← Older revision
Revision as of 18:44, 7 May 2015
Line 1:
Line 1:
−
<div class
="
template
-
documentation
"
>
<div class="pw-head">
Prior to encrypt the
system partition
,
it is strongly recommended to [[LiveCD|
create a
bootable
Windows CD/DVD disk (
LiveCD
)
with DiskCryptor]]
.</div>
+
{| border
="
0" width="100%" style="background
-
color:#FFFF80; font-size: 120%;
"
−
+
! width="20%"| !! width="60%"| !! width="20%"|
−
That will allow you to gain access to data in case of any emergency (being unable to boot the system), and also allows for partition encryption and decryption operations to be performed.
</div>
+
|-
+
|
+
|
+
<div class="pw-head">
While encrypting
system partition it is
''
strongly
''
recommended to
:</div>
+
* Create
[[LiveCD|bootable LiveCD with DiskCryptor]]
BEFORE encryption
+
* {{acronym|Backup volume header|Tools → Backup Header}} AFTER encryption
+
|
+
|-
+
|
+
|}
+
That will allow you to gain access to data in case of any emergency (being unable to boot the system), and also allows for partition encryption and decryption operations to be performed.
== DiskCryptor Bootloader Options ==
== DiskCryptor Bootloader Options ==
−
DiskCryptor bootloader is used for booting
up an
OS from
an
encrypted partition. The bootloader has a number of options, allowing to determine its behavior in different situations, for example:
+
DiskCryptor bootloader is used for booting OS from encrypted partition. The bootloader has a number of options, allowing to determine its behavior in different situations, for example:
−
* Boot
a
different encrypted OS depending on
a
password entered;
+
* Boot different encrypted OS
,
depending on password entered;
−
* Boot
an
unencrypted OS on entering
an
incorrect password;
+
* Boot unencrypted OS on entering incorrect password;
* Change bootloader messages and set time limit for the authentication;
* Change bootloader messages and set time limit for the authentication;
−
* When placing the bootloader on
an
external
medium
, you have
an
option of embedding a password into it, and to boot the system with authentication on a key's
medium
;
+
* When placing the bootloader on external
media
, you have option of embedding a password into it, and to boot the system with authentication on a key's
media
;
−
* You can even place the bootloader with
an
embedded password on LAN, and to boot a park of machines automatically, without user intervention.
+
* You can even place the bootloader with embedded password on LAN, and to boot a park of machines automatically, without user intervention.
−
In this manual, configuring of bootloader with the console version of DiskCryptor, is described. The bootloader options in the GUI version, are the same. The bootloader configuration menu appears automatically on a creation of
an
external bootloader, and it also can be invoked by the "dccon -boot -config" command (see [[Console|Console version commands]] for details).
+
In this manual, configuring of bootloader with the console version of DiskCryptor, is described. The bootloader options in the GUI version, are the same. The bootloader configuration menu appears automatically on a creation of external bootloader, and it also can be invoked by the "dccon -boot -config" command (see [[Console|Console version commands]] for details).
All options are separated into section of functions performed.
All options are separated into section of functions performed.
Line 58:
Line 68:
| 4
| 4
| Enable embedded keyfile (disabled)
| Enable embedded keyfile (disabled)
−
| Allows to set
an
embedded keyfile for pre-boot authentication. When
an
embedded keyfile is present, it is being used in addition to supplied password, or instead of it, if prompt to supply a password is turned off.
+
| Allows to set embedded keyfile for pre-boot authentication. When embedded keyfile is present, it is being used in addition to supplied password, or instead of it, if prompt to supply a password is turned off.
|-
|-
| 5
| 5
| Change authentication timeout (disabled)
| Change authentication timeout (disabled)
−
| Allows to set the time limit for the authentication, and when it has been reached,
a
default action, performed in case of the absence of a password, is executed.
+
| Allows to set the time limit for the authentication, and when it has been reached, default action, performed in case of the absence of a password, is executed.
|-
|-
| 6
| 6
Line 81:
Line 91:
| 1
| 1
| On/Off invalid password message (ON)
| On/Off invalid password message (ON)
−
| Allows to turn off display of the message on entering
an
incorrect password.
+
| Allows to turn off display of the message on entering incorrect password.
|-
|-
| 2
| 2
| Invalid password action (retry authentication)
| Invalid password action (retry authentication)
−
| Allows you to set the next action, following the input of
an
incorrect password (see below).
+
| Allows you to set the next action, following the input of incorrect password (see below).
|-
|-
| 3
| 3
| Invalid password message (password incorrect)
| Invalid password message (password incorrect)
−
| Allows to change the message displayed on entering
an
incorrect password.
