manualshive.com logo in svg

Rohde & Schwarz R&S Trusted Disk 3.3.1, Administration Manual

The Rohde & Schwarz R&S Trusted Disk 3.3.1 is a cutting-edge data security solution for secure file storage. Ensure full protection of sensitive information with the help of the comprehensive Administration Manual available for free download from our website. Gain access to essential instructions and guidelines for efficient data management.

Share
Download
background image

Command-line tools

24

Administration manual 4603.7988.02 ─ 03

5

 

Command-line tools

Contents

FDE initialization tool

...............................................................................................24

Boot manager tool (UEFI/GPT)

...............................................................................27

5.1

 

FDE initialization tool

R&S

 

Trusted

 

Disk is delivered with an FDE initialization tool (

fdeinit.exe

), a com-

mand-line application to initialize the full-disk encryption.

The tool offers the following options:

Initialize the full-disk encryption with and without a smart card

Select multiple certificates for user and owners for the full-disk encryption

Show partitions of hard disk drives that can be encrypted

Define ranges of partitions for the full-disk encryption

Restore a previous system configuration

The tool is located in the R&S

 

Trusted

 

Disk installation folder, i.e.

C:\Program Files (x86)\Sirrix AG\TrustedDisk

.

Contents

List of parameters

................................................................................................... 24

Examples

................................................................................................................ 25

5.1.1

 

List of parameters

You can execute 

fdeinit.exe

 with the following parameters:

Parameter

Description

-h [--help]

Shows help information

-v [--version]

Shows version information

-u [--usercerts]

Optional: Path to directory that contains user certificates

-o [--ownercerts]

Path to directory that contains owner certificates

-n [--notoken]

Activates the full-disk encryption without a smart card (not recommended)
without collecting entropy from the smart card

Note:

 This option is not approved for use at VS-NfD security level (see

Chapter 5.1.2.1, "Full-disk encryption without a smart card"

on page 25).

-r [--restore]

Optional: Restores a previous system configuration

Note:

 R&S

 

Trusted

 

Disk managed version only.

FDE initialization tool

Summary of Contents for R&S Trusted Disk 3.3.1

Page 1: ...R S Trusted Disk Standalone Administration manual Administration manual Version 03 4603798802 3 2...

Page 2: ...Rohde Schwarz would like to thank the open source community for their valuable contribution to embedded computing 2019 Rohde Schwarz Cybersecurity GmbH M hldorfstr 15 81671 Munich Germany Phone 49 89...

Page 3: ...tributable 11 3 2 2 PKCS 11 module 12 3 2 3 R S TD CryptoHelper 13 3 3 Configuring R S Trusted Identity Manager 13 3 3 1 Installing R S Trusted Identity Manager Standalone 14 3 3 2 Creating a root cer...

Page 4: ...7 5 2 3 List of parameters 28 5 2 4 Structure 29 6 Advanced tasks 30 6 1 Updating R S Trusted Disk 30 6 2 Configuring the PIN policy 31 6 3 R S Trusted Disk key update 32 6 4 Stealth mode 33 6 4 1 UEF...

Page 5: ...ers groups policies certificates and devices This document assumes basic device networking and security knowledge including the following Setup and configuration of endpoint hardware Partitioning form...

Page 6: ...separated by angle brack ets Each UI item is enclosed in quotation marks User Authentication Local Users Settings Device Management Parameters and placeholders are capital ized in monospaced font The...

Page 7: ...ting your network security at risk In tables and lists this annotation is indicated by NOTICE 1 4 Contact service and support We provide technical support as detailed in your service level agreement T...

Page 8: ...n email to our Support team If you require additional support after creating a ticket you can contact our Support team by phone or email indicating your ticket ID Ticket system https myrscs rohde schw...

Page 9: ...g smart cards Use of algorithms AES XTS 512 for encryption and SHA 2 512 for hashing Support of RSA 2048 bit 3072 bit and 4096 bit Fulfillment of compliance requirements based on audit logs in authori...

Page 10: ...s an integrated PKI and all necessary components for per sonalizing and man aging smart cards R S Trusted Disk R S Trusted Disk Setup X X X VS NfD msi R S Trusted Disk Setup X X X eToken msi See Chapt...

Page 11: ...g For maximum compatibility we highly recommend updating the BIOS UEFI firm ware to the newest version 3 2 Installing the middleware and dependencies All workstations need the following middleware and...

Page 12: ...he smart card The middleware differs depending on whether you use CardOS smart cards or Gemalto eTokens CardOS API for CardOS smart cards 12 SafeNet Authentication Client for Gemalto eTokens 12 3 2 2...

Page 13: ...is not required For more information see Chapter 5 1 FDE initialization tool on page 24 If you install the application with the parameter quiet the installation takes place with out user interaction T...

