Encrypt a system disk on a Windows trusted instance using the BitLocker TPM key protector - Elastic Compute Service

BitLocker is a security feature from Microsoft that works with a Trusted Platform Module (TPM) to encrypt the entire system disk. This process ensures that the system decrypts and boots only in a trusted environment.

How it works

Key hierarchy: Data security is ensured through a three-layer key hierarchy. The plaintext keys are loaded into memory only when they are in use.
- Full Volume Encryption Key (FVEK): The key used to directly encrypt and decrypt system disk data. It uses the AES-256 standard for at-rest encryption.
- Volume Master Key (VMK): The key used to encrypt and decrypt the FVEK.
- Sealing Key: A key inside the TPM that is used to encrypt and decrypt the VMK.
Trusted binding: The Sealing Key is bound to the measurement values in the Platform Configuration Registers (PCRs).
PCRs record the hash values of critical components, such as UEFI firmware and bootloaders, during the Elastic Compute Service (ECS) instance startup process. For more information, see View the trusted status of an instance.
Decryption process:
When the instance starts, the TPM recalculates the PCR values and compares them with the stored baseline measurements.
- If the values match, this proves a trusted environment. The TPM provides the Sealing Key to decrypt the VMK. The VMK then decrypts the FVEK. Finally, the system disk is decrypted, and the operating system starts normally.
- If the values do not match, the TPM denies the Sealing Key, and the system boot is interrupted. You must manually enter the recovery password for the system to start.
  The recovery password is generated when you configure BitLocker. It lets you recover access to your data in an emergency.

Usage notes

Instance family: Only ecs.g9i, ecs.c9i, ecs.r9i, ecs.hfg9i, ecs.hfc9i, and ecs.hfr9i are supported.
Image: Only Windows Server images that use the UEFI boot mode are supported.

Procedure

This procedure uses Windows Server 2022 as an example.

Step 1: Create a Windows trusted instance

You cannot create a trusted instance in the console. You must use the command-line interface (CLI) or an API operation to create the instance.

If you have an instance that meets the instance family and image requirements, you can directly install the BitLocker feature.

CLI

The following are example configurations. Replace the values as needed.

aliyun ecs RunInstances \
  --region ap-southeast-1 \
  --RegionId 'ap-southeast-1' \
  --ImageId 'win2022_21H2_x64_dtc_en-us_40G_uefi_alibase_20250911.vhd' \
  --InstanceType 'ecs.c9i.large' \
  --SecurityOptions.TrustedSystemMode vTPM \
  --SecurityGroupId 'sg-[SecurityGroupId]' \
  --VSwitchId 'vsw-[VSwitchID]' \
  --SystemDisk.Category cloud_essd \
  --SystemDisk.Size 40 \
  --DataDisk.1.Category cloud_essd \
  --DataDisk.1.Device /dev/xvdb \
  --DataDisk.1.Size 40 \
  --Password '[YOUR_PASSWORD]'

API

Call the RunInstances API operation to create a trusted instance.

Step 2: Install the BitLocker feature

Log on to the ECS instance.
1. Go to ECS console - Instance. In the top navigation bar, select the target region and resource group.
2. Go to the instance details page. Click Connect and select Workbench. Set the connection method to Terminal. Enter the username and password to log on to the graphical terminal.
Install the BitLocker feature.
1. Press Win+R, enter PowerShell, and press Enter. In the PowerShell interface, install the BitLocker feature.
```
Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools
```
  If Success in the output is True, the command was executed successfully.
2. Restart the instance to complete the installation.
  1. In the upper-right corner of the instance details page, click Restart.
  2. In the dialog box that appears, click Confirm to restart the instance immediately.
Verify the installation.
On the ECS instance, go to Control Panel > System and Security. If BitLocker Drive Encryption is displayed, the installation is successful.

Step 3: Enable BitLocker to encrypt the system disk

Create a new folder on the data disk.
The recovery password cannot be stored on the system disk. You must first create a folder on a data disk to save the recovery password file.
Go to Control Panel > System and Security > BitLocker Drive Encryption. Under Operating System Drive, click Turn on BitLocker. Follow the on-screen instructions and click Next.
Save the recovery key.
In the How do you want to back up your recovery key? dialog box, select Save to a file. Save the file to the folder that you created on the data disk, and then click Next.
Important
The recovery password is the last line of defense for your data. You must download this file and save it to a local device. If the password is lost and TPM authentication fails, the data on the system disk might be permanently unrecoverable.
For Choose how much of your drive to encrypt, select an option and click Next.
- Encrypt used disk space only: This option is suitable for new system disks and is faster.
- Encrypt entire drive: This option is suitable for system disks that are already in use and is slower.
Set the encryption mode to New encryption mode, and then click Next.
In the Are you ready to encrypt this drive? dialog box, click Continue.

Step 4: Verify the encryption status

Open PowerShell and check the encryption status of the system disk.

manage-bde.exe -status C:

BitLocker Drive Encryption: Configuration Tool version 10.0.20348
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Volume c: []
[Os Volume]

     Size:                 39.38 GB
     BitLocker Version:    2.0
     Conversion Status:    Used Space Only Encrypted
     Percentage Encrypted: 100%
     Encryption Method:    XTS-AES 128
     Protection Status:    Protection On
     Lock Status:          Unlocked
     Identification Field: Unknown
     Key Protectors:
         TPM
         Numerical Password

In the example output, Protection Status is Protection On and Percentage Encrypted is 100%. This indicates that the encryption is complete.

View the recovery password.

manage-bde -protectors -get C:

BitLocker Drive Encryption: Configuration Tool version 10.0.20348
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Volume c: []
All Key Protectors

   TPM:
     ID: {08666E3D-6E4E-497A-B07B-1C68A33xxxxx}
     PCR Validation Profile:
       0, 2, 4, 11

   Numerical Password:
     ID: {D21A5371-8896-404C-BF77-BA37B93xxxxx}
     Password:
       049577-628485-629002-576851-260304-251900-218823-xxxxx

The output includes both TPM and Numerical Password as key protectors. This indicates that the system disk is automatically protected by the TPM and has a recovery password as a backup unlock method. The 48-digit password under Numerical Password is the recovery password.

FAQ

What do I do if the instance ask for the recovery password after a restart?
- Possible causes:
  - Operating system updates, driver updates, or changes to boot settings have caused the system integrity measurement values (PCR values) to change.
  - A custom image was created from an encrypted system disk and then used to create a new instance. The TPM of the new instance is different from the original one and cannot decrypt the disk.
- Solution:
  - Connect to the instance using the VNC connection feature in the ECS console as soon as possible.
  - On the BitLocker recovery screen, manually enter the saved 48-digit recovery password.
    Important
    If you did not configure a recovery password or if it is lost, the data on the system disk might be permanently unrecoverable. Therefore, you must configure and securely store the recovery password.
How do I use BitLocker to encrypt a data disk?
You can encrypt a data disk using other BitLocker protectors, such as a password, a smart card, or automatic unlock. For more information, see the Microsoft BitLocker planning guide.

References

For more information about BitLocker, see the Microsoft BitLocker overview.
For more information about trusted capabilities, see Overview.