Version Information
partition/drive must be decrypted first. Note: A running operating system can be
Download 0.88 Mb. Pdf ko'rish
|
TrueCrypt User Guide
|
partition/drive must be decrypted first. Note: A running operating system can be updated (security patches, service packs, etc.) without any problems even when the system partition/drive is encrypted. • System encryption is supported only on drives that are connected locally via an ATA/SCSI interface (note that the term ATA also refers to SATA and eSATA). • When system encryption is used (this also applies to hidden operating systems), TrueCrypt does not support multi-boot configuration changes (for example, changes to the number of operating systems and their locations). Specifically, the configuration must remain the same as it was when the TrueCrypt Volume Creation Wizard started to prepare the process of encryption of the system partition/drive (or creation of a hidden operating system). Note: The only exception is the multi-boot configuration where a running TrueCrypt-encrypted operating system is always located on drive #0, and it is the only operating system located on the drive (or there is one TrueCrypt-encrypted decoy and one TrueCrypt-encrypted hidden operating system and no other operating system on the drive), and the drive is connected or disconnected before the computer is turned on (for example, using the power switch on an external eSATA drive enclosure). There may be any additional operating systems (encrypted or unencrypted) installed on other drives connected to the computer (when drive #0 is disconnected, drive #1 becomes drive #0, etc.) • When the notebook battery power is low, Windows may omit sending the appropriate messages to running applications when the computer is entering power saving mode. Therefore, TrueCrypt may fail to auto-dismount volumes in such cases. • Preserving of any timestamp of any file (e.g. a container or keyfile) is not guaranteed to be reliably and securely performed (for example, due to filesystem journals, timestamps of file 121 attributes, or the operating system failing to perform it for various documented and undocumented reasons). Note: When you write to a file-hosted hidden volume, the timestamp of the container may change. This can be plausibly explained as having been caused by changing the (outer) volume password. Also note that TrueCrypt never preserves timestamps of system favorite volumes (regardless of the settings). • Special software (e.g., a low-level disk editor) that writes data to a disk drive in a way that circumvents drivers in the driver stack of the class ‘DiskDrive’ (GUID of the class is 4D36E967- E325-11CE-BFC1-08002BE10318) can write unencrypted data to a non-system drive hosting a mounted TrueCrypt volume (‘Partition0’) and to encrypted partitions/drives that are within the key scope of active system encryption (TrueCrypt does not encrypt such data written that way). Similarly, software that writes data to a disk drive circumventing drivers in the driver stack of the class ‘Storage Volume’ (GUID of the class is 71A27CDD-812A-11D0-BEC7- 08002BE2092F) can write unencrypted data to TrueCrypt partition-hosted volumes (even if they are mounted). • For security reasons, when a hidden operating system is running, TrueCrypt ensures that all local unencrypted filesystems and non-hidden TrueCrypt volumes are read-only. However, this does not apply to filesystems on CD/DVD-like media and on custom, atypical, or non-standard devices/media (for example, any devices/media whose class is other than the Windows device class ‘Storage Volume’ or that do not meet the requirements of this class (GUID of the class is 71A27CDD-812A-11D0-BEC7-08002BE2092F)). • Device-hosted TrueCrypt volumes located on floppy disks are not supported. Note: You can still create file-hosted TrueCrypt volumes on floppy disks. • Further limitations are listed in the section Security Model. |
