[WEBINAR] Bulletproof: How Today's Business Leaders Stay on Top

Full-Disk Encryption (FDE)

Definition - What does Full-Disk Encryption (FDE) mean?

Full-disk encryption (FDE) is the encryption of all data on a disk drive, including the program that encrypts the bootable OS partition. It is performed by disk encryption software or hardware that is installed on the drive during manufacturing or via an additional software driver. FDE converts all device data into a form that can be only understood by the one who has the key to decrypt the encrypted data. An authentication key is used to reverse conversion and render the data readable. FDE prevents unauthorized drive and data access.

Data and OSs are automatically encrypted through FDE. However, the master boot record (MBR) remains unencrypted. Some FDE and hybrid FDE systems encrypt the complete disk, including the MBR.

FDE is also known as whole disk encryption (WDE).

Techopedia explains Full-Disk Encryption (FDE)

The encrypted data is inaccessible to an unauthorized users, even if the device is installed on another machine. After unlocking a computer, the data is automatically decrypted and readable. A disadvantage is that the encryption/decryption process slows data access time, particularly when virtual memory is used.

FDE is useful for small electronic devices vulnerable to theft or loss, such as laptops. In a corporate or large computer network environment, a secure username and password policy is a critical requirement. The following are FDE advantages:

  • The majority of data is encrypted, including swap space and temporary files.
  • A user cannot determine file encryption.
  • Authorization is established prior to computer booting (pre-boot authentication).
  • Destroying authentication/cryptography keys also destroys data. Physical drive destruction or purging is recommended if future attacks are a concern.

However, FDE has issues. Cold boot attacks may occur when data bit degradation slows after power is switched off, creating vulnerability. The OS must hold the decryption keys in memory for disk drive data access. Additionally, decryption of blocks on the stored OS drive must be done before booting the OS. Thus, the authentication key must be available before a password is requested by the interface. This is addressed by the pre-boot authentication.

File system-level encryption is similar to FDE but typically does not encrypt file system metadata, such as directory structure, file names, timestamps, or file/folder sizes.

Share this:

Connect with us

Email Newsletter

Join thousands of others with our weekly newsletter

The 4th Era of IT Infrastructure: Superconverged Systems
The 4th Era of IT Infrastructure: Superconverged Systems:
Learn the benefits and limitations of the 3 generations of IT infrastructure – siloed, converged and hyperconverged – and discover how the 4th...
Approaches and Benefits of Network Virtualization
Approaches and Benefits of Network Virtualization:
Businesses today aspire to achieve a software-defined datacenter (SDDC) to enhance business agility and reduce operational complexity. However, the...
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.