On Sun, Aug 22, 2010 at 9:46 AM, Edward Ned Harvey <lop...@nedharvey.com> wrote: >> From: tech-boun...@lopsa.org [mailto:tech-boun...@lopsa.org] On Behalf >> Of Edward Ned Harvey >> >> Presently, I have Mac and Windows laptop users. The mac users use >> encrypted sparsebundles, and the windows users use TrueCrypt for >> encryption. There are a lot of reasons whole disk encryption would be >> desirable - mostly in terms of backups. > > Ah, yeah. Acronis True Image (and whole-disk backup software in general) > don't work with whole-disk encryption in general. There are some exceptions > ... Some Casper product explicitly created to work with PGP for example... > > I wonder if there's a hardware solution, that would make the encrypted disk > transparent to the OS, and hence, all the backup tools and other tools you > might use in the OS would remain functional...
Acronis and other disk imaging tools should have no problem with FDE. The FDE drivers work at a layer below the OS and filesystem, and almost all imagers on Windows rely on Volume Shadow Copy to get a consistent state of the filesystem. FDE drivers are below VSS, so there's no problem. I have made images many times using the built-in Complete PC Backup, and restored them with no problem. The only issue is that the image you make is not encrypted, so that media is vulnerable, as well as when you restore the image you need to re-encrypt the disk. Windows is not Linux where an image is created using a 'dd' type of thing at the raw device level. As for BitLocker, I haven't used it but in my explorations I found that it's a pain unless you have a TPM chip in the system. _______________________________________________ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
