[Quote:]

Popular whole disk encryption vendor, PGP Corporation, has a remote support “feature” which allows unattended reboots, fully-bypassing the decryption boot process. The feature, which until recently was not documented(customer accessible only) in most support manuals, allows a user who knows a boot passphrase to add a static password (hexadecimal x01) that the boot software knows. If this flag is set, the boot process does not interrogate a user. It simply starts the operating system.

Vendor response:

You bring up an interesting issue with the automated reboot feature, but you don’t have the details right. I can’t fault you for that, as we haven’t documented on the web site. Full product documentation should be coming in the next release.

The major inaccuracy you have is that the passphrase bypass operates only once. After the system boots, the bypass is reset and has to be enabled again. Note that to enable it, you must have cryptographic access to the volume. You cannot enable it on a bare running disk.

We are not the only manufacturer to have such a feature — all the major people do, because our customers require it of us.

Really? Which customers? Three letter acronyms? And what other functionality did you fail to document? How can we trust you in the future?