On 2018-05-26, Robert Dodier <robert.dod...@gmail.com> wrote: > On Sat, May 26, 2018 at 1:16 AM, Pascal Hambourg <pas...@plouf.fr.eu.org> > wrote: > >> I don't know how Symantec's "full" disk encryption works, but AFAIK a boot >> disk cannot be fully encrypted, > > Yes, this is an important question -- what, exactly, is provided by > Symantec here, so that I can look for something to do the same for > Linux. But not surprisingly I haven't been able to find a careful > description -- so far all I have found is some marketing material. I > will keep looking.
They seem to be saying the boot loader is decrypted prior to the point at which it begins execution (a "pre-boot environment" is installed that prompts the user for pass phrase, etc.) https://www.symantec.com/content/en/us/enterprise/white_papers/b-pgp_how_wholedisk_encryption_works_WP_21158817.en-us.pdf > best, > Robert Dodier > > --