From eeadf80b620ddd89396e3a4952fcc63560a1f11a Mon Sep 17 00:00:00 2001 From: Tommy Date: Mon, 20 Nov 2023 15:46:33 -0700 Subject: [PATCH] Add PCR 6 Signed-off-by: Tommy --- .../Windows Components/Bitlocker Drive Encryption.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Group Policies/Computer Configuration/Windows Components/Bitlocker Drive Encryption.md b/Group Policies/Computer Configuration/Windows Components/Bitlocker Drive Encryption.md index a0e83ce..98b03f2 100644 --- a/Group Policies/Computer Configuration/Windows Components/Bitlocker Drive Encryption.md +++ b/Group Policies/Computer Configuration/Windows Components/Bitlocker Drive Encryption.md @@ -10,4 +10,4 @@ Choose drive encryption method and cipher strength (Windows 10 [Version 1511] an - Require additional authentication at startup -> Enabled -> Do not allow TPM, Allow startup PIN with TPM, Do not allow startup key with TPM, Allow startup key and PIN with TPM. (**This is especially important as we do not want the TPM to automatically release the encryption key at boot.**) - Allow enhanced PINs for startup -> Enabled. -- Configure TPM platform validation profile for native UEFI firmware configurations -> Enabled -> PCR 0,1,2,3,3,4,5,7,11 \ No newline at end of file +- Configure TPM platform validation profile for native UEFI firmware configurations -> Enabled -> PCR 0,1,2,3,3,4,5,6,7,11 \ No newline at end of file