Command-line tools
25Administration manual 4603.7988.02 ─ 03
Parameter Description
-e [--encrypt] Starts the encryption process immediately after initialization
Prerequisite: R&S TD CryptoHelper is installed with the parameter /a,
Note: After the installation of R&S TD CryptoHelper with the parameter /a, a
restart is required.
-l [--list-partitions] Lists partitions that can be encrypted with the parameter --partitions
-p [--partitions] Defines the range of partitions including arg1 and arg2
Format: --partitions arg1 arg2 where arg1 and arg2 are numbers as indica-
ted by --list-partitions
5.1.2 Examples
5.1.2.1 Full-disk encryption without a smart card
You can initialize the full-disk encryption without a smart card using the FDE initializa-
tion tool.
Not VS-NfD approved
Initializing the full-disk encryption without a smart card is not VS-NfD approved.
1. Start a command prompt.
2. Enter the command fdeinit.exe.
3. Add the parameters -o and -u (optional) for the directories containing owner and
user (optional) certificates.
Note: The certificate files can either exist as DER-encoded files with the exten-
sion .der or in PEM format with the extension .pem or .crt.
4. Add the parameter -n for (-notoken).
Example: fdeinit.exe -u x:
\installation\TrustedDisk\usercerts –o x:
\installation\TrustedDisk\ownercerts -n
5. Press [Enter].
6.
NOTICE! Setup mode required for UEFI/GPT. After initializing the full-disk encryp-
tion on an UEFI-based workstation, you need to activate setup mode, so
R&S Trusted Disk can perform a system takeover. For instructions on how to acti-
vate setup mode, see Chapter 4.4.2, "Activating setup mode (UEFI/GPT)",
on page 23.
FDE initialization tool
To Next Page
Loading...