BitLocker: are 16 sectors appear to be unencrypted?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

It appears that the first 16 sectors of the protected volume are not
encrypted.

(The only difference seems to be the "FVE-FS" instead of "NTFS" label at the
beginning.)

Why? There appears to be a bit of space to place data, bypassing encryption
protections.

Thanks!
 
The first 8K (which translates to 16 sectors if using 512 byte sectors) is a
reserved area of the volume referred to as the boot block.
The first 512 bytes of this contains the BIOS Parameter Block.
The last 512 bytes of this contains volume snapshot data reference. Actual
volume snapshot data is encrypted.
The remaining portion of this block contains unused boot code. It's unused
as the encrypted partition cannot be the active partition.

The boot sector and backup sector need to be decrypted to allow certain
recovery scenarios. The 8K alignment was set early on in the development
when part of the first 8K was going to be used to store metadata, when the
approach changed, there was no good reason to change the 8K alignment to a
sector alignment (that can be as high as 4K).
-
Jamie Hunter [MS]
 
Back
Top