Jump to content

rjanz

Members
  • Posts

    4
  • Joined

  • Last visited

About rjanz

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Canada
  1. Thanks for the detailed reply Kieran, this helps complete my understanding of the feature set.
  2. One more, I just discovered the EFI is not encrypted so you can boot into another OS and read these files. Why!?
  3. Please correct me if I'm wrong. What exactly are the ESET Encryption Boot files? Does this include the encryption keys? Are those keys really stored in the TPM? I'm trying to understand why we can boot into the OS on new hardware.
  4. While testing the ESET Full Disk Encryption product we found that we can successfully move the drives to a new desktop (different TPM, CPU, mobo etc) and we're able to successfully boot into Windows. I read in this forum post that the ESET Encryption Boot files are stored in EFI System Partition (ESP). Why? This completely defeats the purpose of encrypting the drives with a TPM. In our configuration we don't have the login password set as the computers live in facility. If there's a smash and grab and someone takes the drives they'd be able to boot into them to try and recover data. They'll have a running OS with a network stack which can likely be exploited. I confirmed we can't read the data while the drives are docked, or by booting into another OS to read them. Why are the keys not stored in the TPM? I would expect that moving the drives to new hardware would render them inoperable.
×
×
  • Create New...