Installing Vista and Activating TPM with Bitlocker
The Premium version of Vista comes with a new feature called Bitlocker. This encrypts the whole disk partition and offers protection from out of operating system data compromising. For extra security this technology can be enabled with something called TPM, or Trusted Platform Module, a chip on the motherboard that can securely store and generate encryption keys. Here is how I installed such a set up recently for a security minded client.
Since we are a Dell reseller, I purchased a new Dell OptiPlex 745 desktop which comes with a TPM chip.
TPM & OptiPlex 745
Now, the first issue - To activate BitLocker, the system needs to have it's disk partitions set up in a certain way which the Dell website simply did not offer. The disk needs to have a small unencrpyted boot partition and a large OS partition which will be encrypted.
Rather than worry about how the OS would be delivered, I ordered the PC without an OS and ordered a copy of Vista Ultimate OEM
Once the PC was unpacked and set up, the first task is to switch the TPM chip on in the system BIOS. This is a two stage process. Once you enter the BIOS, locate the "Security" tab and turn TPM on. There is another setting called "Activation" which must be enabled as well. Save the BIOS and reboot. You should get a warning that the BIOS TPM settings have been modified - this is OK, so select "Modify" and continue. Now, I recommend going back into the BIOS and double checking the TPM chip actually is on as the first time I did, for some reason it wasn't and you will get an error later.
Now reboot with the Vista disk in the DVD drive. Since my harddisk was empty, I was able to create the partitions in the way recommended by Microsoft. A good page to visit and recommended reading for the whole process is the Microsoft technet site article - Windows BitLocker Drive Encryption Step-by-Step Guide