Page 14: ...hecked while you type 5 Click Next Execute Backup R S Trusted Identity Manager Standalone data To ensure access to the root CA smart card information and all certificates in case the administrator wor...

Page 15: ...Open CardOS Viewer b Select your card reader from the list c Click Card Initialize Card d Fill in the required information e Click OK 3 Open R S Trusted Identity Manager Standalone 4 Select the tab To...

Page 16: ...te 3 Select the administrator s smart card 4 Click Next 5 Select the destination folder 6 Click Next Execute The administrator certificate is saved 7 Rename the exported certificate to SecurityAdminCe...

Page 17: ...the smart card You can reset the smart card PIN with the PUK Additionally the PUK is needed to unlock the smart card if the PIN was entered incorrectly three times You can enter the PUK incorrectly up...

Page 18: ...ot status 18 Enabling Secure Boot 18 3 4 1 Checking the Secure Boot status 1 Start Windows PowerShell with administrator rights 2 Enter Confirm SecureBootUEFI 3 Press Enter If the return value is True...

Page 19: ...played Tip You can access the UEFI by pressing a hotkey right after you power on the workstation The hotkey differs between systems the most frequent being F2 DEL and ESC 2 In the UEFI navigate to the...

Page 20: ...g the middleware and dependencies on page 11 The latest cumulative Windows update is needed on Windows 10 1507 10240 UEFI We only support Windows versions that are still supported by Microsoft For mor...

Page 21: ...lid i e not expired 1 Create a folder on the workstation 2 Transfer SecurityAdminCertificate crt and the R S Trusted Disk installer to the folder 3 In the folder create a subfolder CACerts Note To ens...

Page 22: ...rary data on a workstation Only the admin and users with permission can access an encrypted workstation using a smart card and PIN for pre boot authentica tion Contents Full disk encryption wizard 22...

Page 23: ...iled instructions refer to the user documentation of the hardware Usually current systems offer one of the following options to activate setup mode Activating setup mode directly Deleting all pre inst...

Page 24: ...The tool is located in the R S Trusted Disk installation folder i e C Program Files x86 Sirrix AG TrustedDisk Contents List of parameters 24 Examples 25 5 1 1 List of parameters You can execute fdeini...

Page 25: ...FDE initializa tion tool Not VS NfD approved Initializing the full disk encryption without a smart card is not VS NfD approved 1 Start a command prompt 2 Enter the command fdeinit exe 3 Add the parame...

Page 26: ...e l 4 Press Enter The list displays all partitions that can be encrypted with the parameter 5 Enter the command fdeinit exe 6 Add the parameter o for the directory containing owner certificates Exampl...

Page 27: ...istrator rights in Windows The tool is located at C Program Files x86 Sirrix AG TrustedDisk InstallSBM exe 5 2 2 InstallSBM efi InstallSBM efi can be executed before Windows boots i e you need to acce...

Page 28: ...SBM efi is located on with the command fs X X is placeholder for the respective partition number Example fs0 cd EFI RSCS InstallSBM efi help 5 2 3 List of parameters You can execute InstallSBM exe Ins...

Page 29: ...he amount of partial write operations that could corrupt the file sys tem Reset configuration reset configuration Resets all settings to its default values Disabling logging or reducing its verbosity...

Page 30: ...are valid i e not expired If you use intermediate CAs all CA certificates of the chain including the root CA cer tificate must be present in the CACerts folder see Chapter 4 3 1 Update the middleware...

Page 31: ...update Manually restart the workstation Disable hybrid shutdown in your Windows settings You have updated R S Trusted Disk 6 2 Configuring the PIN policy You can require users to set up a complex PIN...

Page 32: ...ing the smart card with R S Trus ted Identity Manager you can perform the key update with R S Trusted Disk For the system volume the key update is performed when the R S Trusted Disk application is st...

Page 33: ...n encrypted system is not disclosed Stealth mode is supported on the following systems UEFI GPT 33 Legacy BIOS MBR 36 6 4 1 UEFI GPT 6 4 1 1 Preparing stealth mode Windows installation 1 Boot the work...

Page 34: ...th mode Make this configuration before initializing the full disk encryption 1 Boot the workstation with the system that you want to encrypt see Chapter 6 4 1 1 Preparing stealth mode on page 33 2 Sta...

Page 35: ...script UEFI GPT on page 45 You have prepared the workstation for its full disk encryption Full disk encryption During the full disk encryption deactivate the option Encrypt all sections so that the o...

Page 36: ...B Boot partition Partition 2 Primary x GB First Windows partition Unpartitioned space 5 Select the first Windows partition 6 Install Windows Preparing the second Windows installation Before initializi...

Page 37: ...tem 100 MB Boot partition Partition 2 Primary x GB First Windows partition Partition 3 Primary y GB Second Windows partition 3 Select the second Windows partition 4 Install Windows 5 When the installa...

