UEFI and full-disk-encryption

Discussion in 'Windows 64bit' started by feenberg, Jan 7, 2012.

  1. feenberg

    feenberg Guest

    I have tried many full-disk-encryption programs with a new EFI based
    motherboard, but none work correctly on the boot drive. The programs
    were from Compusec, Winmagic, Truecrypt and Symantec. They seem to
    work fine with our older BIOS based motherboards. I thought of using
    Bitlocker, and even bought Windows Ultimate, but the motherboard does
    not have a TPM chip, which seems to exclude encrypting the OS drive. I
    posted more at

    http://www.nber.org/sys-admin/uefi-efi-wde-fde-whole-disk-encryption.html

    There is a hint on the link to technet that Bitlocker can encrypt the
    OS partition, if it is separate from the boot partition. Can anyone
    suggest where I can find instructions to do that with the retail
    Windows package? My guess is that maybe all the packages would work if
    I could do that.

    Daniel Feenberg
     
    feenberg, Jan 7, 2012
    #1
    1. Advertisements

  2. feenberg

    Steve Foster Guest

    A default installation of Windows 7 on a fresh hard drive will always
    have a separate boot and OS partition.

    It's only if you override its creation of a 100MB boot partition that
    you wouldn't.
     
    Steve Foster, Jan 7, 2012
    #2
    1. Advertisements

  3. If you install Windows 7 on empty space, letting the installer partition
    and format the disk, it will create a 100MB boot partition and then
    install Windows 7 on a partition created in the remainder of the space.

    If you partition the disk and specify an installation partition this
    configuration is not created.
     
    Dominic Payer, Jan 7, 2012
    #3
  4. When I read up on this, I think Microsoft documentation seemed to be
    referring to the smaller partition that boots the PC as "system
    partition" and to the partition containing most of the operating
    system files as "boot partition", but I may have just confused myself.

    If you can use "GUID partition table" or an extended partition, then
    many separate partitions can be created easily and, as far as I could
    see /without/ trying encryption, straightforwardly mounted under
    folders on the Windows volume, replacing them. Would that work for
    you? Either one per user, or one for all, but with users only having
    access to go into their own folders.

    I think I read a preview white paper about GPT on Windows that was
    also pretty confusing - for each useable partition, Windows wanted to
    have one or more placeholder partitions, or something.

    I deleted my EFI software from hard disk and put an update downloaded
    copy on an SD card instead, which worked until I misplaced the SD
    card!
     
    Robert Carnegie, Jan 7, 2012
    #4
  5. feenberg

    feenberg Guest

    I have 2 drives - the 100MB boot partition was on the other drive
    and I didn't notice it yesterday. I found some instructions for
    turning on bitlocker without TPM at

    http://technet.microsoft.com/en-us/library/cc732774.aspx

    and did what it said. Then I went to right clicked on the c:\
    icon and selected bitlocker, continuing through the menus to
    encrypt the drive

    The 500 GB drive, which contains only the OS default install
    now claims only 6 GB free. The filling up of >450GB of space
    happened instantaneously but is certainly a problem for me.
    Is this an artifact of bitlocker? Did something go wrong?

    Daniel Feenberg
     
    feenberg, Jan 8, 2012
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.