[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possible for full-disk encryption to encrypt /boot as well?

On 2018-05-26, Robert Dodier <robert.dodier@gmail.com> wrote:
> On Sat, May 26, 2018 at 1:16 AM, Pascal Hambourg <pascal@plouf.fr.eu.org> wrote:
>
>> I don't know how Symantec's "full" disk encryption works, but AFAIK a boot
>> disk cannot be fully encrypted,
>
> Yes, this is an important question -- what, exactly, is provided by
> Symantec here, so that I can look for something to do the same for
> Linux. But not surprisingly I haven't been able to find a careful
> description -- so far all I have found is some marketing material. I
> will keep looking.

They seem to be saying the boot loader is decrypted prior to the point
at which it begins execution (a "pre-boot environment" is installed that
prompts the user for pass phrase, etc.)

 https://www.symantec.com/content/en/us/enterprise/white_papers/b-pgp_how_wholedisk_encryption_works_WP_21158817.en-us.pdf
> best,
> Robert Dodier
>
>


--
Reply to: