Validation of the 'Master Boot Record (MBR) Code' Platform Configuration Register (aka PCR 4) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o5\PCR 4: Master Boot Record (MBR) Code (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\4 Worksheet: Bitlocker Policy Settings; Row: 52 Setting Index #867: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile http://technet.microsoft.com/en-us/library/ee706521(WS.10).aspx oval:org.secpod.oval:def:14636 Microsoft Security Compliance Management Toolkit for Windows 7, Windows 7 Security Baseline Settings.xlsm 2009-10-01 Microsoft Security Compliance Management Toolkit for Windows 7, Windows 7 Security Baseline.xml 2009-10-01 Microsoft TechNet and other Microsoft online documentation and resources Microsoft HTML SCAP Repo OVAL Definition 2013-08-13