manualshive.com logo in svg

Rohde & Schwarz R&S Trusted Disk 3.3.1, Administration Manual

The Rohde & Schwarz R&S Trusted Disk 3.3.1 is a cutting-edge data security solution for secure file storage. Ensure full protection of sensitive information with the help of the comprehensive Administration Manual available for free download from our website. Gain access to essential instructions and guidelines for efficient data management.

Share
Download
background image

Command-line tools

25

Administration manual 4603.7988.02 ─ 03

Parameter

Description

-e [--encrypt]

Starts the encryption process immediately after initialization

Prerequisite: R&S

 

TD

 

CryptoHelper is installed with the parameter 

/a

,

Note:

 After the installation of R&S

 

TD

 

CryptoHelper with the parameter 

/a

, a

restart is required.

-l [--list-partitions]

Lists partitions that can be encrypted with the parameter 

--partitions

-p [--partitions]

Defines the range of partitions including 

arg1

 and 

arg2

Format: 

--partitions arg1 arg2

 where arg1 and arg2 are numbers as indica-

ted by 

--list-partitions

5.1.2

 

Examples

5.1.2.1

 

Full-disk encryption without a smart card

You can initialize the full-disk encryption without a smart card using the FDE initializa-
tion tool.

Not VS-NfD approved

Initializing the full-disk encryption without a smart card is not VS-NfD approved.

1. Start a command prompt.

2. Enter the command 

fdeinit.exe

.

3. Add the parameters 

-o

 and 

-u

 (optional) for the directories containing owner and

user (optional) certificates.

Note: 

The certificate files can either exist as DER-encoded files with the exten-

sion 

.der

 or in PEM format with the extension 

.pem

 or 

.crt

.

4. Add the parameter 

-n

 for (-notoken).

Example: 

fdeinit.exe -u x:

\installation\TrustedDisk\usercerts –o x:
\installation\TrustedDisk\ownercerts -n

5. Press [Enter].

6.

NOTICE! 

Setup mode required for UEFI/GPT. After initializing the full-disk encryp-

tion on an UEFI-based workstation, you need to activate setup mode, so
R&S

 

Trusted

 

Disk can perform a system takeover. For instructions on how to acti-

vate setup mode, see 

Chapter 4.4.2, "Activating setup mode (UEFI/GPT)"

,

on page 23.

FDE initialization tool

Summary of Contents for R&S Trusted Disk 3.3.1

Page 1: ...R S Trusted Disk Standalone Administration manual Administration manual Version 03 4603798802 3 2...

Page 2: ...Rohde Schwarz would like to thank the open source community for their valuable contribution to embedded computing 2019 Rohde Schwarz Cybersecurity GmbH M hldorfstr 15 81671 Munich Germany Phone 49 89...

Page 3: ...tributable 11 3 2 2 PKCS 11 module 12 3 2 3 R S TD CryptoHelper 13 3 3 Configuring R S Trusted Identity Manager 13 3 3 1 Installing R S Trusted Identity Manager Standalone 14 3 3 2 Creating a root cer...

Page 4: ...7 5 2 3 List of parameters 28 5 2 4 Structure 29 6 Advanced tasks 30 6 1 Updating R S Trusted Disk 30 6 2 Configuring the PIN policy 31 6 3 R S Trusted Disk key update 32 6 4 Stealth mode 33 6 4 1 UEF...

Page 5: ...ers groups policies certificates and devices This document assumes basic device networking and security knowledge including the following Setup and configuration of endpoint hardware Partitioning form...

Page 6: ...separated by angle brack ets Each UI item is enclosed in quotation marks User Authentication Local Users Settings Device Management Parameters and placeholders are capital ized in monospaced font The...

Page 7: ...ting your network security at risk In tables and lists this annotation is indicated by NOTICE 1 4 Contact service and support We provide technical support as detailed in your service level agreement T...

Page 8: ...n email to our Support team If you require additional support after creating a ticket you can contact our Support team by phone or email indicating your ticket ID Ticket system https myrscs rohde schw...

Page 9: ...g smart cards Use of algorithms AES XTS 512 for encryption and SHA 2 512 for hashing Support of RSA 2048 bit 3072 bit and 4096 bit Fulfillment of compliance requirements based on audit logs in authori...

Page 10: ...s an integrated PKI and all necessary components for per sonalizing and man aging smart cards R S Trusted Disk R S Trusted Disk Setup X X X VS NfD msi R S Trusted Disk Setup X X X eToken msi See Chapt...

Page 11: ...g For maximum compatibility we highly recommend updating the BIOS UEFI firm ware to the newest version 3 2 Installing the middleware and dependencies All workstations need the following middleware and...

Page 12: ...he smart card The middleware differs depending on whether you use CardOS smart cards or Gemalto eTokens CardOS API for CardOS smart cards 12 SafeNet Authentication Client for Gemalto eTokens 12 3 2 2...

