BitLocker: are 16 sectors appear to be unencrypted?

Discussion in 'Windows Vista Security' started by tavis, Jul 11, 2006.

  1. tavis

    tavis Guest

    It appears that the first 16 sectors of the protected volume are not
    encrypted.

    (The only difference seems to be the "FVE-FS" instead of "NTFS" label at the
    beginning.)

    Why? There appears to be a bit of space to place data, bypassing encryption
    protections.

    Thanks!
     
    tavis, Jul 11, 2006
    #1
    1. Advertisements

  2. The first 8K (which translates to 16 sectors if using 512 byte sectors) is a
    reserved area of the volume referred to as the boot block.
    The first 512 bytes of this contains the BIOS Parameter Block.
    The last 512 bytes of this contains volume snapshot data reference. Actual
    volume snapshot data is encrypted.
    The remaining portion of this block contains unused boot code. It's unused
    as the encrypted partition cannot be the active partition.

    The boot sector and backup sector need to be decrypted to allow certain
    recovery scenarios. The 8K alignment was set early on in the development
    when part of the first 8K was going to be used to store metadata, when the
    approach changed, there was no good reason to change the 8K alignment to a
    sector alignment (that can be as high as 4K).
    -
    Jamie Hunter [MS]
     
    Jamie Hunter [MS], Jul 12, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.