Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 10 subscribers
  • Views 907 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central Device Encryption removing of HDD

RyanHosiassohn

Hey All,

 

If my HDD is encrypted and I remove the HDD and put it back in the same machine, Would this still work ?

I know its suppose to match the TPM keys, But last time I did that it wouldn't boot off anymore ?

 

I ask this as I have another case, Where I need to upgrade the RAM on an HP Pavilion X360 where the RAM is under the MB, So I have to DC the HDD ribbon that connects to the MB.

 

Or do I need to decrypt and then encrypt again :(.

 

Thanks



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Shweta

    Shweta said:

    Hi  

    You will need to decrypt the same or recover it with the help of the recovery key. 

     

     

    Hi Shweta,

     

    Thanks, when you say decrypt the same do you mean you have to some how boot it off the same laptop ?

    There's no other way to decrypt and recover the data by putting into another pc ?

    The only way to get the data off is to use data recovery software ?

     

    So if your motherboard dies, you pretty much cannot recover the data ?

Children
  • 0 in reply to RyanHosiassohn

    When working with encryption is is always best to have backups of any critical information. Things go wrong and with encryption that means data loss. 

    So, always have a backup of critical files.

    In regards to updating hardware - the safest strategy is to:

    1. have a backup
    2. decrypt the drive
    3. do modifications
    4. encrypt the drive again

    However, this is a long process and not optimal. In theory, if you do a modification to the machine and the bitlocker engine detects it (thinking the hdd has been ex-filtrated from its original chassis and might be in unauthorized hands) it will just require the recovery key to open the drive and proceed - because you have now proven you are the rightful owner of the data. 

    A caveat on this - replacing the motherboard or TPM can be an issue. You might need to start over and format the drive. Again, have a back up. 

    Remember, this is fairly complicated math and even 1 bit difference in input can cause it to fail.

    I hope this helps. If you have any further questions, please let me know. 

    RichardP

    Program Manager, Support Readiness | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to RichardP

    Hey Richard,

     

    Thanks for the response, I understand removing the HDD and putting it into another laptop or chassis it would give issues ""/

     

    But it should at least allow you to use the recovery key to unlock it like I had in the last scenario , But then because it wasn't matched to the TPM key.

    I would need to use recovery software to actually remove info even thou status was unlocked .

     

    But if you take the HDD back and put it into the same laptop with the same TPM surely , It should've just gone to normal bit locker screen and booted ?

Unfiltered HTML