ELI5: What is Full Disk Encryption?
Full disk encryption scrambles everything on your hard drive. If someone steals your laptop, all they see is gibberish — like a diary written entirely in a secret code.
Definition
Full Disk Encryption (FDE) is a security control that encrypts all data stored on a device’s storage media, including the operating system, applications, and user data. FDE ensures that if a device is lost, stolen, or physically accessed without authorization, the data remains unreadable without the correct authentication credentials or encryption key.
Key Details
- BitLocker (Windows): TPM-integrated FDE; can require PIN, USB key, or TPM-only authentication
- FileVault (macOS): AES-XTS encryption of the startup disk
- LUKS/dm-crypt (Linux): standard Linux FDE implementation
- TPM integration allows BitLocker to verify boot integrity and release the key automatically if no tampering detected
- FDE protects against offline attacks — an attacker with physical access cannot read data without the key
Connections
- Parent: endpoint-security — FDE is a critical data-at-rest protection control for endpoints
- See also: boot-integrity