[KB7159] ESET Endpoint Encryption Trusted Platform Module FAQ
Solution
What is a Trusted Platform Module? A Trusted Platform Module (TPM) is a form of hardware security that stores cryptographic information about the computer.
What are the system requirements to use a TPM with ESET Endpoint Encryption (EEE) or ESET Full Disk Encryption (EFDE)? EEE and EFDE can utilize a TPM for Full Disk Encryption (FDE) in the following environments:
The operating system is Windows 10
The computer boots using UEFI BIOS
The TPM version is 2.0
EEE client version 4.8.17 or greater, managed by an EEE Server
EFDE version 1.0.46 or greater
How can I tell if a client Workstation is supported? View the Workstation Details panel in the EEE Server and check the following:
Boot Mode shows UEFI
TPM Status states it is supported and can be used by EEE
This mode provides a single method of authentication—a numeric PIN. There is one PIN for all users of the computer.
If you only require a user to be able to start the computer, as long as they know the PIN, you can select Pin Code mode.
Anyone that knows the PIN will be able to start the computer. However, they will also have the ability to change the PIN.
Figure 1-2
No Extra Authentication
This mode starts the computer without any pre-boot interaction; all security is handled at the Windows login and requires the user to have a Windows Password.
If your only requirements are that the computer is encrypted, for example in case the hard drive is stolen or removed, you could use No Extra Authentication mode.
This mode moves the burden of security from the pre-boot loader phase to the Windows login. Ensure you have a strong password policy as well as a minimum level of Windows network security established.