Hi!
I wanted to know whether it is possible to encrypt all contents of the disk using a filter driver.
If yes, then how will i handle decryption of files that are loaded before my driver gets loaded?
Is there any approach other than writing a filter driver?
Thanks!
Ayush Gupta
Sorry for posting the message on NTFSD, i totally forgot that it has to be posted on NTDEV ( the space outside file systems). But any help will be appreciated.
Thanks and sorry.
Ayush Gupta
Yes, it is possible. In short to answer your specific question, you
write your own boot loader which intercepts the BIOS calls for IO to the
disk. This solution is actually more ‘closed’ in terms of problems you
are to encounter than the filesystem filter based approach of encryption
on the fly.
I have implemented this solution several times and plan on a 8+ month
development and test before having a releasable product; this assumes
you are already familiar with low level stuff.
Pete
Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300
xxxxx@yahoo.com wrote:
Hi!
I wanted to know whether it is possible to encrypt all contents of the disk using a filter driver.
If yes, then how will i handle decryption of files that are loaded before my driver gets loaded?
Is there any approach other than writing a filter driver?Thanks!
Ayush Gupta
Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
At least this is more documented than the filesystem way 
Add a few months for research if you’re
not familiar.
It’s more important with this approach that you get a very good crypto consultant to help you do the
encryption right - it cannot be as simple as the filesystem one.
Peter Scott wrote:
Yes, it is possible. In short to answer your specific question, you
write your own boot loader which intercepts the BIOS calls for IO to the
disk. This solution is actually more ‘closed’ in terms of problems you
are to encounter than the filesystem filter based approach of encryption
on the fly.I have implemented this solution several times and plan on a 8+ month
development and test before having a releasable product; this assumes
you are already familiar with low level stuff.> I wanted to know whether it is possible to encrypt all contents of the disk using a filter driver.
> If yes, then how will i handle decryption of files that are loaded before my driver gets loaded?
> Is there any approach other than writing a filter driver?
–
Kind regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.
Thanks!
Peter mentioned:
“write your own boot loader which intercepts the BIOS calls for IO to the
disk”
Are you proposing to write a boot loader which in turn will call the original boot loader.
Are u proposing to replace the original MBR?
What do i do when the OS kernel takes control?
Does the solution have multiple modules to handle decryption at various phases?
Thanks!
Ayush Gupta
You need to replace the original MBR with your own version. This would
either emulate or call the original MBR for some of the functionality.
Yes, once the system loads and your driver is loaded, then you would
handle processing within it.
Pete
Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300
xxxxx@yahoo.com wrote:
Thanks!
Peter mentioned:
“write your own boot loader which intercepts the BIOS calls for IO to the
disk”
Are you proposing to write a boot loader which in turn will call the original boot loader.
Are u proposing to replace the original MBR?What do i do when the OS kernel takes control?
Does the solution have multiple modules to handle decryption at various phases?Thanks!
Ayush Gupta
Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
To unsubscribe send a blank email to xxxxx@lists.osr.com