Bitlocker Boot Screen configuration

Posted: 03-14-2007, 12:05 PM
Is it possible to customize the screen that appears when bitlocker is unable
to load the
key from a USB device?(e.g. "Insert...") Or is this part of WINLOAD.EXE?

Thanks
Christian Schindler


Bitlocker Boot Screen configuration


Responses to "Bitlocker Boot Screen configuration"

Jesper
Guest
Posts: n/a
 
RE: Bitlocker Boot Screen configuration
Posted: 03-14-2007, 06:22 PM
> Is it possible to customize the screen that appears when bitlocker is unable
> to load the
> key from a USB device?(e.g. "Insert...") Or is this part of WINLOAD.EXE?
No. There is no customization possible of that workflow at all.
Christian Schindler
Guest
Posts: n/a
 
Re: Bitlocker Boot Screen configuration
Posted: 03-14-2007, 07:40 PM
Thanks!

"Jesper" <Jesper@discussions.microsoft.com> wrote in message
news:46B6DC58-F218-4763-87A8-9B9AA30CA416@microsoft.com...
>> Is it possible to customize the screen that appears when bitlocker is
>> unable
>> to load the
>> key from a USB device?(e.g. "Insert...") Or is this part of WINLOAD.EXE?
>
> No. There is no customization possible of that workflow at all.
Antoine Leca
Guest
Posts: n/a
 
Re: Bitlocker Boot Screen configuration
Posted: 03-16-2007, 01:04 PM
Jesper wrote in response to Christian Schindler:
>> Is it possible to customize the screen that appears when bitlocker
>> is unable to load the key from a USB device?(e.g. "Insert...")
>> Or is this part of WINLOAD.EXE?
At any rate, it would be part of BOOTMGR, not WinLoad. WinLoad in inside the
encrypted partition, so it should be decrypted first...
> No. There is no customization possible of that workflow at all.
I do not know if that is what you meant, but there is already some grade of
customization, that is to be language independant. A quick look at
Bootmgr.exe.mui of any language pack shows there is a .xsl resource (of type
23), which has the translated versions of those messages. Apparently, the
template Christian is refering is named "fve-bad-external-key-file".

What I do not know is how much of it is "user-customizable".
At first sight I did not notice any specific certificate inside those .mui
or elsewhere in the language pack (which seemed to me strange or at least
unexpected); so perhaps they are checksumed within Bootmgr.exe, for example
with the SHA1 hashes for all the .mui stored inside the main .EXE
(obviously, no customization; but no flexibility for MS either.)

Another possibility is that the loaded .mui is "trusted" or "measured" in
the same way as the other files used in the boot (I mean, much like BCD
should be measured; in terms fo the reference article
http://blogs.msdn.com/si_team/archiv...-Security.aspx,
we are at "OS Boot" times.)
In that case, I guess there is a good grade of possible customization of the
resource, in as much as after any modification, the new measure should be
registered for unlocking the BitLocker partition (no difference here with
the case where the user is changing e.g. her multiboot configuration: after
any alteration of the core boot files, she must "validate" the changes
against BitLocker, giving the recovery password and resactivating.)

Another possibility that I do not give much credit, but is still possible
(particularly from the examination of the messages inside the said
resource), is that the .xsl resource is not considered as determinant with
regard to the secured boot process, so any modification would be accepted
without even sinaling. Of course in such a case there is quite a wide grade
of possible customization.


But I did not actually test my ideas, so treat with a large dosis of salt.


Antoine

 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
Boot Configuration HELP MehradSys Windows Vista Administration 2 10-21-2007 10:45 PM
Bitlocker requests recovery key every boot jbot812001 Windows Vista Security 4 02-27-2007 02:26 AM
BitLocker Post OS-Install - Boot & Partition Considerations Banquo Windows Vista Security 7 02-01-2007 06:48 AM
BOOT CONFIGURATION Mahendra raj, Coimbatore Windows XP Configuration & Management 0 03-04-2006 03:28 PM
Remote boot server configuration Andy Pont Windows XP Embedded 5 07-10-2003 02:45 AM