UEFI and full-disk-encryption

Discussion in 'Windows 64bit' started by feenberg, Jan 7, 2012.

  1. feenberg

    feenberg Guest

    I have tried many full-disk-encryption programs with a new EFI based
    motherboard, but none work correctly on the boot drive. The programs
    were from Compusec, Winmagic, Truecrypt and Symantec. They seem to
    work fine with our older BIOS based motherboards. I thought of using
    Bitlocker, and even bought Windows Ultimate, but the motherboard does
    not have a TPM chip, which seems to exclude encrypting the OS drive. I
    posted more at

    http://www.nber.org/sys-admin/uefi-efi-wde-fde-whole-disk-encryption.html

    There is a hint on the link to technet that Bitlocker can encrypt the
    OS partition, if it is separate from the boot partition. Can anyone
    suggest where I can find instructions to do that with the retail
    Windows package? My guess is that maybe all the packages would work if
    I could do that.

    Daniel Feenberg
    feenberg, Jan 7, 2012
    #1
    1. Advertising

  2. feenberg

    Steve Foster Guest

    feenberg wrote:

    > I have tried many full-disk-encryption programs with a new EFI based
    > motherboard, but none work correctly on the boot drive. The programs
    > were from Compusec, Winmagic, Truecrypt and Symantec. They seem to
    > work fine with our older BIOS based motherboards. I thought of using
    > Bitlocker, and even bought Windows Ultimate, but the motherboard does
    > not have a TPM chip, which seems to exclude encrypting the OS drive. I
    > posted more at
    >
    >
    >

    http://www.nber.org/sys-admin/uefi-efi-wde-fde-whole-disk-encryption.html
    >
    > There is a hint on the link to technet that Bitlocker can encrypt the
    > OS partition, if it is separate from the boot partition. Can anyone
    > suggest where I can find instructions to do that with the retail
    > Windows package? My guess is that maybe all the packages would work if
    > I could do that.


    A default installation of Windows 7 on a fresh hard drive will always
    have a separate boot and OS partition.

    It's only if you override its creation of a 100MB boot partition that
    you wouldn't.

    --
    Steve Foster
    For SSL Certificates, Domains, etc, visit.:
    https://netshop.virtual-isp.net
    Steve Foster, Jan 7, 2012
    #2
    1. Advertising

  3. If you install Windows 7 on empty space, letting the installer partition
    and format the disk, it will create a 100MB boot partition and then
    install Windows 7 on a partition created in the remainder of the space.

    If you partition the disk and specify an installation partition this
    configuration is not created.


    On 07/01/2012 01:30, feenberg wrote:
    >
    > There is a hint on the link to technet that Bitlocker can encrypt the
    > OS partition, if it is separate from the boot partition. Can anyone
    > suggest where I can find instructions to do that with the retail
    > Windows package? My guess is that maybe all the packages would work if
    > I could do that.
    >
    > Daniel Feenberg
    Dominic Payer, Jan 7, 2012
    #3
  4. On Jan 7, 11:04 am, "Steve Foster" <>
    wrote:
    > feenberg wrote:
    > > I have tried many full-disk-encryption programs with a new EFI based
    > > motherboard, but none work correctly on the boot drive. The programs
    > > were from Compusec, Winmagic, Truecrypt and Symantec. They seem to
    > > work fine with our older BIOS based motherboards. I thought of using
    > > Bitlocker, and even bought Windows Ultimate, but the motherboard does
    > > not have a TPM chip, which seems to exclude encrypting the OS drive. I
    > > posted more at

    >
    > http://www.nber.org/sys-admin/uefi-efi-wde-fde-whole-disk-encryption....
    >
    >
    >
    > > There is a hint on the link to technet that Bitlocker can encrypt the
    > > OS partition, if it is separate from the boot partition. Can anyone
    > > suggest where I can find instructions to do that with the retail
    > > Windows package? My guess is that maybe all the packages would work if
    > > I could do that.

    >
    > A default installation of Windows 7 on a fresh hard drive will always
    > have a separate boot and OS partition.
    >
    > It's only if you override its creation of a 100MB boot partition that
    > you wouldn't.


    When I read up on this, I think Microsoft documentation seemed to be
    referring to the smaller partition that boots the PC as "system
    partition" and to the partition containing most of the operating
    system files as "boot partition", but I may have just confused myself.

    If you can use "GUID partition table" or an extended partition, then
    many separate partitions can be created easily and, as far as I could
    see /without/ trying encryption, straightforwardly mounted under
    folders on the Windows volume, replacing them. Would that work for
    you? Either one per user, or one for all, but with users only having
    access to go into their own folders.

    I think I read a preview white paper about GPT on Windows that was
    also pretty confusing - for each useable partition, Windows wanted to
    have one or more placeholder partitions, or something.

    I deleted my EFI software from hard disk and put an update downloaded
    copy on an SD card instead, which worked until I misplaced the SD
    card!
    Robert Carnegie, Jan 7, 2012
    #4
  5. feenberg

    feenberg Guest

    On Jan 7, 6:04 am, "Steve Foster" <> wrote:
    > feenberg wrote:


    >
    > http://www.nber.org/sys-admin/uefi-efi-wde-fde-whole-disk-encryption....
    >
    >
    >
    > > There is a hint on the link to technet that Bitlocker can encrypt the
    > > OS partition, if it is separate from the boot partition. Can anyone
    > > suggest where I can find instructions to do that with the retail
    > > Windows package? My guess is that maybe all the packages would work if
    > > I could do that.

    >
    > A default installation of Windows 7 on a fresh hard drive will always
    > have a separate boot and OS partition.
    >
    > It's only if you override its creation of a 100MB boot partition that
    > you wouldn't.
    >

    I have 2 drives - the 100MB boot partition was on the other drive
    and I didn't notice it yesterday. I found some instructions for
    turning on bitlocker without TPM at

    http://technet.microsoft.com/en-us/library/cc732774.aspx

    and did what it said. Then I went to right clicked on the c:\
    icon and selected bitlocker, continuing through the menus to
    encrypt the drive

    The 500 GB drive, which contains only the OS default install
    now claims only 6 GB free. The filling up of >450GB of space
    happened instantaneously but is certainly a problem for me.
    Is this an artifact of bitlocker? Did something go wrong?

    Daniel Feenberg
    feenberg, Jan 8, 2012
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tim Weaver

    Full Disk Encryption - Anyone Tried These?

    Tim Weaver, Jun 13, 2004, in forum: Computer Security
    Replies:
    6
    Views:
    2,656
    Frode
    Jun 14, 2004
  2. Saqib Ali
    Replies:
    24
    Views:
    2,884
    sam.weiner1
    Dec 16, 2009
  3. Saqib Ali
    Replies:
    22
    Views:
    1,207
    Ertugrul Soeylemez
    Jan 5, 2007
  4. Saqib Ali

    Full Disk Encryption Survey

    Saqib Ali, Jul 9, 2007, in forum: Computer Security
    Replies:
    22
    Views:
    1,440
    Sebastian G.
    Sep 7, 2007
  5. Peter Huebner

    UEFI - a game of musical chairs: a cautionary tale.

    Peter Huebner, Dec 13, 2013, in forum: NZ Computing
    Replies:
    2
    Views:
    194
    Enkidu
    Dec 15, 2013
Loading...

Share This Page