Small Business Susan

When you don’t have a TPM chip

Built a computer for Dad that is a small ATX form factor.  Found out the motherboard didn’t support a TPM chip.  Rats.


So right now testing out Symantec full drive encryption (no true crypt here).  Sophos firm encryption is a consideration for someone wanted to roll out cross platform encryption.


I personally have not found encryption to nail the CPU or show any impact on the machine.  Granted it does just a little bit during the initial encryption, but after that I’m not seeing a hit.



5 comments ↓

  • #   António Eduardo Marques on 06.20.14 at 7:08 am     

    In any case, you CAN use Bitlocker w/o a TPM chip.
    One resource: http://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/

    Regards,
    António


  • #   Joe Raby on 06.20.14 at 12:46 pm     

    Here’s a tip for using Bitlocker without a TPM:

    Got a desktop or server motherboard with an unused front-panel USB header? Consider getting a USB header to Type A connector like this one:

    http://www.startech.com/Cables/USB-2.0/Internal-and-Panel-Mount/6-USB-A-Female-to-Motherboard-Header-Adapter~USBMBADAPT
    (Startech has all kinds, including USB 3.0 models, so take a good look around)

    ….and put your Bitlocker USB key on it, tape it on the inside of the chassis, and BOOM!: instant TPM alternative for Bitlocker, and nothing sticking out of the computer case. Done!


  • #   DaveN on 06.20.14 at 1:50 pm     

    Why not use BitLocker without the TPM?

    As a TrueCrypt replacement, I’m considering Cryptainer in addition to the Symantec one. I’ve got a user who wants to have separate encryption containers on his C drive, which is the purpose of Cryptainer but seems more like an afterthought with Symantec.


  • #   Chris on 06.20.14 at 10:22 pm     

    We’ve used Jetico BestCrypt Volume Encryption for many years with great success. It’s TPM aware and supports unattended reboot windows, and has been very stable.


  • #   Indy on 07.01.14 at 5:40 pm     

    Use your drive’s included encryption. Fastest setup, and unreadable out of its system.

    If you say that there are ways around it, I’ll agree, but they are so difficult as to be impractical. The same issue also lie in TPM.

    Bitlocker is trivial to get around.
    1. Hardware Keylog its eventual entry at the keyboard level.
    2. Man-in-the-middle the TPM chip (difficult but proven doable).
    3. Social engineer it.