To provide reliable security for UEFI BIOS, use the security chip and a security application with a Trusted Platform Module (TPM) management feature. Refer to “Setting the security chip” on page 52.

Note: The Microsoft Windows 8.1 operating system supports the TPM management feature.

If a Disk Encryption hard disk drive and Encryption solid-state drive is installed in your computer, be sure to protect the contents of your computer memory from unauthorized access by use of drive encryption software, such as Microsoft Windows BitLocker® Drive Encryption, which is supported in the Professional and Enterprise editions of the Windows 8.1 operating system. Refer to “Using Windows BitLocker Drive Encryption” on page 52.

Before you dispose of, sell, or hand over your computer, be sure to delete data stored on it. For more information, refer to “Notice on deleting data from your hard disk drive or solid-state drive” on page 53.

Note: The hard disk drive built into your computer can be protected by UEFI BIOS.

Using Windows BitLocker Drive Encryption

To help protect your computer against unauthorized access, be sure to use drive encryption software, such as Windows BitLocker Drive Encryption.

Windows BitLocker Drive Encryption is an integral security feature of the Windows 8.1 operating systems. It is supported in the Professional and Enterprise editions of the Windows 8.1 operating system. It can help you protect the operating system and data stored on your computer, even if your computer is lost or stolen. BitLocker works by encrypting all user and system files, including the swap and hibernation files.

BitLocker uses a Trusted Platform Module to provide enhanced protection for your data and to ensure early boot component integrity. A compatible TPM is defined as a V1.2 TPM.

To check the BitLocker status, go to Control Panel, and click System and Security BitLocker Drive Encryption.

For more information about Windows BitLocker Drive Encryption, see the help information system of the Windows operating system, or search for“Microsoft Windows BitLocker Drive Encryption Step-by-Step Guide” on the Microsoft Web site.

Disk Encryption hard disk drive and Encryption solid-state drive

Some models contain the Disk Encryption hard disk drive or Encryption solid-state drive. This feature helps to protect your computer against security attacks on media, NAND flash or device controllers by use of a hardware encryption chip. For the efficient use of the encryption feature, be sure to set a hard disk password for the internal storage device.

Setting the security chip

Strict security requirements are imposed on network client computers that transfer confidential information electronically. Depending on the options you ordered, your computer might have an embedded security chip, a cryptographic microprocessor. With the security chip and Client Security Solution, you can do the following:

Protect your data and system

Strengthen access controls

Secure communications

Setting the security chip

The choices offered on the Security Chip submenu under the Security menu of ThinkPad Setup are as follows:

Security Chip: Activate, inactivate, or disable the security chip.

52User Guide

Page 66
Image 66
Lenovo 20CD0033US manual Setting the security chip, Using Windows BitLocker Drive Encryption