Disk encryption options - what exactly do they do?
In the Profile Settings, General Options, there is a section labeled "Encryption Options". What does each of these options do?
Disk Encryption Options:
Choose what is to be encrypted (all disks, boot disk only, or boot disk and all fixed disks) and whether or not just the partition should be encrypted.
Encrypt All Disks: Encrypts ALL Disks (Internal Drives, as well as Removable Drives)
Encrypt Boot Disk Only: If the Device has Multiple Hard Disks, this option will encrypt the Bootable Disk ONLY.
Encrypt Boot Disk and all Fixed Disks: If the Device has Multiple Hard Disks, this option will Encrypt All Hard Disks, but will not Encrypt Removable Media Drives.
Encrypt Partition Only When "Encrypt Partition Only” is enabled, SecureDoc encrypts All Partitions on the hard drive (i.e. C:, D:, E:) but it will Not Encrypt unallocated space (i.e.: space between partition, etc.) This is different than full disk encryption. In full disk encryption SecureDoc encrypts the whole hard drive including unallocated space.
Use hardware encryption if available: Check this to use the encryption integrated with a Self-Encrypting Drive, such as the new OPAL-standard drives, Seagate FDE drive such as the Momentus® Series or BlackArmor® Series. Instead of using SecureDoc's software encryption, checking "Use hardware encryption if available” (which is enabled by default) will use the built-in hardware encryption in these device types. If this is not checked, SecureDoc's software encryption is used.
Enable Key Escrow for Hardware Encryption. This option interrogates the Seagate FDE (Momentus® or BlackArmor®) Disk for the encryption key that is used (for SES management and audit purposes).
NOTE: Since by design the OPAL Consortium has decided to ensure there is no means of getting the key that protects an OPAL Self-Encrypting Drive, this option if checked has no effect on OPAL Drives. SecureDoc will store the drive PIN into the database, but is unable to get the key for any OPAL drives.