On 5/17/25 3:04 AM, Wol wrote:
I believe modern hardware will automatically encrypt the disk and store the key in the TPM. At BIOS level. So that disk is only readable on that computer.
Some systems have that capability. But all of the systems that I've looked at don't enable it automatically.
Sadly, it doesn't offer any protection if the entire system is taken, Hence the question of what to protect.
This also offers no protection against physical based / connected attacks.
(There are ways to back up the key, but to a first approximation, take the disk out of the computer and it's cryptographically wiped.)
I get what you're saying, but if you put it back in the same system the data is available again. Thus the data wasn't wiped. Conversely destroy the key and now you can't get the data back without massive brute force.
-- Grant. . . .
