Bitlocker和安全启动(Rpi3 + TPM模块) [英] Bitlocker and Secure Boot (Rpi3 + TPM Modul)
问题描述
你好,
我的问题是Bitlocker和安全启动的验证。
当我测试下面列出的命令时,我没有得到SecureBoot的错误,但一条消息,操作成功,并为Bitlocker我没有收到消息。之前的ALl步骤成功。
Hello,
my problem is the verfication of Bitlocker and Secure Boot.
When i test the command listed below, i didnt get an error for SecureBoot, but a message, that the operation is successful, and for Bitlocker i didnt get an message. ALl steps before were successfully.
链接:https://docs.microsoft.com/en-us/windows/iot-core/secure-your-device/securebootandbitlocker#test-lockdown -packages
步骤8:
$
SecureBoot:尝试bcdedit / debug on,你会收到一个错误声明该值受安全启动策略保护。
BitLocker:要验证bitlocker加密是否已完成,请运行
sectask.exe -waitenableforcompletion 1
首先我认为我不推荐下面的oemcustomizaiton.cmd中的命令,但我做了。
REM - 如果您需要安全启动/位锁定器,请启用以下功能
REM启用Secureboot
如果存在c:\ IoTSec \setup.secureboot.cmd  (
致电c:\ IoTSec \setup.secureboot.cmd
)
REM启用Bitlocker如果存在,则为
c:\ IoTSec \setup.bitlocker.cmd (
致电c:\ IoTSec \setup.bitlocker.cmd
)
Link: https://docs.microsoft.com/en-us/windows/iot-core/secure-your-device/securebootandbitlocker#test-lockdown-packages
Step 8:
SecureBoot : try bcdedit /debug on , you will get an error stating that the value is protected by secure boot policy.
BitLocker : To validate that bitlocker encryption has been completed, run
sectask.exe -waitenableforcompletion 1
First I thought that i dont uncommend the command in oemcustomizaiton.cmd below, but i did.
REM - Enable the below if you need secure boot/bitlocker
REM Enable Secureboot
if exist c:\IoTSec\setup.secureboot.cmd (
call c:\IoTSec\setup.secureboot.cmd
)
REM Enable Bitlocker
if exist c:\IoTSec\setup.bitlocker.cmd (
call c:\IoTSec\setup.bitlocker.cmd
)
谢谢!
推荐答案
Hello John Phuong,
Hello John Phuong,
因为Raspberry Pi 3不支持TPM所以我在Dragonboard 410c上进行测试。这个对我有用。结果如下:
Because Raspberry Pi 3 do not support TPM so I test on Dragonboard 410c. It works for me. The following is the result:
要检查您是否成功应用了这些包,您可以执行以下操作:
To check if you applied the packages successfully you can do as follows:
- 检查使用 schtasks / query存在计划任务。查找是否存在"DeviceEncryption"任务在\ Microsoft / \\ Windows \ IoT文件夹中。
- 检查是否添加了注册表项。
< img alt =""src ="https://social.msdn.microsoft.com/Forums/getfile/1430512">
如果以上所有设置均有效,请不要忘记
步骤7 :
If all above settings are valid, don't forget step 7:
- 再次重启设备以激活Bitlocker加密。
然后再试一次,看看它是否有效。
After that try again to see if it works.
祝你好运,
Rita
这篇关于Bitlocker和安全启动(Rpi3 + TPM模块)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!