encoad
asked on
Whole drive encryption without TPM or password?
My company has a factory in China. Data theft is rampant and I'm trying to control it as best as I can. I'd like to encrypt all of the hard drives, but Chinese computers do not come with TPM chips. (same model in the USA does, but in China it's missing - We use Dells).
Right now, there's nothing stopping someone from opening up their computer and borrowing the hard drive and copying all the information off.
Using Veracrypt or Bitlocker is great, but then I need to give the users the password whenever they reboot their computer, which defeats the purpose. A unlocker USB is nice too, but they can just borrow that at the same time.
The only thing I can think of is to import US made motherboards for all our computers which have TPM chips. Not exactly a fun proposition.
Can anyone suggest anything?
Thanks!
Right now, there's nothing stopping someone from opening up their computer and borrowing the hard drive and copying all the information off.
Using Veracrypt or Bitlocker is great, but then I need to give the users the password whenever they reboot their computer, which defeats the purpose. A unlocker USB is nice too, but they can just borrow that at the same time.
The only thing I can think of is to import US made motherboards for all our computers which have TPM chips. Not exactly a fun proposition.
Can anyone suggest anything?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There is no free software that I know of that can do this. But you might be able to modify open source software like truecrypt yourself (or following manuals that you might find on the net). Sirrix trusted disk for example is truecrypt in its core. They modified truecrypt to work with certificates on smartcards. I bet the modification is not too complicated, but I don't know how.
encoad, could you do me a favor? Your statement "Chinese computers do not come with TPM chips", can it be verified somewhere? I am interested to see proof for it.
ASKER
Hi McKnife,
Not sure how I can prove it. None of our Dell Precision computers in China come with TPMs. The only TPMs equiped computer in the factory are our servers which I brought from Canada.
I suspect you could find someone selling a used motherboard on taoboa.com or aliexpress.com, if you can see it in great enough detail I suspect that you'll see the TPM missing.
Thanks,
NIcholas
Not sure how I can prove it. None of our Dell Precision computers in China come with TPMs. The only TPMs equiped computer in the factory are our servers which I brought from Canada.
I suspect you could find someone selling a used motherboard on taoboa.com or aliexpress.com, if you can see it in great enough detail I suspect that you'll see the TPM missing.
Thanks,
NIcholas
I've requested that this question be deleted for the following reason:
Not enough information to confirm an answer.
Not enough information to confirm an answer.
In both my answers, I showed that there is a solution.
ASKER
So there's no free software which can handle what I need? We are not a large shop.
I was thinking about bolting USB keys to the desks...
Nicholas