In order to utilise the TPM in this mode, you must have reconfigured and taken ownership of the TPM in the Enterprise Server. Please follow the article below if you have not already done so:
KB442 - Starting Full Disk Encryption using a TPM (Trusted Platform Module)
- Once you have taken ownership of the TPM and selected Pin Code mode you will be presented with a dialog as shown below.
- Select whether you would like the user to choose their own Pin Code before encryption starts.
- Select whether you would like the user to confirm the Initial Pin Code before encryption starts.
- Select the number of reboots allowed before encryption automatically starts.
- Enter the Initial Pin Code.
- Select the target drives to be encrypted.
- Depending on the options chosen above, once the command is sent, the user will be required to either confirm the Initial Pin Code or enter a Pin Code of their choice. Please see below:
- The Workstation will then be required to go through safe start. The Workstation will reboot.
- The encryption process will then begin, indicated by the warning dialog and progress bar.
- The pre-boot environment in Pin Code mode will look similar to the image below:
- Enter your chosen Pin in order to boot the Workstation.
KB177 - What is DESlock+ Full Disk Encryption Safe Start
Keywords: Full Disk Encryption start initiate hard drive whole tpm transparent pin