| 摘要 |
A base encryption method may be applied to plain data to form base encrypted data. An installation encryption method may be applied to the base encryption data to provide encrypted installation data. During installation, the encrypted installation data are encrypted to form encrypted storage data for storage on a storage medium such as a hard drive. Preferably, the data are not fully decrypted at any stage of the installation process. The host CPU may be minimally involved (or not involved) in the encryption/decryption process. Some embodiments provide a logic seal (a/k/a a 'tell-tale circuit') that monitors access to a machine. In some such implementations, an encryption/decryption key may be stored in the logic seal. When the logic seal is broken, countermeasures may be taken, e.g., at least some data may be deleted. For example, one or more cryptographic keys may be erased. |
