Windows 8 and 8.1 Forums


Why would Asus encrypt the C partition

  1. #31


    Posts : 454
    Windows 8.1 Pro with Media Center


    Thanks. It's clear now you have no basis for saying Secure Boot with BitLocker prevents you from using boot media such as Terabyte's tbwinre and ifl which I linked to earlier that are specifically documented to work when Secure Boot is enabled. You ran into issues because you were disabling Secure Boot. If you had tried the right boot media, it might have worked. I haven't tried it myself, so I can't say that it does work, but you sure can't say that it doesn't. I wish someone would run a proper test to determine this. I might the next time I build a new system. Telling people to turn off BitLocker so they can disable Secure Boot is at best premature, as you can't say for sure that it's necessary, and it's a bit dangerous for people who care about encryption.

    Frankly, this thread has been full of FUD about BitLocker. I've corrected the overly general statements that do not apply to the scenario I'm familiar with, using BitLocker without a TPM and with UEFI BIOS in legacy mode. As for UEFI and Secure Boot, I can't correct the FUD written about that, because I don't have any experience with it. All I can do is what I've done, that is, point to products that are documented to work when Secure Boot is enabled. BitLocker may indeed pose problems when those products are used, but that has not been demonstrated.

      My System SpecsSystem Spec

  2. #32


    Posts : 2,690
    Windows 3.1 > Windows 10


    You ran into issues because you were disabling Secure Boot. If you had tried the right boot media, it might have worked. I haven't tried it myself, so I can't say that it does work, but you sure can't say that it doesn't. I wish someone would run a proper test to determine this. I might the next time I build a new system. Telling people to turn off BitLocker so they can disable Secure Boot is at best premature, as you can't say for sure that it's necessary, and it's a bit dangerous for people who care about encryption.
    You are free to Test any thing you want.. And until you do, you have no bases for any comment here..
      My System SpecsSystem Spec

  3. #33


    Germany/Florida
    Posts : 4,514
    Vista and Win7


    Quote Originally Posted by crawfish View Post
    Thanks. It's clear now you have no basis for saying Secure Boot with BitLocker prevents you from using boot media such as Terabyte's tbwinre and ifl which I linked to earlier that are specifically documented to work when Secure Boot is enabled. You ran into issues because you were disabling Secure Boot. If you had tried the right boot media, it might have worked. I haven't tried it myself, so I can't say that it does work, but you sure can't say that it doesn't. I wish someone would run a proper test to determine this. I might the next time I build a new system. Telling people to turn off BitLocker so they can disable Secure Boot is at best premature, as you can't say for sure that it's necessary, and it's a bit dangerous for people who care about encryption.

    Frankly, this thread has been full of FUD about BitLocker. I've corrected the overly general statements that do not apply to the scenario I'm familiar with, using BitLocker without a TPM and with UEFI BIOS in legacy mode. As for UEFI and Secure Boot, I can't correct the FUD written about that, because I don't have any experience with it. All I can do is what I've done, that is, point to products that are documented to work when Secure Boot is enabled. BitLocker may indeed pose problems when those products are used, but that has not been demonstrated.
    I think you never understood what I was saying. I said:

    1. With the encrypted system drive I could not disable secure boot in the BIOS

    2. With the encrypted system drive I had only one temporary boot option and that was from the system drive. And the BIOS was locked.

    3. When the system was decrypted, I was able to boot from USB

    I have certainly not tested all variations and permutations but I have at least tested some of the encryption problems. You have tested nothing and are just throwing out unconfirmed stuff that you might have read somewhere.

    Why don't you do what KYHI says and test it yourself and come back with a full report. Until you have real facts I would appreciate if you stayed off my thread.
      My System SpecsSystem Spec

  4. #34


    Posts : 454
    Windows 8.1 Pro with Media Center


    Quote Originally Posted by whs View Post
    Quote Originally Posted by crawfish View Post
    Thanks. It's clear now you have no basis for saying Secure Boot with BitLocker prevents you from using boot media such as Terabyte's tbwinre and ifl which I linked to earlier that are specifically documented to work when Secure Boot is enabled. You ran into issues because you were disabling Secure Boot. If you had tried the right boot media, it might have worked. I haven't tried it myself, so I can't say that it does work, but you sure can't say that it doesn't. I wish someone would run a proper test to determine this. I might the next time I build a new system. Telling people to turn off BitLocker so they can disable Secure Boot is at best premature, as you can't say for sure that it's necessary, and it's a bit dangerous for people who care about encryption.

    Frankly, this thread has been full of FUD about BitLocker. I've corrected the overly general statements that do not apply to the scenario I'm familiar with, using BitLocker without a TPM and with UEFI BIOS in legacy mode. As for UEFI and Secure Boot, I can't correct the FUD written about that, because I don't have any experience with it. All I can do is what I've done, that is, point to products that are documented to work when Secure Boot is enabled. BitLocker may indeed pose problems when those products are used, but that has not been demonstrated.
    I think you never understood what I was saying. I said:

    1. With the encrypted system drive I could not disable secure boot in the BIOS
    Yes, in replies to my posts, it was established that trying to disable Secure Boot is the wrong approach if you want to keep the encryption. It doesn't work, because BitLocker prevents it. However, by your own admission, you didn't try boot media such as the ones I linked to that are documented to work with Secure Boot enabled.