Page 38: ...our support team provides a rescue CD This feature is not intended to uninstall or remove R S Trusted Disk it only works for recovering data After the decryption you have the following options to rec...

Page 39: ...rescue CD The program checks if encrypted partitions are available Note The SATA controller must be set to AHCI mode instead of RAID mode Oth erwise the rescue CD may not detect the encrypted hard di...

Page 40: ...sts on the workstation R S Trusted Disk overwrites it during this procedure Optional manual update Run Setup exe with the following command line argument Setup exe ConfigFile C Users Default AppData L...

Page 41: ...t card readers 46 7 1 Activating setup mode UEFI GPT Lenovo T460p 1 To access the UEFI press F1 right after starting the workstation 2 Navigate to the tab Security Figure 7 1 Lenovo T460p Secure Boot...

Page 42: ...nter 5 Save and exit the UEFI With activated setup mode R S Trusted Disk starts the system takeover Possible Secure Boot menu items Name Value Description Secure Boot Enabled Disabled Enables or disab...

Page 43: ...ot Enable menu item to allow R S Trusted Disk to perform the sys tem takeover A firmware update from the manufacturer might resolve this behavior For models that do not show this deviation you can ski...

Page 44: ...rts the system takeover 12 If the pre boot authentication screen says Secure Boot is deactivated after exiting the UEFI reboot the system Figure 7 5 Secure Boot deactivated 13 To access the UEFI press...

Page 45: ...info txt print false result foreach line in store if line StartsWith displayorder print true elseif Not line StartsWith print false if print data line Split foreach word in data if word StartsWith re...

Page 46: ...Compatible smart card readers We recommend using the smart card reader models IDBridge CT30 IDBridge K30 or IDBridge K50 from Gemalto If you have any questions about the use of specific smart card re...

Page 47: ...t f r Sicherheit in der Informationstechnik German Federal Office for Information Security C CA Certificate Authority F FDE Full Disk Encryption P PBA Pre Boot Authentication PKI Public Key Infrastruc...

Page 48: ...TD CryptoHelper 13 SafeNet Authentication Client 12 P PIN policy 31 Pre boot authentication 18 22 23 Boot manager tool 27 PIN policy 31 Product description 9 Scope of delivery 9 Security features 9 R...

Page 49: ...Index 49 Administration manual 4603 7988 02 03 Feature update 40 System requirements 20...

Reviews:

No comments

Related manuals for R&S Trusted Disk 3.3.1

PACOM Professional Series Quick Manual preview
Professional Series
Brand: PACOM Pages: 15
Baracoda All in One Printer Communication Protocol Manual preview
All in One Printer
Brand: Baracoda Pages: 42
NEC IE-78K0-NS-P04 User Manual preview
IE-78K0-NS-P04
Brand: NEC Pages: 72
NEC ELECTRA ELITE IPK II Programming Manual preview
ELECTRA ELITE IPK II
Brand: NEC Pages: 617
NEC VERSA DOCK - SERVICE Installation Manual preview
VERSA DOCK - SERVICE
Brand: NEC Pages: 8
Patton electronics 2888 Getting Started Manual preview
2888
Brand: Patton electronics Pages: 51
DAQ system PCIe-FRM13 User Manual preview
PCIe-FRM13
Brand: DAQ system Pages: 41
DAQ system PCIe-SER01 User Manual preview
PCIe-SER01
Brand: DAQ system Pages: 19
EK-Quantum Kinetic FLT 80 D5/DDC Body User Manual preview
Kinetic FLT 80 D5/DDC Body
Brand: EK-Quantum Pages: 16
IDT DBP 7+4 User Manual preview
DBP 7+4
Brand: IDT Pages: 93
Seattle Computer Products 8086 CPU Instruction Manual preview
8086 CPU
Brand: Seattle Computer Products Pages: 31
Buffalo LinkStation Quick Setup Manual preview
LinkStation
Brand: Buffalo Pages: 2
ADS Technologies PTV-352-EFG Hardware Quickmanual preview
PTV-352-EFG
Brand: ADS Technologies Pages: 1
XJTAG XJLink2-CFM User Manual preview
XJLink2-CFM
Brand: XJTAG Pages: 9
Xilinx Zynq-7000 Manual preview
Zynq-7000
Brand: Xilinx Pages: 8
Arduino ABX00061 Reference Manual preview
ABX00061
Brand: Arduino Pages: 25
Divio SRA311-008P8 Series Installation Manual preview
SRA311-008P8 Series
Brand: Divio Pages: 4
IndigoVision Compact NVR-AS 4000 User Manual preview
Compact NVR-AS 4000
Brand: IndigoVision Pages: 38

Brands by name

Popular brands

Load more brands