[KB7200] Starting Full Disk Encryption using a Trusted Platform Module in ESET Endpoint Encryption

Solution

ESET Endpoint Encryption (EEE) Client and EEE Server are separate products from ESET Full Disk Encryption (EFDE)

The article below applies only to the EEE Client or EEE Server and not EFDE.

Visit What's new in ESET Full Disk Encryption to view EFDE content.

Trusted Platform Module Requirements
  • In order to start Full Disk Encryption (FDE) of a Workstation's hard drive utilizing the Trusted Platform Module (TPM), you will have to take ownership of the TPM.
  • Once you have taken ownership of the TPM, you can then proceed to FDE the hard drive and secure the Workstation with a Pin Code or Username and Password.
  • It is also possible to initiate 'No Extra Authentication,' which will provide no authentication in the pre-boot environment, allowing you to boot straight to the Windows login.
  • Please check the following TPM requirements articles: Trusted Platform Module (TPM) Support and TPM FAQ.

Full Disk Encryption Process

To use TPM:

  1. Log in to the ESET Endpoint Encryption (EEE) Server, select the Workstation you want to encrypt and click Full Disk Encryption.

Figure 1-1
Click the image to view larger in new window

You will now see the Compatibility Checks notification in the FDE wizard, which will inform you if there are any incompatibilities on the Workstation.

  1. To reconfigure the TPM by sending a command to the target Workstation, click Reconfigure TPM. If your TPM does not require reconfiguring, skip to Choosing the TPM Security Mode.

Figure 1-2

  1. Click Yes to continue the Reconfigure TPM process.

Figure 1-3

  1. Type in the administrator password and click OK.

Figure 1-4

  1. Once synchronization has occurred, click Restart from the target Workstation to clear the TPM. Depending on the Workstation's make, model, and current settings, you may need to restart twice in order to configure the TPM correctly.

Figure 1-5

Visit our article to manually synchronize the EEE Server and EEE client.

  1. When the restart takes place a notification will appear, press F12 on your keyboard to clear the TPM. This notification is created by the manufacturer and may look different on various Workstation makes and models. The image below is taken from a Microsoft Surface Pro 3.

Figure 1-6

When the TPM has been cleared, and the EEE Server and Client Workstation have been synced, you will be able to proceed with the FDE process.


Choosing the TPM Security Mode

  1. Select TPM Hardware and click Next.

Figure 2-1

  1. Select one of the following authentication modes and click Next.
  • Username and Password
  • Pin Code
  • No Extra Authentication

Figure 2-2