IFW and Bitlocker

User discussion and information resource forum for Image products.

IFW and Bitlocker

Postby timg11 » Sun Feb 25, 2018 10:31 am

I'm thinking about enabling Bitlocker, and I'm researching how it works with IFW
I read the KB http://www.terabyteunlimited.com/kb/article.php?id=616 and have a few questions.

At the start it says the KB applies to "Windows 10 Pro (including the new XTS-AES mode released with version 1511)"
Has any testing been done with Windows 10 versions beyond 1511? Any differences we should be aware of?

In the section heading "Restoring BitLocker Partitions", it says: "Do not use byte-for-byte validation, resizing, or other options that would change partition characteristics."
I understand re-sizing, but can you explain why byte-for-byte validation would change partition characteristics? Isn't is a read-only process, comparing the restored partition to the source partition?

Further below it says "When restoring a Type A backup image to an unlocked BitLocker partition (to restore in the encrypted state), using Validate Byte-for-Byte is not supported and will fail."

From the KB, the Type A backup is unencrypted. The restore-to partition is unlocked (meaning the data on disk is encrypted, but Bitlocker decrypts it so the OS and applications see it as unencrypted). So why would byte-for-byte validation fail? Wouldn't IFW just read the restored partition data and get the unencrypted version back through the decryption provided by bitlocker?

I'm operating under the belief that byte-for-byte validation is an important integrity check, so I always use it. If it is unsupported with bitlocker, that seems to be a functionality gap. If byte-for-byte validation is not important and the regular "Validate" is completely sufficient to guarantee integrity, then I'll stop using B4B.
Posts: 173
Joined: Sun Oct 02, 2011 9:31 am

Re: IFW and Bitlocker

Postby TeraByte Support(PP) » Sun Feb 25, 2018 11:50 pm

The newer versions of Windows use the same BitLocker. Tests have been run, but it's still recommended to thoroughly test your system and make sure it works as expected (different system configurations may be more touchy than others).

At the byte-for-byte validation stage of the restore it can't read from the decrypted volume (it sees the encrypted data). Comparing the encrypted data to the decrypted data causes the validation to fail, which (normally) results in the partition being deleted (usually not desired since it forces a normal restore and re-encryption).

With these types of restores, if byte-for-byte validation is required you would need to do a normal restore and re-encrypt afterwards.
Paul Purviance
TeraByte Support
TeraByte Support(PP)
Posts: 1230
Joined: Thu Aug 11, 2011 5:51 pm

Re: IFW and Bitlocker

Postby Babygshack » Mon May 07, 2018 1:44 am

I'll read it carefully and put it to use.
Posts: 2
Joined: Mon May 07, 2018 1:27 am

Return to Image for DOS/Linux/Windows