BitLocker Volumes

Partitioning a computer’s hard drive to create the necessary volumes for BitLocker can be complicated. Because few computers purchased without BitLocker preinstalled will have the necessary separate system volume already created, users must repartition their computer hard drive before configuring BitLocker. Typically a computer’s hard drive is partitioned with one large volume, with a second smaller volume that contains some OEM-installed maintenance files. In this example, the OS volume is the only usable volume, which is labeled as the C: drive. In computers without BitLocker, this is the active volume: the computer boots from this volume.

Before BitLocker can be configured, the drive must be repartitioned to create a second system volume of at least 50MB. The OS volume will still contain the OS files, including the page and the hibernation file. This volume can be encrypted by BitLocker.

The files initially used to boot the OS with BitLocker are moved to the new System volume, which is then marked as the active volume. The system volume, with the boot files, cannot be encrypted by BitLocker or by the Encrypting File System (EFS). However, computers with a Trusted Platform Module (TPM) will be able to determine whether this volume has been tampered with.