Views
Contents |
DiskCryptor bootloader options
DiskCryptor bootloader is used for booting up an OS from an encrypted partition. The bootloader has a number of options, allowing to determine its behavior in different situations, for example:
- Boot a different encrypted OS depending on a password entered;
- Boot an unencrypted OS on entering an incorrect password;
- Change bootloader messages and set time limit for the authentication;
- When placing the bootloader on an external medium, you have an option of embedding a password into it, and to boot the system with authentication on a key's medium;
- You can even place the bootloader with an embedded password on LAN, and to boot a park of machines automatically, without user intervention.
In this manual, configuring of bootloader with the console version of DiskCryptor, is described. The bootloader options in the GUI version, are the same. The bootloader configuration menu appears automatically on a creation of an external bootloader, and it also can be invoked by the "dccon -boot -config" command (see Console version commands for details).
All options are separated into section of functions performed.
| # | Options |
|---|---|
| 1 | Change logon options |
| 2 | Change incorrect password action |
| 3 | Use incorrect password action if no password entered (OFF) |
| 4 | Set booting method |
| 5 | Set bootauth keyboard layout |
| 6 | Save changes and exit |
Logon options
| # | Options | Description |
|---|---|---|
| 1 | On/Off "enter password" message (ON) | Allows to switch off the display of the message, prompting for a password. |
| 2 | Change display password type (display "*") | Allows to select the method of displaying a password on its input, - display nothing, mask with asterisks, or display password openly. |
| 3 | Change password prompt text (enter password: ) | Allows you to change the authentication message. |
| 4 | Enable embedded keyfile (disabled) | Allows to set an embedded keyfile for pre-boot authentication. When an embedded keyfile is present, it is being used in addition to supplied password, or instead of it, if prompt to supply a password is turned off. |
| 5 | Change authentication timeout (disabled) | Allows to set the time limit for the authentication, and when it has been reached, a default action, performed in case of the absence of a password, is executed. |
| 6 | Cancel timeout if any key pressed (OFF) | Allows to cancel the counter limiting the time you have to input a password, by pressing any key. |
| 7 | Return to main menu |
Incorrect password action
| # | Options | Description |
|---|---|---|
| 1 | On/Off invalid password message (ON) | Allows to turn off display of the message on entering an incorrect password. |
| 2 | Invalid password action (retry authentication) | Allows you to set the next action, following the input of an incorrect password (see below). |
| 3 | Invalid password message (password incorrect) | Allows to change the message displayed on entering an incorrect password. |
| 4 | Return to main menu |
Following the entry of an incorrect password, the following actions are available:
| # | Options | Description |
|---|---|---|
| 1 | Halt system | |
| 2 | Reboot system | |
| 3 | Boot from active partition | Try to boot an OS from an active partition of the 1st HDD. |
| 4 | Exit to BIOS | After that BIOS may try to boot up from a different medium. |
| 5 | Retry authentication |
Incorrect password action if no password entered
This option sets the default action, executed in case of the absence of a password. When this option is turned on, then in case of a blank password, the action set in the Incorrect password action, will be executed. Otherwise, there will be an attempt to boot the system without a password, according to the Booting method options. The default actions is also used on authentication timeout.
Booting method
This option sets the OS booting method on successful authentication.
Authentication is considered to be successful, when it were possible to mount at least one encrypted partition on any of the disks. The default value of this option is set to load a saved copy of MBR, which is similar to the boot process from an unencrypted disk. Changing of this option might be needed for the creation of a multi-boot configuration and when placing the bootloader on an external medium. The number of available booting methods is dependent on the bootloader placing method.
The following is full list of all available booting methods:
| # | Options | Description |
|---|---|---|
| 1 | Set "load boot disk MBR" | Load a saved copy of MBR, of the HDD, on which the loader resides. |
| 2 | Set "load first disk MBR" | Load MBR from the 1st HDD, that has an active partition. |
| 3 | Set "load OS from active partition" | Boot from the active partition, of the HDD, on which the loader resides. |
| 4 | Set "boot from first partition with appropriate password" | Boot from the first partition, password to which was accepted. |
| 5 | Set "boot from specified partition" | see below |
The 5th option — boot from specified partition needs the additional explanation. On choosing this booting method, there will be a list presented with mounted encrypted partitions, and you will be able to choose a partition from which to boot. The search for this partition will be carried out using disk_id of the functionary header of a volume. This is a unique 32 bit partition descriptor. The descriptor is located in the encrypted part of the header, and is accessible only after inputting a password, thus it is impossible to determine from which partition the booting will be done, without knowing a password.
Bootauth keyboard layout
This option allows to choose keyboard layout for entering a password in the bootloader. The following layouts are available: QWERTY, QWERTZ and AZERTY.
- The QWERTY layout is fully in conformance with the standard English US layout.
- QWERTZ and AZERTY layouts are supported in a limited capacity, and only the followings sets of symbols are available: [a-z], [A-Z], [0-9].
