• To provide reliable security for UEFI BIOS, use the security chip and a security application with a Trusted
Platform Module (TPM) management feature. Refer to “Setting the security chip” on page 52.
Note: The Microsoft Windows 8.1 operating system supports the TPM management feature.
• If a Disk Encryption hard disk drive and Encryption solid-state drive is installed in your computer, be sure
to protect the contents of your computer memory from unauthorized access by use of drive encryption
software, such as Microsoft Windows BitLocker
®
Drive Encryption, which is supported in the Professional
and Enterprise editions of the Windows 8.1 operating system. Refer to “Using Windows BitLocker Drive
Encryption” on page 52
.
• Before you dispose of, sell, or hand over your computer, be sure to delete data stored on it. For more
information, refer to “Notice on deleting data from your hard disk drive or solid-state drive” on page 53.
Note: The hard disk drive built into your computer can be protected by UEFI BIOS.
Using Windows BitLocker Drive Encryption
To help protect your computer against unauthorized access, be sure to use drive encryption software, such
as Windows BitLocker Drive Encryption.
Windows BitLocker Drive Encryption is an integral security feature of the Windows 8.1 operating systems. It
is supported in the Professional and Enterprise editions of the Windows 8.1 operating system. It can help
you protect the operating system and data stored on your computer, even if your computer is lost or stolen.
BitLocker works by encrypting all user and system les, including the swap and hibernation les.
BitLocker uses a Trusted Platform Module to provide enhanced protection for your data and to ensure early
boot component integrity. A compatible TPM is dened as a V1.2 TPM.
To check the BitLocker status, go to Control Panel, and click System and Security ➙ BitLocker Drive
Encryption.
For more information about Windows BitLocker Drive Encryption, see the help information system of the
Windows operating system, or search for“Microsoft Windows BitLocker Drive Encryption Step-by-Step
Guide” on the Microsoft Web site.
Disk Encryption hard disk drive and Encryption solid-state drive
Some models contain the Disk Encryption hard disk drive or Encryption solid-state drive. This feature
helps to protect your computer against security attacks on media, NAND ash or device controllers by use
of a hardware encryption chip. For the efcient use of the encryption feature, be sure to set a hard disk
password for the internal storage device.
Setting the security chip
Strict security requirements are imposed on network client computers that transfer condential information
electronically. Depending on the options you ordered, your computer might have an embedded security chip,
a cryptographic microprocessor. With the security chip and Client Security Solution, you can do the following:
• Protect your data and system
• Strengthen access controls
• Secure communications
Setting the security chip
The choices offered on the Security Chip submenu under the Security menu of ThinkPad Setup are as
follows:
• Security Chip: Activate, inactivate, or disable the security chip.
52 User Guide