Damaged kernel boot code

It is possible to access a hard disk with damaged kernel boot code as keys are stored separately from the kernel in the so-called KSA (Key Storage Area). By separating the kernel and the keys, this type of drive can be decrypted when hooked up to another computer.

To do this, the user logging on to the other computer needs a key for the KSA of the unbootable partition on their key ring.

In the worst case, the partition is only encrypted using the other computer's Boot_Key. In such a case, the Master Security Officer or the Recovery Officer must assign this Boot_Key to the user.

For further information, see "Slaving" a hard disk.