Whole drive encryption without TPM or password?

My company has a factory in China.  Data theft is rampant and I'm trying to control it as best as I can.  I'd like to encrypt all of the hard drives, but Chinese computers do not come with TPM chips.  (same model in the USA does, but in China it's missing - We use Dells).

Right now, there's nothing stopping someone from opening up their computer and borrowing the hard drive and copying all the information off.

Using Veracrypt or Bitlocker is great, but then I need to give the users the password whenever they reboot their computer, which defeats the purpose.  A unlocker USB is nice too, but they can just borrow that at the same time.

The only thing I can think of is to import US made motherboards for all our computers which have TPM chips.  Not exactly a fun proposition.

Can anyone suggest anything?

Thanks!
LVL 1
encoadAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
Very good point indeed.
I opened a thread at the veracrypt forum about just that. Abstract: "how does veracrypt ensure that users don't mount their drives offline and thereby circumvent all system security?" - it was never even commented on by the developres.

So you will not get happy without having a second protector like a TPM or a smartcard AND an encryption software that knows a user hierarchy ("every user may start the device, but only certain users may mount the device offline"). There are softwares, but you will have to buy them. We use trusted disk by sirrix.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
encoadAuthor Commented:
Hi McKnife,

So there's no free software which can handle what I need?  We are not a large shop.

I was thinking about bolting USB keys to the desks...

Nicholas
0
McKnifeCommented:
There is no free software that I know of that can do this. But you might be able to modify open source software like truecrypt yourself (or following manuals that you might find on the net). Sirrix trusted disk for example is truecrypt in its core. They modified truecrypt to work with certificates on smartcards. I bet the modification is not too complicated, but I don't know how.
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

McKnifeCommented:
encoad, could you do me a favor? Your statement "Chinese computers do not come with TPM chips", can it be verified somewhere? I am interested to see proof for it.
0
encoadAuthor Commented:
Hi McKnife,

Not sure how I can prove it.  None of our Dell Precision computers in China come with TPMs.  The only TPMs equiped computer in the factory are our servers which I brought from Canada.

I suspect you could find someone selling a used motherboard on taoboa.com or aliexpress.com, if you can see it in great enough detail I suspect that you'll see the TPM missing.

Thanks,
NIcholas
0
LeeTutorretiredCommented:
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
McKnifeCommented:
In both my answers, I showed that there is a solution.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.