Page 13: ...is not required For more information see Chapter 5 1 FDE initialization tool on page 24 If you install the application with the parameter quiet the installation takes place with out user interaction T...

Page 14: ...hecked while you type 5 Click Next Execute Backup R S Trusted Identity Manager Standalone data To ensure access to the root CA smart card information and all certificates in case the administrator wor...

Page 15: ...Open CardOS Viewer b Select your card reader from the list c Click Card Initialize Card d Fill in the required information e Click OK 3 Open R S Trusted Identity Manager Standalone 4 Select the tab To...

Page 16: ...te 3 Select the administrator s smart card 4 Click Next 5 Select the destination folder 6 Click Next Execute The administrator certificate is saved 7 Rename the exported certificate to SecurityAdminCe...

Page 17: ...the smart card You can reset the smart card PIN with the PUK Additionally the PUK is needed to unlock the smart card if the PIN was entered incorrectly three times You can enter the PUK incorrectly up...

Page 18: ...ot status 18 Enabling Secure Boot 18 3 4 1 Checking the Secure Boot status 1 Start Windows PowerShell with administrator rights 2 Enter Confirm SecureBootUEFI 3 Press Enter If the return value is True...

Page 19: ...played Tip You can access the UEFI by pressing a hotkey right after you power on the workstation The hotkey differs between systems the most frequent being F2 DEL and ESC 2 In the UEFI navigate to the...

Page 20: ...g the middleware and dependencies on page 11 The latest cumulative Windows update is needed on Windows 10 1507 10240 UEFI We only support Windows versions that are still supported by Microsoft For mor...

Page 21: ...lid i e not expired 1 Create a folder on the workstation 2 Transfer SecurityAdminCertificate crt and the R S Trusted Disk installer to the folder 3 In the folder create a subfolder CACerts Note To ens...

Page 22: ...rary data on a workstation Only the admin and users with permission can access an encrypted workstation using a smart card and PIN for pre boot authentica tion Contents Full disk encryption wizard 22...

Page 23: ...iled instructions refer to the user documentation of the hardware Usually current systems offer one of the following options to activate setup mode Activating setup mode directly Deleting all pre inst...

Page 24: ...The tool is located in the R S Trusted Disk installation folder i e C Program Files x86 Sirrix AG TrustedDisk Contents List of parameters 24 Examples 25 5 1 1 List of parameters You can execute fdeini...

Page 25: ...FDE initializa tion tool Not VS NfD approved Initializing the full disk encryption without a smart card is not VS NfD approved 1 Start a command prompt 2 Enter the command fdeinit exe 3 Add the parame...

Page 26: ...e l 4 Press Enter The list displays all partitions that can be encrypted with the parameter 5 Enter the command fdeinit exe 6 Add the parameter o for the directory containing owner certificates Exampl...

Page 27: ...istrator rights in Windows The tool is located at C Program Files x86 Sirrix AG TrustedDisk InstallSBM exe 5 2 2 InstallSBM efi InstallSBM efi can be executed before Windows boots i e you need to acce...

Page 28: ...SBM efi is located on with the command fs X X is placeholder for the respective partition number Example fs0 cd EFI RSCS InstallSBM efi help 5 2 3 List of parameters You can execute InstallSBM exe Ins...

Page 29: ...he amount of partial write operations that could corrupt the file sys tem Reset configuration reset configuration Resets all settings to its default values Disabling logging or reducing its verbosity...

Page 30: ...are valid i e not expired If you use intermediate CAs all CA certificates of the chain including the root CA cer tificate must be present in the CACerts folder see Chapter 4 3 1 Update the middleware...

Page 31: ...update Manually restart the workstation Disable hybrid shutdown in your Windows settings You have updated R S Trusted Disk 6 2 Configuring the PIN policy You can require users to set up a complex PIN...

Page 32: ...ing the smart card with R S Trus ted Identity Manager you can perform the key update with R S Trusted Disk For the system volume the key update is performed when the R S Trusted Disk application is st...

Page 33: ...n encrypted system is not disclosed Stealth mode is supported on the following systems UEFI GPT 33 Legacy BIOS MBR 36 6 4 1 UEFI GPT 6 4 1 1 Preparing stealth mode Windows installation 1 Boot the work...

Page 34: ...th mode Make this configuration before initializing the full disk encryption 1 Boot the workstation with the system that you want to encrypt see Chapter 6 4 1 1 Preparing stealth mode on page 33 2 Sta...

Page 35: ...script UEFI GPT on page 45 You have prepared the workstation for its full disk encryption Full disk encryption During the full disk encryption deactivate the option Encrypt all sections so that the o...

