[KB7159] ESET Endpoint Encryption Trusted Platform Module FAQ

Solution

  1. What is a Trusted Platform Module?
    A Trusted Platform Module (TPM) is a form of hardware security that stores cryptographic information about the computer.

  2. What are the system requirements to use a TPM with ESET Endpoint Encryption (EEE) or ESET Full Disk Encryption (EFDE)?
    EEE and EFDE can utilize a TPM for Full Disk Encryption (FDE) in the following environments:

    • The operating system is Windows 10
    • The computer boots using UEFI BIOS
    • The TPM version is 2.0
    • EEE client version 4.8.17 or greater, managed by an EEE Server
    • EFDE version 1.0.46 or greater

  3. How can I tell if a client Workstation is supported?
    View the Workstation Details panel in the EEE Server and check the following:

    • Boot Mode shows UEFI
    • TPM Status states it is supported and can be used by EEE

  4. What do the different TPM FDE modes do?

Username and Password

Figure 1-1

PIN Code

    • This mode provides a single method of authentication—a numeric PIN. There is one PIN for all users of the computer.
    • If you only require a user to be able to start the computer, as long as they know the PIN, you can select Pin Code mode.
    • Anyone that knows the PIN will be able to start the computer. However, they will also have the ability to change the PIN.
Figure 1-2

No Extra Authentication

    • This mode starts the computer without any pre-boot interaction; all security is handled at the Windows login and requires the user to have a Windows Password.
    • If your only requirements are that the computer is encrypted, for example in case the hard drive is stolen or removed, you could use No Extra Authentication mode.
    • This mode moves the burden of security from the pre-boot loader phase to the Windows login. Ensure you have a strong password policy as well as a minimum level of Windows network security established.
Figure 1-3