Solution

1. What is a Trusted Platform Module?
   A Trusted Platform Module (TPM) is a form of hardware security that stores cryptographic information about the computer.
   
   
2. What are the system requirements to use a TPM with ESET Endpoint Encryption (EEE) or ESET Full Disk Encryption (EFDE)?
   EEE and EFDE can utilize a TPM for Full Disk Encryption (FDE) in the following environments:
   
   
   • The operating system is Windows 10
   • The computer boots using UEFI BIOS
   • The TPM version is 2.0
   • EEE client version 4.8.17 or greater, managed by an EEE Server
   • EFDE version 1.0.46 or greater
     
     
3. How can I tell if a client Workstation is supported?
   View the Workstation Details panel in the EEE Server and check the following:
   
   
   • Boot Mode shows UEFI
   • TPM Status states it is supported and can be used by EEE
     
     
4. What do the different TPM FDE modes do?

Username and Password

• • This mode operates in the same way as before, only now it uses the TPM for storage of the encryption key.
  • Use this mode if you require multiple, distinct pre-boot users, either with or without TPM.
  • It is the only mode that supports Single Sign-On.

PIN Code

• • This mode provides a single method of authentication—a numeric PIN. There is one PIN for all users of the computer.
  • If you only require a user to be able to start the computer, as long as they know the PIN, you can select Pin Code mode.
  • Anyone that knows the PIN will be able to start the computer. However, they will also have the ability to change the PIN.

No Extra Authentication

• • This mode starts the computer without any pre-boot interaction; all security is handled at the Windows login and requires the user to have a Windows Password.
  • If your only requirements are that the computer is encrypted, for example in case the hard drive is stolen or removed, you could use No Extra Authentication mode.
  • This mode moves the burden of security from the pre-boot loader phase to the Windows login. Ensure you have a strong password policy as well as a minimum level of Windows network security established.