1.2 Implementation

The ZENworks PBA implementation differs for a standard hard disk and a self-encrypting hard disk.

1.2.1 Standard Hard Disk

A standard hard disk is an IDE, SATA, or PATA disk that is not self-encrypting and therefore can be encrypted by ZENworks 11 Full Disk Encryption.

With a standard hard disk, a 100 MB primary partition is created for the Linux system and the ZENworks PBA. When the device boots, the ZENworks PBA login is displayed. After the user enters valid credentials (see Section 1.3, Authentication Methods), the PBA terminates, the Windows operating system is booted, and the encrypted drives become accessible.

1.2.2 Self-Encrypting Hard Disk

A self-encrypting hard disk does its own encryption through the use of a dedicated encryption chip. It cannot be encrypted by ZENworks 11 Full Disk Encryption, but the ZENworks PBA can be used to provide extra security for the disk.

With a self-encrypting disk, a Linux system and ZENworks PBA are installed to the MBR shadow, which is a protected partition of the hard disk. When the device boots, the ZENworks PBA login is displayed. At this time, the MBR shadow is visible to the system but the Windows partition (with the self-encrypted drive) is not. After the user enters valid credentials (see Section 1.3, Authentication Methods), the ZENworks PBA terminates, the Windows partition is unlocked, the Windows operating system is booted, and the encrypted drive becomes accessible.