Longhorn Server Secure Startup Partition
Windows Server code named “Longhorn” Logo Program for Systems, Version 3.0
Version 3.0 Revision Draft 0.51 – 30th September, 2005
>>>
SYS-SEC-3 Systems implementing TPM support secure startup and full-volume encryption by reserving 350 MB for related utilities, outside the main OS partition
A system that implements a Trusted Platform Module (TPM), version 1.2 (or later), must provide a specific hard drive partition. To enable secure startup functionality, the hard disk layout must include at least 350 MB of reserved space inside a “utility partition,” outside the operating system partition, in an unencrypted and active Windows system partition, in which unencrypted boot utilities for full-volume encryption can exist.
This utility partition must be the active partition and must contain the boot manager and boot manager configuration (boot.ini or equivalent).
Design and Implementation Note
This utility partition is not for the exclusive use of the secure startup, full-volume encryption utilities; it may also contain platform manufacturer utilities.
If these utilities do not exist on the “utility partition,” then secure startup and full-volume encryption will not function. Additionally, these utilities enable data recovery if cryptographic keys are lost or disk or encryption corruption occurs.
<<<
Interesting.
Regards
SL
