IFW and Bitlocker

User discussion and information resource forum for Image products.
Post Reply
timg11
Posts: 262
Joined: Sun Oct 02, 2011 4:31 pm

IFW and Bitlocker

Post by timg11 »

I'm thinking about enabling Bitlocker, and I'm researching how it works with IFW
I read the KB http://www.terabyteunlimited.com/kb/article.php?id=616 and have a few questions.

At the start it says the KB applies to "Windows 10 Pro (including the new XTS-AES mode released with version 1511)"
Has any testing been done with Windows 10 versions beyond 1511? Any differences we should be aware of?

In the section heading "Restoring BitLocker Partitions", it says: "Do not use byte-for-byte validation, resizing, or other options that would change partition characteristics."
I understand re-sizing, but can you explain why byte-for-byte validation would change partition characteristics? Isn't is a read-only process, comparing the restored partition to the source partition?

Further below it says "When restoring a Type A backup image to an unlocked BitLocker partition (to restore in the encrypted state), using Validate Byte-for-Byte is not supported and will fail."

From the KB, the Type A backup is unencrypted. The restore-to partition is unlocked (meaning the data on disk is encrypted, but Bitlocker decrypts it so the OS and applications see it as unencrypted). So why would byte-for-byte validation fail? Wouldn't IFW just read the restored partition data and get the unencrypted version back through the decryption provided by bitlocker?

I'm operating under the belief that byte-for-byte validation is an important integrity check, so I always use it. If it is unsupported with bitlocker, that seems to be a functionality gap. If byte-for-byte validation is not important and the regular "Validate" is completely sufficient to guarantee integrity, then I'll stop using B4B.
TeraByte Support(PP)
Posts: 1644
Joined: Fri Aug 12, 2011 12:51 am

Re: IFW and Bitlocker

Post by TeraByte Support(PP) »

The newer versions of Windows use the same BitLocker. Tests have been run, but it's still recommended to thoroughly test your system and make sure it works as expected (different system configurations may be more touchy than others).

At the byte-for-byte validation stage of the restore it can't read from the decrypted volume (it sees the encrypted data). Comparing the encrypted data to the decrypted data causes the validation to fail, which (normally) results in the partition being deleted (usually not desired since it forces a normal restore and re-encryption).

With these types of restores, if byte-for-byte validation is required you would need to do a normal restore and re-encrypt afterwards.
Babygshack
Posts: 2
Joined: Mon May 07, 2018 8:27 am

Re: IFW and Bitlocker

Post by Babygshack »

I'll read it carefully and put it to use.
Post Reply