19 September 2013
BitLocker is a great way to have peace of mind about your computer data security. At work, all of our machines are typically mandated to use BitLocker, and it seems like a majority of the Windows notebooks these days that are intended for business use come equipped with a TPM module, enabling the opportunity to use BitLocker.
At home, I tend to have a nice, fast hand-built workstation full of parts from NewEgg. Most recently, in early 2013, I built a zippy workstation using the Gigabyte GA-Z77X-UP5 TH motherboard model. It features the Intel LGA 1155 + Z77 architecture, dual thunderbolt ports, support for a number of nice operating systems, and it also has headers and BIOS support on the motherboard for a Trusted Platform Module (TPM) chip.
But it doesn’t come with a TPM module and there doesn’t seem to be a lot of documentation about how to obtain one in the retail market.
I found a few references on forums saying that Gigabyte users are relatively out of luck; others saying they got some traction in learning who builds out and sells TPM modules, but none that fit the slot.
Thankfully I came across a post by the blogger “TechBobbins” about Gigabyte Motherboard TPM Compatbility. In the post, the author has found out that the 19-pin TPM modules sold by ASUS are Infineon-branded TPM modules and compatible at the technical level with the socket on the Gigabyte motherboard.
Now the problem is: the PCB for the Infineon TPM actually extends the length of the connector, so if it has to fit into a socket like that on the Gigabyte motherboard, you’re out of luck. The author’s recommendation is to purchase dual USB extension cables and then use these to connect to the motherboard socket. Problem with this is the need to then securely mount or protect this module then from moving around, shorting out, etc., since it would be a loose component.
I couldn’t easily find USB extension cables except for the 9-pin variety, so I went for a more classic solution:
After this, I was able to get the TPM module enabled:
DELinto the BIOS
TPM SUPPORTmenu item from Disabled to Enable
Then setup BitLocker in Windows Pro:
BitLockerfrom the Start Menu
Easy enough. My data is now quite secure, though of course I need to keep my recovery key safe, plus assume that I trust that the manufacturer of the TPM doesn’t have the original private key handy for anyone to get to.
Jeff Wilcox is a Software Engineer at Microsoft in the Open Source Programs Office (OSPO), helping Microsoft engineers use, contribute to and release open source at scale.