2

I'd like to secure the hard discs of a new Windows 10 (Pro/Enterprise) PC with BitLocker full disc encryptuon using hardware tokens and PIN (real 2FA).

How can I set up a YubiKey so I can use it as SmartCard with BitLocker full disc encryption?
And I need to copy the certificate to a second YubiKey as backup, of course.

My goal is to make sure the hard drives can only be read and windows startet if you have one of the keys and the pin at hand.

Sam
  • 2,074
  • 9
  • 28
  • 37
  • What step in the [process](https://www.yubico.com/works-with-yubikey/catalog/secure-disk-for-bitlocker/) are you stuck on? Please [edit] your question and indicated precisely what step you need help with – Ramhound Mar 22 '21 at 20:22
  • I'd like to use the YubiKey as SmartCard with BitLocker Full Drive Encryption, not as second factor for user logon. – Sam Mar 26 '21 at 18:53
  • The page I linked to explains how to do that. It isn’t about 2FA authentication for Windows with Yubikey. – Ramhound Mar 26 '21 at 19:20
  • 1
    Uh, sorry, on the page I just found a short video explaining how to use a YubiKey on Logon - I had expected a page explaining how to create a certificate for use as a smart card? – Sam Mar 26 '21 at 20:46
  • https://m.youtube.com/watch?v=ZezuKFWR6rI&feature=youtu.be - The video from Yubikey indicates BitLocker, the page itself says BitLocker, but I must admit as I don’t have a Yubikey nor do I use BitLocker (but very very familiar with it) can I indeed confirm that those instructions are not labeled properly or improperly – Ramhound Mar 26 '21 at 20:54
  • I want to encrypt the full drive using (YubiKey as) a SmartCard. Windows will not even boot on such a system until the SmartCard is provided, since it can't read from the disc without decryption at all. The video you linked shows a Windows system booting even without the SmartCard. This is not the full disc encryption I'm looking for. – Sam Mar 26 '21 at 20:58
  • You know that’s currently possible with BitLocker and Yubikey? – Ramhound Mar 26 '21 at 21:44
  • Which YubiKey do you use? Not all YubiKey versions has the smartcard feature: https://www.yubico.com/authentication-standards/smart-card/ – Robert Apr 01 '21 at 14:29

0 Answers0