draft discarded


















            Philipp Doe is a new contributor. Be nice, and check out our Code of Conduct.













            Philipp Doe is a new contributor. Be nice, and check out our Code of Conduct.












            Philipp Doe is a new contributor. Be nice, and check out our Code of Conduct.
















            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1398899%2fhow-does-deactivating-tpm-in-the-t480-uefi-settings-affect-bitlocker-is-the-tpm%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

            Alcedinidae

            Origin of the phrase “under your belt”?