Full Disk Encryption includes the following updates:
The Full Disk Encryption Agent now includes a “Graphical PBA” boot method for pre-boot authentication that you can configure for upgraded hardware compatibility on UEFI enabled devices. This option, when added to the DMI file and when used in tandem with custom PBA resolution, is particularly useful on tablet devices during pre-boot authentication. To use this feature, add the following string to the DMI file hardware compatibility settings:
KERNEL=[SDP_KERNEL_SIMPLE_PBA_GUI]
For more information about this setting or hardware compatibility in general, see Configure Pre-Boot Authentication - Hardware Compatibility
in the ZENworks Full Disk Encryption Policy Reference.
Full Disk Encryption now requires UEFI enabled devices to boot from Secure Boot Manager in the boot order. This configuration gets reverted to Windows Boot Manager in the boot order if the Disk Encryption policy is deployed to a device after the device is upgraded to a ZENworks 2020 Update 1 or later version from a ZENworks 2020 or earlier version. If the Disk Encryption policy is already deployed to a device before the upgrade, in this version scenario, the device continues to boot to Secure Boot Manager.
At least 50 MB of free disk space is required for the EFI system partition (ESP) when the system’s firmware is configured to run UEFI BIOS.
For more information about managed device requirements with Full Disk Encryption, see System Requirements
in the ZENworks Full Disk Encryption Agent Reference.