Web lists-archives.com

Re: Possible for full-disk encryption to encrypt /boot as well?






On Sat, May 26, 2018 at 7:21 PM, David Christensen <dpchrist@xxxxxxxxxxxxxxxx> wrote:
On 05/25/18 11:55, Robert Dodier wrote:
I'm working with Debian 9. I gather that there is a full-disk
encryption option for the standard Debian installer, which, as I
understand it, does not include encrypting /boot. ...

On 05/25/18 17:33, Robert Dodier wrote:
> I am working for an organization which requires
> computers to be full disk encrypted.

Have you considered a self-encrypting drive (self-encrypting drive)?

https://en.wikipedia.org/wiki/Hardware-based_full_disk_encryption


This approach protects everything on the drive, including /boot.


Understand that your computer must have compatible firmware.

I'm 99.99% sure (like Dove soap sure) that Symantec full disk encryption doesn't work this way because I'm just as sure that none of the Dell models I've ever worked with have this hardware capability.