Bitlocker instructions

docs/encryption.md

@@ -15,7 +15,7 @@ The options listed here are multi-platform and great for creating encrypted back
 
     **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication. VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
 
-    Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits) and Veracrypt has also been [audited seperately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+    Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits) and VeraCrypt has also been [audited seperately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
 
     !!! attention
         When encrypting with Veracrypt, the user has the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest users **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and should stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
@@ -36,7 +36,7 @@ The options listed here are multi-platform and great for creating encrypted back
     **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize [PGP's shortcomings](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html). GnuPG is a part of the Free Software Foundation's GNU software project, and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
 
     !!! tip
-        When generating keys we suggest using the [future-default](https://www.gnupg.org/documentation/manuals/gpgme/Generating-Keys.html) command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [ed25519](https://ed25519.cr.yp.to/).
+        When generating keys we suggest using the [`future-default`](https://www.gnupg.org/documentation/manuals/gpgme/Generating-Keys.html) command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [ed25519](https://ed25519.cr.yp.to/).
 
     !!! attention
         When encrypting with GnuPG, the user has the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest users **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and should stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
@@ -94,7 +94,42 @@ Modern operating systems include [disk encryption](https://en.wikipedia.org/wiki
 
     ![BitLocker logo](/assets/img/encryption-software/bitlocker.png){ align=right }
 
-    **BitLocker** is the default full volume encryption that comes with Microsoft Windows. The main reason we recommend it is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). [ElcomSoft](https://en.wikipedia.org/wiki/ElcomSoft), a forensics company, has written about it: [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+    **BitLocker** is the default full volume encryption that comes with Microsoft Windows. The main reason we recommend it is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). [ElcomSoft](https://en.wikipedia.org/wiki/ElcomSoft), a forensics company, has written about it in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
+
+    !!! note
+        BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise, and Education editions of Windows. It be enabled Home editions provided that it meets the prequesites.
+
+    !!! tip "Enabling BitLocker on Windows Home"
+        To enable BitLocker on "Home" editions of Windows, you must partitions formatted with formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated [TPM](https://en.wikipedia.org/wiki/Trusted_Platform_Module) (v1.2, 2.0+) module.
+
+        1. Open Windows [PowerShell](https://en.wikipedia.org/wiki/PowerShell). Start "PowerShell"
+
+        2. Check to see partition table format:
+           ```
+           powershell Get-Disk 0 | findstr GPT && echo This is a GPT system disk!
+           ```
+
+        3. Check TPM version. The value returned must be "3 True". The spec must be 1.2 or above.
+           ```
+           powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm | findstr "IsActivated IsEnabled IsOwned SpecVersion"
+           ```
+
+        4. Access Windows 10 "Advanced Startup Options". (Press "reboot" while holding shift button). *Troubleshoot > Advanced Options > Command Prompt*
+
+        5. Login with your account that has admin privileges and type this to start encryption:
+           ```
+           manage-bde -on c: -used
+           ```
+
+        6. Close the command prompt, and enter into PowerShell:
+        ```
+        manage-bde c: -protectors -add -rp -tpm
+        manage-bde -protectors -enable c:
+        manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
+        ```
+
+        !!! warning
+            Backup `BitLocker-Recovery-Key.txt` on a separate storage device.
 
     [Visit microsoft.com](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .md-button .md-button--primary }