Whole disk encryption is a method of encoding data on a hard drive. Unlike many encryption methods, whole disk encryption encompasses the entire hard drive rather than a specific segment. This style of encryption is useful for drives that are easily stolen, such as those in a laptop or an external drive. This encryption is generally done via software, but some specially-made disks offer hardware-based encryption as well.
There are two general styles of whole disk encryption; ones that encrypt the master boot record and ones that do not. The master boot record provides several important functions, but the two important ones to this process are performing the second step of the computer boot process and holding the hard drive’s partition table. Generally, hardware systems may encrypt the master boot record, and software systems do not.
A hardware whole disk encryption system is built directly into the drive. After the computer is turned on, and the computer’s basic input/output system (BIOS) has finished with the initial boot phase, the master boot record continues the boot process. With a hardware-based encryption, a password box comes up at this step. Without that password, booting will not continue.
With a software system, the master boot record is generally left alone. After the BIOS finishes its step, the operating system has yet to load. Since it hasn’t loaded yet, any programming, such as a whole disk encryption program, will not have loaded either. It isn’t until after the master boot record loads the drive’s partition table and finishes its boot step that the operating system and associated functions begin to work.
Whole disk encryption affects system resources differently depending on the style used. Hardware encryption is completely separated from the active computer system and will, therefore, have little impact on computer speed and functioning. Software encryption is both a constantly running program and an addition step in disk access. Generally, software-based encryption will have a moderate impact on system speed and stability.
Encrypting an entire hard disk provides basic protection when the computer is off or booting, but very little when the computer is turned on. When the computer is off, anyone attempting to use the encrypted hard drive must provide password information. After the operating system has loaded, the password has been used and the encryption is passive. While the contents of the drive are still technically encrypted, nothing is locked out while it is actively being used. As a result, this type of encryption is used on easily portable drives more often than standard desktop systems.