Using Windows Embedded we create kiosks with proprietary software. Using Bitlocker, or something similar is a good way of encrypting a drive and the proprietary software. However in the case of Bitlocker it needs a TPM or USB key inserted at startup - neither are feasible at this time. Ideally we would like to encrypt a drive on the unit but give permission for certain software to run from it while keeping it encrypted. The goal would be to prevent unathorized access to the encrypted partition at runtime. Possible? ideas? Thanks.