Disk encryption software

ayush_gupta · June 3, 2007, 3:35am

Hi!
I wanted to know whether it is possible to encrypt all contents of the disk
using a filter driver.
If yes, then how will i handle decryption of files that are loaded before my
driver gets loaded?
Is there any approach other than writing a filter driver?

Thanks!
Ayush Gupta

Peter_Viscarola_OSR · June 3, 2007, 4:53pm

Encrypt? Yes. Properly DECRYPT and get the system to boot? No. You need an INT 13 hook for that.

Peter
OSR

anton_bassov · June 3, 2007, 7:59pm

> You need an INT 13 hook for that.

First of all, you need to decrypt the code that makes a first call to INT 13, i.e. boot sector code.
Therefore, no matter how you look at it, you need to write your own boot sector…

Anton Bassov

anton_bassov · June 3, 2007, 8:30pm

> I wanted to know whether it is possible to encrypt all contents of the disk…

Sure you can - the question is what are you going to do next…

If yes, then how will i handle decryption of files that are loaded before my driver gets loaded?

You have to do everything before the system starts loading. In practice, it means that you have to write your own boot sector that executes a code that decrypts the disk (at least the part of it that
is necessary to boot the system)…

Anton Bassov

If yes, then how will i handle decryption of files that are loaded before my
driver gets loaded?

ayush_gupta · June 4, 2007, 3:42am

Hi!
Do u all propose to hook INT 13h, so that i can start decrypting right from the start by implementing a custom boot loader and reloacting the original?
It seems that i dont have to implement any filter driver.
Thanks!

anton_bassov · June 4, 2007, 7:00am

> Do u all propose to hook INT 13h, so that i can start decrypting right from the

start by implementing a custom boot loader and reloacting the original?

No one proposes you to do it. Actually, we both implicitly say exactly the opposite - we just explain to you what encrypting the whole disk would involve, so that you have a chance to realize that this idea is no so good…

The funniest thing here is that Vista already offers BitLocker. What is the point of trying to re-implement the feature the OS already provides??? If you want some custom encryption, I would rather propose you to limit yourself just to encrypting/decrypting files of interest, and doing everything in FS, rather than disk, filter driver…

Anton Bassov

Gary_Little · June 5, 2007, 12:01pm

Or a disc with full disc encryoption such as a Seagate Momentus FDE.

Gary G. Little

wrote in message news:xxxxx@ntdev…
> Encrypt? Yes. Properly DECRYPT and get the system to boot? No. You
> need an INT 13 hook for that.
>
> Peter
> OSR
>
>

anton_bassov · June 5, 2007, 7:52pm

> Or a disc with full disc encryoption such as a Seagate Momentus FDE.

Or, maybe, just install Vista and take the full advantage of BitLocker…

Anton Bassov