Hello again,
It's good that you pursued Wikipedia for information about Bitlocker.
Let me answer (or atleast try to answer) your questions.
I searched the web and found that Bitlocker first performs Operation System Integrity check and sees that whether booting is being done from the same partition as earlier......What does this mean ????
Let me tell you first that many PCs contain a
TPM chip or
TPM Security device (as wikipedia calls it) which stores the key used for disk encryption by BitLocker (in Windows Vista). When users logs in to his Vista account, Vista checks whether early boot files appear to be unmodified (this is to ensure the integrity of the trusted boot path (e.g. BIOS, boot sector, etc.), in order to prevent most offline physical attacks, boot sector malware, etc.). If all files (in consideration) appear to be unmodified then OS code releases key from TPM chip.
Now as wikipedia says:
In order for BitLocker to operate, the hard disk requires at least two NTFS-formatted volumes: one for the operating system (usually C:) and another with a minimum size of 1.5GB where the operating system boots from. BitLocker requires the boot volume to remain unencrypted, so it should not be used to store confidential information.
So the answer your question regarding "booting is done from same partition" is that it checks for the boot partition for any of offline physical attacks, boot sector malware etc and if everything is in order then OS proceeds with other processes associated with TPM.
But confusion is that its being said that If our PC is stolen or lost then no one can see any of the files that we have stored on the hard dive ......
How is this possible ???
As wikipedia says-"User authentication mode: This mode requires that the user provide some authentication to the pre-boot environment in order to be able to boot the OS. Two authentication modes are supported: a pre-boot PIN entered by the user, or a USB key."
Just remember that if a complete logical drive is encrypted, then even if PC is stolen or lost, no one can access contents of that logical drive as the new owner of PC does not have this PIN or USB key. And as in (almost) any encryption scheme, if one knows the key, he/she can decrypt the data. You yourself answered this question:
Also if the encryption key was on a flash drive pen drive....and if the thie has not stolen that flash drive...then it is understandable that the thief will not be able to start the PC ........because obviously the thief does not possess the encryption keys....
Hope this is clear....
But its written in the forums that all the data will be in encrypted form and thief would not be able to read any files .....
I mean how come is that ???
If the thief doesnot have PIN or USB key, he will not be able to access any of your files (if bitlocker is enabled in Vista) even if he loads some other OS (e.g. Linux) as the complete logical volume is encrypted.
Prior to Vista, none of Windows OS had Bitlocker scheme inbuilt into them. And so, even if thief didnt had the logon password (e.g. for XP) he could load non-Windows OS (e.g. Linux) and easily access the files on PC. An OS live CD was all that was needed to access data on a Windows PC (one need not required the logon password), but after launch of Vista's Bitlocker scheme one requires a PIN or USB key to unlock all data (@Experts-I am not talking about exceptions here). That's it........
So if you are using BitLocker then all you need is to secure your USB key or PIN in order to protect your data.
I expect that I could properly explain it all.......
If you are still confused, post back your questions........
P.S.-Here's a QUOTE from wikipedia which corrects a misinterpreted concept:
In computing, Trusted Platform Module (TPM) is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security Device" (as designated in certain Dell BIOS settings[1]). Calling TPM a "chip" however is a bit of a misnomer since it's a specification for the software written to firmware on chips as opposed to a physical object on a circuit board.
HOPE THIS HELPS.................
AmbrNewlearner