Disk encryption advice...
Paul Wouters
paul at xelerance.com
Fri Oct 8 18:30:02 EDT 2010
On Fri, 8 Oct 2010, Perry E. Metzger wrote:
> I have a client with the following problem. They would like to
> encrypt all of their Windows workstation drives, but if they do that,
> the machines require manual intervention to enter a key on every
> reboot. Why is this a problem? Because installations and upgrades of
> many kinds of Windows software require multiple reboots, and they
> don't want to have to manually intervene on every machine in their
> buildings in order to push out software and patches.
>
> (The general threat model in question is reasonably sane -- they
> would like drives to be "harmless" when machines are disposed of or if
> they're stolen by ordinary thieves, but on the network and available
> for administration the rest of the time.)
>
> Does anyone have a reasonable solution for this?
Use a VM based solution where the Windows images are stored on a NAS
that uses disk encryption (and requires an admin when it would reboot), yet
the Windows based VM's would need no disk encryption supported whatsoever.
My laptop for instance is running Fedora with whole disk encryption, and I
run various Windows VM's that have their image stored on that encrypted disk.
Paul
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list