Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects simply to a non-technical, business audience. Over…
Full-disk encryption (FDE) is the encryption of all data on a disk drive, including the program that encrypts the bootable OS partition. It is performed by disk encryption software or hardware that is installed on the drive during manufacturing or via an additional software driver. FDE converts all device data into a form that can be only understood by the one who has the key to decrypt the encrypted data. An authentication key is used to reverse conversion and render the data readable. FDE prevents unauthorized drive and data access.
Data and OSs are automatically encrypted through FDE. However, the master boot record (MBR) remains unencrypted. Some FDE and hybrid FDE systems encrypt the complete disk, including the MBR.
FDE is also known as whole disk encryption (WDE).
The encrypted data is inaccessible to an unauthorized users, even if the device is installed on another machine. After unlocking a computer, the data is automatically decrypted and readable. A disadvantage is that the encryption/decryption process slows data access time, particularly when virtual memory is used.
FDE is useful for small electronic devices vulnerable to theft or loss, such as laptops. In a corporate or large computer network environment, a secure username and password policy is a critical requirement. The following are FDE advantages:
However, FDE has issues. Cold boot attacks may occur when data bit degradation slows after power is switched off, creating vulnerability. The OS must hold the decryption keys in memory for disk drive data access. Additionally, decryption of blocks on the stored OS drive must be done before booting the OS. Thus, the authentication key must be available before a password is requested by the interface. This is addressed by the pre-boot authentication.
File system-level encryption is similar to FDE but typically does not encrypt file system metadata, such as directory structure, file names, timestamps, or file/folder sizes.
Techopedia’s editorial policy is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.
What Does Neurotechnology Mean?Neurotechnology as a new prominent tech term describes any technology that helps us to understand brain function,...
Margaret RouseTechnology Expert
What Does Stack Environment Control Dump Machine Mean?A Stack Environment Control Dump machine (SECD machine) is an abstract machine made...
What Does Network Slicing Mean?Network slicing involves separating various parts of a virtual network setup according to the functions that...
Trending NewsLatest GuidesReviewsTerm of the Day