File Share Encryption

 View Only
  • 1.  Using Intel AMT to Unlock a PGP Encrypted Drive

    Posted Dec 22, 2011 06:33 PM

    Has anyone tried to deliver a WinPE image with PGP tools ISO via Intel AMT and Symantec Management Platform?

    I've seen the PGP article on how to add tools to the PE - http://www.symantec.com/business/support/index?page=content&id=TECH149634

    The scenario I'm looking for is delivering that ISO image Out-of-band and have this ability to remotely unlock\recover an unencrypted drive

    For customers with Intel AMT versions supporting KVM remote control, this can be accomplished remotely  (brief guidance provided here)

    But - if KVM remote control is not present, having an ISO image to unlock a system without use interaction would be great.

    I've heard rumors of such custom installations\situations.  

     

    Anyone willing to share?



  • 2.  RE: Using Intel AMT to Unlock a PGP Encrypted Drive

    Posted Dec 22, 2011 08:09 PM

    We have PGP Desktop licenses, but we're currently not using them for whole disk encryption. Currently we're using pointsec checkpoint whole disk encryption on all our laptops, and they provide a bootable ISO for you to decrypt unbootable drives. I haven't played too much with the details of the encryption mechanism, but I'm willing to give it a shot if that is what you're after.

    From a brief review of that PGP article, it looks like it's basically the same procedure as injecting drivers into any WinPE/PXE boot disk.