2

I am looking into Bitlocker for my headless Microserver N54l with windows server 2016 on it. I saw that the n54l has no TPM module, but I can buy one and plug it to the board. I am interested in it solely for the purpose of using auto unlock.

In the TPM specs (Infineon) it clearly states that the TPM chip has to be physically fixed to the mainboard.

Doesn't it renders it's security features useless if it is on a seperate module which is plugged into the board ?

I am under the impression that with a tpm (and autounlock) one can only gain access if he has the windows account credentials or the encryption key ?

However i think that might not be true.

Btw I am not using a microsoft account on the server so my keys should not be uploaded to microsoft as far as I can tell.

What do you think ?

Viking
  • 21
  • 1

1 Answers1

-1

The purpose of TPM is to protect the encryption keys used to encrypt disks with BitLocker.

If you can remove a TPM, as-well-as the disks, then you may be handing the key over with the lock, though in the case of a micro server, I suspect you're more at risk of someone stealing the whole server.

It sounds from your post like you're not planning to implement BitLocker's PBA features, so it may be worth asking yourself which problem are you trying to solve by implementing BitLocker.

Qaos
  • 1
  • 2
  • I have important files on my server so I don't want anyone who isn't authorized to be able access those files. This includes if the attacker has physical posession of the server. – Viking Sep 12 '17 at 16:55
  • I hoped to be able to use the server as "normal" (like it wasn't encrypted) so no boot password or stuff like that would be needed. If the server gets stolen or the discs get stolen it is bad but not that bad cause i have a well protected backup (safe). The attacker only shouldn't be able to access those files. – Viking Sep 12 '17 at 17:02
  • BitLocker provides Disk level encryption. If you aren't using Pre-boot authentication then this is unlikely to do the job that you need. You're more likely to meet your needs by leveraging Multi Factor Authentication (like Azure MFA), and configuring domain policy to require this, and enabling MFA for sensitive applications. You could also use Azure Information Protection to control what can be done with data if it is leaked from your environment. – Qaos Sep 13 '17 at 21:25
  • 3
    @Viking: you want your server to be set up in such a way that the encryption is completely transparent. The server should decrypt the data without any user interaction. In that case, if someone steals the server, they *do* have access to the files. It's a simple matter of logic: if you want the encryption to be completely transparent without user interaction, then the server cannot know who the user is, and cannot distinguish between you and the thief. – Jörg W Mittag Nov 11 '17 at 07:08
  • This isn't necessarily true, if I understand your answer correctly. A TPM has a special key called the EK (Endorsement Key) which cannot be spoofed and is burnt into all genuine TPM devices. Removing it would not let you replace it with a malicious version. Additionally, a TPM takes measurements for more than just the hard drives, so putting it in a new computer would require an identical configuration. Plus you can seal it with your own key rather than knowing the "well known secret" null key. – forest Dec 11 '17 at 04:15