Question:

So I want to use Bitlocker, don’t have a TPM and my bios doesn’t seem to ’see’ the usb drives in time.

Now I know I can still use bitlocker… by entering a 48 or so pin key but that’s a bit too long.
I could update my Bios but I have the latest version and when I rang Dell they didn’t think it would be updated.

There must be another answer, there are other programs out there but I have Vista, any idea for a work around?

Generic firmware for the Bios? Key stored on a CD?

It seems the USB requirement is pointless and restricting, after all the best key or password is one only in my head not on a USB drive.

Answer:

Hi, John. I’ve wondered the same thing.

First, this statement doesn’t make sense to me:

…my BIOS doesn’t seem to to ’see’ the usb drives in time.

BitLocker isn’t built into the BIOS, it’s part of the Windows Boot Manager. The Windows Boot Manager has the ability to read file systems, including your hard disks and USB flash drives. So, if your computer supports a USB drive while Windows is loaded, it should support it for startup with BitLocker. BTW, I’ll throw in a shameless plug for Chapter 30 of the Windows Vista Resource Kit, which covers the startup process, and Chapter 15, which covers BitLocker in detail.

As you’ve figured out, if your computer doesn’t have a TPM, you have two options for starting up with BitLocker:

• Inserting a USB key
• Entering a 48-character recovery key

If your computer does have a TPM, you have two additional options:

• Automatic startup with no user-supplied password
• Entering a PIN

If your computer doesn’t have a TPM, you can’t use a PIN to startup. Technically, BitLocker could support this–after all, it supports the 48-character recovery key. But it doesn’t, and if you want it to, you’re going to have to write your own boot manager. I wish it did support it, but I can only guess that the BitLocker team felt a PIN alone wouldn’t be sufficient security. I wish they had left that decision to the users, especially considering many people simply won’t use BitLocker without that option available.

John brings up a good point in his response:

Thanks for your excellent and speedy reply, I really appreciate it.

Anyway IIRC Vista actually came up with an error that mentioned a bios upgrade (after the ubs test had failed).

I have seen something very much like the following sentence in many places:
‘The system BIOS supports both reading and writing small files on a USB flash drive in the pre-operating system environment’

with the suggestion of contacting the manufacturer.

quote from:
http://www.windowsecurity.com/articles/Best-practice-guide-how-configure-BitLocker-Part1.html

Anyway you’ve given me encouragement to try it again, got an idea…

Damn, you’re right about the firmware requirement. I wrongly assumed that Windows Boot Loader interacted with the flash drive in the same way as the OS. However, according to the official requirements:

5. BitLocker Requirements for System Firmware Support of USB Flash Drive

This section lists the BitLocker requirements for system firmware support for reading and writing files from a USB mass storage class device.

BIOS 1j

The BIOS must successfully perform a read operation on a reference USB mass storage class device.

So you’re right, the BIOS has to support a specific operation that apparently isn’t completely common. I will say that my Dell D600, which I bought in 2003 I think, supports BitLocker.

Please do let me know if you get it figured out or come up with anything else. Good luck.