A platform may be described as the underlying hardware and/or software for a computing device. Platforms are rapidly converging toward more use of platform security, such as the use of a Trusted Platform Module (TPM) (http://www.trustedcomputinggroup.org) to encrypt disk content (i.e., data) of a full disk volume. A TPM may be described as a microcontroller that stores a storage root key and that is capable of encrypting and decrypting disk content. The TPM storage root key is a public/private key pair. Any data encrypted with the storage root key public key, may only be decrypted by the corresponding storage root key private key.
An operating system may use TPM to encrypt disk content, and this is referred to as in-band operating system security. For example, the Secure Startup Full-Volume Encryption (FVE) mode available from Microsoft Corporation in the Vista Windows® operating system uses TPM.
The disk volume may be divided into disk partitions. An in-band operating system encryption/decryption agent may encrypt and decrypt content on a disk partition with which the agent is associated. Out-of-band agents may be described as managing requests to and from a remote agent (e.g., at a remote computing device). Out-of-band agents are capable of performing tasks on any of the disk partitions. Out-of-band requests may be described as those that are managed by remote agents which use the capabilities of out-of-band agents. For example, if a user at a local computing device is playing a computer game, and an administrator at a remote computing device wants to know the temperature of the local computing device, a remote agent at the remote computing device may contact an out-of-band agent at the local computing device to determine the temperature. The user's game is not interrupted, and, typically, the user is not aware of the out-of-band request.
An operating system that uses TPM provides encryption that is at odds with an Out-Of-Band (OOB) disk backup strategy. In particular, conventional remote disk backup operations assume that disk content is stored in the clear (i.e., in an unencrypted manner). Thus, because disk content would ordinarily be opaque to agents other than the in-band operating system encryption/decryption agent, these other agents may not be able to read the encrypted disk content. Therefore, certain in-band operating system encryption/decryption technologies may moot some of the management advantages of existing out-of-band agents.
Thus, there is a need in the art for seamless data migration to enable out-of-band operations to be performed.