Hardware-based full disk encryption: Difference between revisions

Recent hardware models circumvents [[booting]] from other devices and allowing access by using a dual [[Master Boot Record]] (MBR) system whereby the MBR for the operating system and data files is all encrypted along with a special MBR which is required to boot the [[operating system]]. In SEDs, all data requests are intercepted by their [[firmware]], that does not allow decryption to take place unless the system has been [[Booting|booted]] from the special SED [[operating system]] which then loads the [[Master boot record|MBR]] of the encrypted part of the drive. This works by having a separate [[Disk partitioning|partition]], hidden from view, which contains the proprietary [[operating system]] for the encryption management system. This means no other boot methods will allow access to the drive.{{citation needed|date=December 2024}}