UEFI Encrypt disk on boot

uefi cryptography encryption aes

In general, having the system firmware handle decryption of the disk is tricky. At some point, the operating system takes over handling the processing of data from the drive, and it will intrinsically need to know how to encrypt and decrypt the data on the disk independent of the firmware. That means that your firmware will have to have some special driver to handle the encryption and decryption that works the same way as your operating system.

If you're asking how to use the built-in drive firmware to do the encryption, in general that's not a good idea. Various hard disk firmwares have been found to contain myriad vulnerabilities in how they generate keys and IVs, the block cipher modes they use, and how they derive keys. Unless you have an audit of the particular firmware you're using, you should avoid using the hardware-based disk encryption.

Your best bet is to just use your operating system's built-in disk encryption. On Linux, use LUKS2 (or LUKS if that's not available).

Related

Disable USB powered light from command line?
Can I set a delay on startup programs that are shown on Windows 8 Task Manager?
Why can't I switch between workbooks in Excel 2010 using ALT-TAB?
How to maximize application on entire screen in Mac OS X
Can I unsubscribe from email chains in Outlook?
How to bulk rename audio files so that the file name matches the title metadata (preferably using Foobar2000)?
Low battery notification doesn't show up in windows 7
How to disable spell-checking and auto-correction in Skype?
How Can I Force Unmount a Network Device on Mac?
Word 2013 export to PDF how to keep font vectorized
Application Screen Repainting Issues
Why would an executable say it doesn't exist when I try to run it?