If you set this policy to include PCR0, you must suspend BitLocker before you apply firmware updates. Setting this policy may result in BitLocker recovery when the firmware is updated.
This prevents BitLocker from using Secure Boot for platform or Boot Configuration Data (BCD) integrity validation. Specifically, setting this policy with PCR7 omitted, will override the Allow Secure Boot for integrity validation Group Policy. BitLocker's sensitivity to platform modifications (malicious or authorized) is increased or decreased, depending on inclusion or exclusion (respectively) of the PCRs. Important Changing from the default platform validation profile affects the security and manageability of your device. To view the PCR7 binding status, run the Microsoft System Information (Msinfo32.exe) tool with administrative permissions. If BitLocker Group Policy Configure TPM platform validation profile for native UEFI firmware configurations is enabled and PCR7 is selected by policy, it may result in the BitLocker recovery key being required on some devices where PCR7 binding is not possible. Microsoft has listed a BitLocker problem as a known issue for the update, saying: 😟 Does anyone else have this problem? How to workaround this in real world with many thousand devices? Thanks in advance!- Dietmar Haimann February 15, 2021 Wow, the #Windows10 security update KB4535680 causes many BitLocker recovery.
0 kommentar(er)
