Disk type-specific encryption option (available from V6.5) permits EXCLUSION of disk bus types for encryption. If not used, all disk types will be encrypted.
A new functionality is available that allows an SES Administrator to define precisely which Disk Types are going to be permitted to be encrypted. This works on an EXCLUSION basis, so if this feature is not used, then all disk types are candidates for encryption (in keeping with regular default behavior). NOTE: Due to the low likelihood of general use of this functionality, there is as at V6.5 no Graphical User Interface through which this can be defined.
The functionality is implemented through the definition of a DWORD value stored within the SECUREDOC.INI file for a given Device Profile, whose binary form is a 32bit value.
As a result, this DWORD value must be manually configured in the SecureDoc.ini file relating to a given Device Profile. The process is clarified in below.
Each of the bits represents one BUS type of disks.
A bit value of 1 means the corresponding type is excluded, and therefore disks of that bus type may NOT be encrypted.
A bit value of 0 means the BUS type is not excluded (and therefore may be encrypted).
For example, DWORD value 34, whose binary form 100010 means BusTypeScsi (Bit 1) and BusTypeSSA (Bit 5) bus types are excluded.
Below is the complete list of bus types that each bit represents:
BusType — order of bit in the DWORD value's binary form
// NOT USED — 0
// BusTypeScsi — 1
// BusTypeAtapi — 2
// BusTypeAta — 3
// BusType1394 — 4
// BusTypeSsa — 5
// BusTypeFibre — 6
// BusTypeUsb — 7
// BusTypeRAID — 8
// BusTypeiScsi — 9
// BusTypeSas — 10
// BusTypeSata — 11
// BusTypeSd — 12
// BusTypeMmc — 13
Having defined the Bus Types to be Excluded to create the exclusion list in Binary form (e.g. 10010 will exclude SCSI and 1394 (FireWire) bus types), then use a tool such as a Binary to DWord converter to arrive at the value to be inserted following a keyword named: BusTypesExcluded, located below the GENERAL section.
In our example here, 10010 will be a DWord value of 34, so the resulting new SecurDoc.ini file argument must be located under the GENERAL section, as follows:
BusTypesExcluded=34 , for this example above.
Notes and exclusions:
The bus-types defined as excluded are *only* excluded during an auto-run command or during installation of the SES Client.
NOTE:
If a user (with adequate rights) specifically selects a disk to encrypt in SecureDoc Control Center (SDCC), the bus-type filter will not apply and the device will be encrypted, regardless of the exclusions that may have applied during installation.
Similarly, if a user intentionally specifies a certain drive to encrypt in the command, for example: SDUTIL E: /e "" , the command will ensure the drive will still be encrypted, again regardless of the exclusions that may have applied during installation.
If not used, then normal functionality applies, and there will be no exclusion from encryption of any disks (ie. all disk types will be candidates for encryption).