    2. With the encrypted system drive I had only one boot option and that was from the system drive.
    If certain boot media is documented to work with Secure Boot enabled, it must be possible to boot from it on some systems. Otherwise, Terabyte and others are just lying. I suppose it is possible that if the boot media is incompatible with Secure Boot, the BIOS might not even present it as an option, and that could explain your observation. Or maybe your BIOS was unnecessarily crippled. How would I know? The only thing I'm really interested in here is whether or not BitLocker restricts boot choice in general when Secure Boot is enabled, as Secure Boot by itself shouldn't have prevented it for compatible boot media. That would be useful to know.

    3. When the system was decrypted, I was able to boot from USB
    Yes, as you said, "With the encryption enabled, I could not boot from USB because I could not shut the secure boot off." That was to be expected. It might not be the best answer, though.

    I have certainly not tested all variations and permutations but I have at least tested some of the encryption problems. You have tested nothing and are just throwing out unconfirmed stuff that you might have read somewhere.

    Why don't you do what KYHI says and test it yourself and come back with a full report. Until you have real facts I would appreciate if you stayed off my thread.
    I don't know what KYHI said, because I put him on ignore due to his behavior in this thread, where he repeated his overly general and wrong statements about BitLocker even after I had corrected him here concerning similar statements, and after correcting him again there, his subsequent replies seemed not to acknowledge his wrongness but instead got weirder. And it was not just me finding fault with what he said in that thread. As for what I've tested and haven't tested, I've clearly spelled those things out without any prompting to do so. I've done so in this thread and in the lengthy, detailed post on the Terabyte forum I linked to in my first message. As for your request that I "get off your lawn", my presence on it has clarified what you're talking about and identified what you have and haven't tested, and moreover, what needs to be tested. As I said here, I'm trying to see that BitLocker doesn't get an undeserved bad rap.

    To summarize, you started off by saying BitLocker prevented you from imaging. That is not true in general, and I linked to my post in the Terabyte forum where I described how it works when not using TPM and when UEFI BIOS is in legacy mode. That led you to clarify your first post by stating that BitLocker was preventing you from disabling Secure Boot and thus preventing you from running your boot media. That was news to me, so when you asked why this happens, I did some research and posted a link to a TechNet article that would seem to explain it. You then stated you wrote a tutorial on how to deal with this, and I guess the advice was to decrypt the system drive per your point (3) above and turn off Secure Boot, which I would call The Nuclear Option and a really bad situation if it's the only way. That's when I asked for clarification on whether you had tried boot media such as I had linked to earlier that is documented to work with Secure Boot enabled, which presumably would not require decrypting the system drive. Your response? "Nah." And that's how I came to write the message you've quoted above and are complaining about. I thought it was fair, and I stand by it.

    BTW, it's not just restoring images that's at stake here with this Secure Boot/BitLocker uncertainty. I add a bunch of programs to tbwinre, so that it's a good Parted Magic substitute with a lot of troubleshooting tools instead of a relatively bare bones Windows Recovery Environment with just the Terabyte tools installed. I would not give this or BitLocker up to enable Secure Boot, and when I built my Z87 system a year and a half ago, I concluded Secure Boot was too new and complicated even to experiment with, plus I was reading BIOS's were buggy WRT its features, and even hardware such as video cards may not be compatible with it if they lack UEFI BIOS. It's something I will look into when I build a new system.
      My System SpecsSystem Spec

  5. #35


    Germany/Florida
    Posts : 4,514
    Vista and Win7


    I told you in kind words to stay off my thread or do you want me to ask to get you banned from the forum.
      My System SpecsSystem Spec

Page 4 of 4 FirstFirst ... 234
Why would Asus encrypt the C partition
Related Threads
Hey everyone :) Alright, so my ASUS laptop has been getting a little slow lately, so I decided to reinstall. Now I know my PC has an ASUS recovery partition, which reļnstalls the pc with all the tools, drivers etc, since I've used it before. But now when I restart the computer and press F9 and...
I have recently attempted to reset my laptop to factory and i get this issue Computer specs: Asus VivoBook S550CM 8gb Ram 1. 50015 2.50016 HELP, Need more info? please post on thread
I have some problems with my laptop ASUS K55VD. I had windows 8, but with the store of windows I have updated to windows 8.1. I have tried to use the recovery partition, but every time I try appears a message. Failed to reset your computer. A partition of unity necessary is missing. 48360For...
ASUS Recovery partition in Installation & Setup
Hi All, I've read a lot of posts and a little confused. I upgraded ASUS S400CA to 8.1 . I just need to create a recovery disk with the option of copy from recovery partition which is graded out as many of you know. Can you please provide me with the steps of what I will have to do to create a...
I've just received an Asus S301L laptop, with Win8 Pro preinstalled. The owner wants Win8 wiped and Win7 installed along with Scientific Linux. I've disabled secure boot and enabled CSM in the BIOS, thus getting rid of the annoying UEFI boot process, and I'm now able to boot old-style from...
Hello i buy new asus X550CC-XO028H ultrabook with windows 8 preinstalled.I upgrade windows 8 to 8.1 over windows store.I get many erros in event viewer.So now need restore windows 8 from recovery partition.Install all programs and upgrade to 8.1.But i cannot to do this.Windows 8.1 cannot find...
My tablet is running fine, but I did something (not bright) which could leave me in a lurch later. Here's what I did, and what I'm looking for. Soon after I purchased my Asus VivoTab Smart, I made a USB recovery disk, complete with recovery partition. Then, to save disk space on the tablet, I...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook