Solution
- What is a Trusted Platform Module?
A Trusted Platform Module (TPM) is a form of hardware security that stores cryptographic information about the computer. - What are the system requirements to use a TPM with ESET Endpoint Encryption (EEE) or ESET Full Disk Encryption (EFDE)?
EEE and EFDE can utilize a TPM for Full Disk Encryption (FDE) in the following environments:
- The operating system is Windows 10
- The computer boots using UEFI BIOS
- The TPM version is 2.0
- EEE client version 4.8.17 or greater, managed by an EEE Server
- EFDE version 1.0.46 or greater
- How can I tell if a client Workstation is supported?
View the Workstation Details panel in the EEE Server and check the following:
- Boot Mode shows UEFI
- TPM Status states it is supported and can be used by EEE
- What do the different TPM FDE modes do?
Username and Password
- This mode operates in the same way as before, only now it uses the TPM for storage of the encryption key.
- Use this mode if you require multiple, distinct pre-boot users, either with or without TPM.
- It is the only mode that supports Single Sign-On.
PIN Code
- This mode provides a single method of authentication—a numeric PIN. There is one PIN for all users of the computer.
- If you only require a user to be able to start the computer, as long as they know the PIN, you can select Pin Code mode.
- Anyone that knows the PIN will be able to start the computer. However, they will also have the ability to change the PIN.
No Extra Authentication
- This mode starts the computer without any pre-boot interaction; all security is handled at the Windows login and requires the user to have a Windows Password.
- If your only requirements are that the computer is encrypted, for example in case the hard drive is stolen or removed, you could use No Extra Authentication mode.
- This mode moves the burden of security from the pre-boot loader phase to the Windows login. Ensure you have a strong password policy as well as a minimum level of Windows network security established.
