Windows – Does a Windows 7 system volume encryption tool exist that allows remote unlocking via ssh during boot phase

bootdisk-encryptionremotesshwindows 7

Does a tool/method exist which allows encrypting a Windows 7 system volume while providing the possibility to remotely unlock it via ssh during the boot phase? Is it even possible with Windows 7 (I guess it should be)?

On linux, a LUKS encrypted rootfs can be unlocked via ssh during the boot phase (also see /usr/share/doc/cryptsetup/README.remote.gz on Debian).

The DiskCryptor project comes with a powerful bootloader which allows booting an encrypted system volume by unlocking it via USB or LAN (automatically providing the previously hard-coded password). However, I found no possibility to enter the required unlocking password over a ssh connection and I absolutely don't want to hard-code the password somewhere (not even in my (hopefully) secure LAN).

Therefore, a similar solution to the LUKS approach most probably involves a separate unencrypted boot partition with an ssh server and some boot magic which handles the unlocking and allows chain-loading the encrypted system partition with Windows 7.

Does anything like this exist or is being developed?

Best Answer

  • The only way to achieve this is to buy network KVM adapter, which can be quite expensive depending on which one you choose. Similar to most BIOS-es, you can't remotely access it unless you have a networked KVM which will essentially put your keyboard, mouse and monitor on the network.

    For this example, I will use the bootloader from Truecrypt:

    The bootloader is supposed to do one thing (and one thing ONLY) and that is to decrypt your Windows system partition so that the decrypted form of Windows could start booting. For this reason, the bootloader is EXTREMELY lightweight to speed up the time it takes from the power button is pressed to the bootloader screen where it asks for your password for decryption. Therefore, any SSH implementation to the bootloader is unrealistic.

  • Related Question