Volume Encryption

These actions define if the volumes of the hard disk are encrypted or not.

Action

Description

Encrypt all local hard disks

All volumes of the hard disk are automatically fully encrypted. The encrypted disk is only accessible to authorized users.

Do not encrypt local hard disks - Encrypt only minimum volumes required for Pre-boot

The hard disk is not encrypted.

Double-click an action to edit the properties.

  • Volume encryption algorithm: Full Disk Encryption can use these encryption algorithms:

    • XTS-AES (256-bit)

    • XTS-AES (128-bit)

    • AES-CBC (256-bit) - Default

    • Blowfish (256-bit)

    • Cast (128-bit)

    • 3DES (168-bit)

  • What is encrypted: By default all drives that are detected after the installation and all visible disk volumes are encrypted. IRRT devices are not encrypted.

To change the volumes and devices that are encrypted, select these options:

  • To have only minimum encryption for Pre-boot protection, select Minimum volumes for Pre-boot authentication.

  • To select the exact drives that are encrypted, select Custom Volume Encryption and click Configure Volumes.

  • To encrypt volumes that are found after the initial Full Disk Encryption installation on a computer, select Allow encryption of volumes that were detected after the initial installation.

  • To encrypt IRRT devices, select Allow protection/encryption on IRRT devices.

  • To use a Self-Encrypting drive (SED), select Allow using the hardware encryption functionality of self-encrypting drives.

    Self-Encrypting drives encrypt and decrypt immediately.