> when you talk about BIOS interruptions, are you talking about I/O > interruptions (read/write from/to disk)? what is the difference > between monitoring BIOS and monitoring Windows I/O layer with a filter > driver?
The Windows I/O layer doesn't initialize until fairly late in the Windows loader. During much of the initial boot sequence, Windows switches to 16 bit mode and uses BIOS interrupts for disk I/O. So if you want to encrypt the entire disk, including the boot loaders, and you want to provide pre-boot authentication (which you should, because otherwise it isn't secure), you need to handle both BIOS interrupts and Windows I/O. What people want is security. What they buy is encryption. What they pay is as little as possible (both $ and user effort). What they get it is no security. There are Fortune 500 companies that encrypt all their laptops WITHOUT pre-boot encryption. There are hardware encryption products that write the key to the drive in plaintext. Just because a product uses FIPS approved cryptography doesn't mean it is secure. If you want real security, buy it from people who actually care about security, and listen to their recommendations about best practices. Tim Hollebeek BitArmor Systems http://www.bitarmor.com _______________________________________________ FDE mailing list FDE@www.xml-dev.com http://www.xml-dev.com/mailman/listinfo/fde