HP Slate 500 – TPM Chip and BitLocker
I tried to make a case for the Slate at work but the lack of Trusted Platform Module chip (TPM) unfortunately made it a deal breaker. I work in the aerospace industry and we have some strict policies for mobile computers and one of them being TPM with BitLocker encryption. The TPM chip gives additional security by forming a “Root of Trust” between the BIOS and the TPM chip. Basically the TPM chip has to be there to authenticate which prevents the drive from being access if removed from the device. The lack of TPM chip in the Slate would basically just encrypt the drive at a software level. If the drive was removed from the Slate it could be accessed by hacking the encryption.
BitLocker without TPM
You can enable BitLocker on a computer that does not have the TPM chip, it just is not as strong security as with the TPM chip. To do this on the Slate you will need to do a few things.
1. Upgrade OS from Professional to Ultimate or Enterprise. BitLocker is not available with the stock Slate OS Windows 7 Professional. This will require the upgrade anytime feature or a fresh install. In my test I decided to try a fresh install of Windows 7 Enterprise edition (90 day Eval).
2. Because the Slate does not have the TPM chip you will need to go into group policy and allow BitLocker without TPM.
Enter gpedit.msc in the search box or run command (must be run as a local administrator). Under Local Computer Policy browse to Computer Configuration | Administrative Templates | Windows Components | BitLocker Drive Encryption | Operating System Drives. On the right screen double click on Require additional authentication at startup. You must first Enable it and then select the Allow BitLocker without a compatible TPM check box.
3. Then you can turn on and enable BitLocker. It took about 3 hours for it to install/encrypt the 64GB SSD.
Please note that you will have to create a USB BitLocker startup key and a Recovery key on another USB. The Startup key is required in the Slate when you restart the computer or you will be required to enter the 48 digit code every time you restart. Also note that the onscreen keyboard is not available in the BitLocker boot up routine, so you would have to have a external keyboard connected.
I ran this for about a week without any system problems. The only problem that I ran into is I forgot to bring my USB Startup key (only once), which rendered the computer a brick for that one day. After that I did put the recovery key on my phone which I do take everywhere in case I forget the USB Startup key.
I hope that the next generation Slate will have a more powerful CPU with the TPM Chip.