Full Drive Encryption + Finger Print

DfgDfg Admin
edited November 2012 in Tech & Games
I had an eventful week in regards to the Laptop. Due to some stupid fucks in HP, the Laptop had the basic partition setup which already maxed out the partitions. Being the clever nerd I fixed the issue by converting the drives to Dynamic. Problem solved, new partition created and we lived happily ever after. I also encrypted the second partition using Truecrypt.

All seemed well, the only problem I had was the manual mount and drive letter fuck up which resulted in Dropbox failures and installation problems. I installed an update from HP and it bricked my system. I tried going into recovery mode and it wouldn't let me. Turns of HP Recovery doesn't support Dynamic volumes. I said a mental FUCK YOU to HP at that point.

To top it off you can't convert Dynamic to Basic unless you blow up the partitions. However, you can use a software called Easeus Partition Master for this. The free version works like a charm. Just to reduce any chances of fuck up. I moved all of my data a portable drive, had to zip the files and it did take an age. After that, I just deleted the partition and use the software.

It worked as expected. Next up the Recovery Media creation. I found a software called Phantom Drive that lets you emulate a CD/DVD/BD writable disk. Some people used it and it works without any problems. I tried burning the Disks but the program would give an error and die out. This was the same error I got when using the Dynamic disk.

So, after many attempts and curses, I did the logical thing. I took my portable drive, use the Partition software and just copied the recovery partition as a whole. And then I deleted the recovery partition, reclaimed the space and added the fourth drive with the extended space. With that done, I got a pretty decent storage setup on the Laptop.

The next part was the security. This Laptop features an i7 3630QM HW-AES Processor. Meaning it can do AES Encryption on the fly with little or no side effects. In the benchmarks it showed 2GB of sustained write or read speeds. I use Truecrypt and secured my system drive an other drives in it except the boot drive.

Whenever the PC starts up, it uses the TC loader and I have to enter the long password. After that, the finger print kicks in.

If something happens to my Laptop the chances of recovery of any of my stored data is nill which I am quite happy with. I can go in detail but I am tired and I need to sleep.

In short, fuck you HP.

Comments

  • TasmanianDevilTasmanianDevil Semo-Regulars
    edited November 2012
    Dfg wrote: »
    The next part was the security. This Laptop features an i7 3630QM HW-AES Processor. Meaning it can do AES Encryption on the fly with little or no side effects. In the benchmarks it showed 2GB of sustained write or read speeds. I use Truecrypt and secured my system drive an other drives in it except the boot drive.

    If you dont mind me asking, why encrypt all drives exept for the boot drive? Would not a full disc encryption be both safer and easier?
  • DfgDfg Admin
    edited November 2012
    If you dont mind me asking, why encrypt all drives exept for the boot drive? Would not a full disc encryption be both safer and easier?

    Sorry the correct term was boot partition. There is a difference between system drive and boot drive. A boot drive is 100Mb in size and only has files that help Windows boot, in this case it has TrueCrypt Boot loader. It cannot be encrypted otherwise the system won't boot up. The system drive is where Windows is located and it's where all your files are, the data drive is where you store other nifty stuff. The full disk encryption makes sure that your data won't get compromised. If someone even compromises the boot loader, he cannot get access to the data since it's locked away and inaccessible unless the correct key is used.
  • TasmanianDevilTasmanianDevil Semo-Regulars
    edited November 2012
    Dfg wrote: »
    Sorry the correct term was boot partition. There is a difference between system drive and boot drive. A boot drive is 100Mb in size and only has files that help Windows boot, in this case it has TrueCrypt Boot loader. It cannot be encrypted otherwise the system won't boot up. The system drive is where Windows is located and it's where all your files are, the data drive is where you store other nifty stuff. The full disk encryption makes sure that your data won't get compromised. If someone even compromises the boot loader, he cannot get access to the data since it's locked away and inaccessible unless the correct key is used.

    I see.

    If it is the 100Mb partition created while installing windows 7 you can still use full drive encryption, thats how i have had my laptop setup the last 6 months and its working just fine.
    The 100Mb partition holds the Windows Recovery Environment (WinRE), used for restoring and repairing the OS in case of a OS crash.
    Leaving this unencrypted seems risky to me, you never know what windows writes to it without your knowledge.

    But, ofc dont take my word for it, do your own research just to be safe. I may have misunderstood what your setup is.
Sign In or Register to comment.