Page 36: ...B Boot partition Partition 2 Primary x GB First Windows partition Unpartitioned space 5 Select the first Windows partition 6 Install Windows Preparing the second Windows installation Before initializi...

Page 37: ...tem 100 MB Boot partition Partition 2 Primary x GB First Windows partition Partition 3 Primary y GB Second Windows partition 3 Select the second Windows partition 4 Install Windows 5 When the installa...

Page 38: ...our support team provides a rescue CD This feature is not intended to uninstall or remove R S Trusted Disk it only works for recovering data After the decryption you have the following options to rec...

Page 39: ...rescue CD The program checks if encrypted partitions are available Note The SATA controller must be set to AHCI mode instead of RAID mode Oth erwise the rescue CD may not detect the encrypted hard di...

Page 40: ...sts on the workstation R S Trusted Disk overwrites it during this procedure Optional manual update Run Setup exe with the following command line argument Setup exe ConfigFile C Users Default AppData L...

Page 41: ...t card readers 46 7 1 Activating setup mode UEFI GPT Lenovo T460p 1 To access the UEFI press F1 right after starting the workstation 2 Navigate to the tab Security Figure 7 1 Lenovo T460p Secure Boot...

Page 42: ...nter 5 Save and exit the UEFI With activated setup mode R S Trusted Disk starts the system takeover Possible Secure Boot menu items Name Value Description Secure Boot Enabled Disabled Enables or disab...

Page 43: ...ot Enable menu item to allow R S Trusted Disk to perform the sys tem takeover A firmware update from the manufacturer might resolve this behavior For models that do not show this deviation you can ski...

Page 44: ...rts the system takeover 12 If the pre boot authentication screen says Secure Boot is deactivated after exiting the UEFI reboot the system Figure 7 5 Secure Boot deactivated 13 To access the UEFI press...

Page 45: ...info txt print false result foreach line in store if line StartsWith displayorder print true elseif Not line StartsWith print false if print data line Split foreach word in data if word StartsWith re...

Page 46: ...Compatible smart card readers We recommend using the smart card reader models IDBridge CT30 IDBridge K30 or IDBridge K50 from Gemalto If you have any questions about the use of specific smart card re...

Page 47: ...t f r Sicherheit in der Informationstechnik German Federal Office for Information Security C CA Certificate Authority F FDE Full Disk Encryption P PBA Pre Boot Authentication PKI Public Key Infrastruc...

Page 48: ...TD CryptoHelper 13 SafeNet Authentication Client 12 P PIN policy 31 Pre boot authentication 18 22 23 Boot manager tool 27 PIN policy 31 Product description 9 Scope of delivery 9 Security features 9 R...

Page 49: ...Index 49 Administration manual 4603 7988 02 03 Feature update 40 System requirements 20...

Reviews:

No comments

Related manuals for R&S Trusted Disk 3.3.1

Jetter JXM-IO-E30 Installation Manual preview
JXM-IO-E30
Brand: Jetter Pages: 35
Teac HD-35NAS User Manual preview
HD-35NAS
Brand: Teac Pages: 20
Maple Systems cMT-FHDX Series Installation Instruction preview
cMT-FHDX Series
Brand: Maple Systems Pages: 2
NETGEAR Powerline 100 Installation Manual preview
Powerline 100
Brand: NETGEAR Pages: 2
SeaLevel PC-ACB.MP User Manual preview
PC-ACB.MP
Brand: SeaLevel Pages: 21
UNICORECOMM UM620N User Manual preview
UM620N
Brand: UNICORECOMM Pages: 19
Beckhoff EK1122 Documentation preview
EK1122
Brand: Beckhoff Pages: 84
Wistron NeWeb DNBA-81 User Manual preview
DNBA-81
Brand: Wistron NeWeb Pages: 32
Allen-Bradley SLC 5/03 Installation Instructions Manual preview
SLC 5/03
Brand: Allen-Bradley Pages: 76
Omron G7Z Manual preview
G7Z
Brand: Omron Pages: 11
LevelOne GSW-0508 User Manual preview
GSW-0508
Brand: LevelOne Pages: 10
SET 89299 Technical Description preview
89299
Brand: SET Pages: 38
Quantum MC300 Prism User Manual preview
MC300 Prism
Brand: Quantum Pages: 140
GE ATS1290 Manual preview
ATS1290
Brand: GE Pages: 24
GE IS200ADIIH A Series Manual preview
IS200ADIIH A Series
Brand: GE Pages: 20
GE VersaMax IC754TAN001 Quick Install Manual preview
VersaMax IC754TAN001
Brand: GE Pages: 17
GE IPN250RTM Hardware Reference Manual preview
IPN250RTM
Brand: GE Pages: 30
GE VMIVME-2533 Series Hardware Reference Manual preview
VMIVME-2533 Series
Brand: GE Pages: 38

Brands by name

Popular brands

Load more brands