+
| Allows to change the message displayed on entering incorrect password.
|-
|-
| 4
| 4
Line 97:
Line 107:
|}
|}
−
Following the entry of
an
'''incorrect password''', the following '''actions''' are available:
+
Following the entry of '''incorrect password''', the following '''actions''' are available:
{| class="wikitable" border="1" width="100%"
{| class="wikitable" border="1" width="100%"
Line 112:
Line 122:
| 3
| 3
| Boot from active partition
| Boot from active partition
−
| Try to boot
an
OS from
an
active partition of the 1st HDD.
+
| Try to boot OS from active partition of the 1st HDD.
|-
|-
| 4
| 4
| Exit to BIOS
| Exit to BIOS
−
| After that BIOS may try to boot
up
from
a
different
medium
.
+
| After that BIOS may try to boot from different
media
.
|-
|-
| 5
| 5
Line 126:
Line 136:
=== Incorrect password action if no password entered ===
=== Incorrect password action if no password entered ===
−
This option sets the default action, executed in case of the absence of
a
password. When this option is turned on, then in case of a blank password, the action set in the '''Incorrect password action''', will be executed. Otherwise, there will be
an
attempt to boot the system without
a
password, according to the '''Booting method''' options. The default actions is also used on authentication timeout.
+
This option sets the default action, executed in case of the absence of password. When this option is turned on, then in case of a blank password, the action set in the '''Incorrect password action''', will be executed. Otherwise, there will be attempt to boot the system without password, according to the '''Booting method''' options. The default actions is also used on authentication timeout.
=== Booting method ===
=== Booting method ===
Line 132:
Line 142:
This option sets the OS booting method on successful authentication.
This option sets the OS booting method on successful authentication.
−
Authentication is considered to be successful, when it were possible to mount at least one encrypted partition on any of the disks. The default value of this option is set to load
a
saved copy of MBR, which is similar to the boot process from
an
unencrypted disk. Changing of this option might be needed for the creation of a multi-boot configuration and when placing the bootloader on
an
external
medium
. The number of available booting methods is dependent on the bootloader placing method.
+
Authentication is considered to be successful, when it were possible to mount at least one encrypted partition on any of the disks. The default value of this option is set to load saved copy of MBR, which is similar to the boot process from unencrypted disk. Changing of this option might be needed for the creation of a multi-boot configuration and when placing the bootloader on external
media
. The number of available booting methods is dependent on the bootloader placing method.
The following is full list of all available booting methods:
The following is full list of all available booting methods:
Line 141:
Line 151:
| 1
| 1
| Set "load boot disk MBR"
| Set "load boot disk MBR"
−
| Load
a
saved copy of MBR, of the HDD, on which the loader resides.
+
| Load saved copy of MBR, of the HDD, on which the loader resides.
|-
|-
| 2
| 2
| Set "load first disk MBR"
| Set "load first disk MBR"
−
| Load MBR from the 1st HDD, that has
an
active partition.
+
| Load MBR from the 1st HDD, that has active partition.
|-
|-
| 3
| 3
Line 161:
Line 171:
|}
|}
−
The 5th option — ''boot from specified partition'' needs the additional explanation. On choosing this booting method, there will be a list presented with mounted encrypted partitions, and you will be able to choose a partition from which to boot. The search for this partition will be carried out using disk_id of the functionary header of
a
volume. This is
a
unique 32 bit partition descriptor. The descriptor is located in the encrypted part of the header, and is accessible only after inputting
a
password, thus it is impossible to determine from which partition the booting will be done, without knowing
a
password.
+
The 5th option — ''boot from specified partition'' needs the additional explanation. On choosing this booting method, there will be a list presented with mounted encrypted partitions, and you will be able to choose a partition from which to boot. The search for this partition will be carried out using disk_id of the functionary header of volume. This is unique 32 bit partition descriptor. The descriptor is located in the encrypted part of the header, and is accessible only after inputting password, thus it is impossible to determine from which partition the booting will be done, without knowing password.
=== Bootauth keyboard layout ===
=== Bootauth keyboard layout ===
−
This option allows to choose keyboard layout for entering
a
password in the bootloader. The following layouts are available: QWERTY, QWERTZ and AZERTY.
+
This option allows to choose keyboard layout for entering password in the bootloader. The following layouts are available: QWERTY, QWERTZ and AZERTY.
* The QWERTY layout is fully in conformance with the standard English US layout.
* The QWERTY layout is fully in conformance with the standard English US layout.
−
* QWERTZ and AZERTY layouts are supported in
a
limited capacity, and only the followings sets of symbols are available: [a-z], [A-Z], [0-9].
+
* QWERTZ and AZERTY layouts are supported in limited capacity, and only the followings sets of symbols are available: [a-z], [A-Z], [0-9].
{{Languages}}
{{Languages}}