Whole disk encryption (WDE) fully encrypts all data and files on a computing device. Systems that enforce WDE typically provide enhanced benefits over standard encryption to protect the data on a computing device without requiring any action from users to encrypt specific files. However, when performing software-based WDE, crucial software such as the operating system may also be encrypted. This presents a problem during a boot process when such crucial software is needed in order to fully boot the computing device. For example, a user may not be able to log in to an account without first decrypting the encrypted operating system, which may then compromise the encryption of the remaining data.
Traditionally, bootloaders may use various pre-boot authentication methods to allow only a small portion of the data to be decrypted first. In this case, bootloaders may allow initial user access to the system without decrypting the remaining data. However, the bootloader itself may be targeted or compromised by a security attack. Furthermore, in some instances, the computing device may be physically compromised or stolen, which may present additional security challenges to both the bootloader and the remaining encrypted data on the computing device. The instant disclosure, therefore, identifies and addresses a need for improved systems and methods for authenticating whole disk encryption systems.