11.0 Full Disk Encryption

ZENworks Full Disk Encryption protects a device’s data from unauthorized access when the device is powered off or in hibernation mode. To do this, it uses a combination of disk encryption and pre-boot authentication.

Full Disk Encryption provides software-based encryption on standard, solid state, and self-encrypted hard disks. All disk volumes (or selected disk volumes) are encrypted, including any temporary files, swap files, and operating system files on the volumes. The data cannot be accessed until a valid user successfully logs in, and the data can never be accessed by booting the device from media such as a CD/DVD, floppy disk, or USB drive. For an authenticated user, accessing data on the encrypted disk is no different than accessing data on an unencrypted disk.

Full Disk Encryption provides optional pre-boot authentication for hard disks. The ZENworks Pre-Boot Authentication (PBA) component is installed as a small Linux partition on the hard disk. Login occurs through the ZENworks PBA, which is protected from alteration through the use of MDT checksums and password extraction by the use of strong encryption for the keys.

The ZENworks PBA supports single-sign on with the Windows login, enabling users to enter only one set of credentials (ether user/password or smart card) to log in to both the ZENworks PBA and Windows operating system.