Enabling FDE

Full-disk encryption (FDE) is a security method for protecting sensitive data at the hardware level by encrypting all data on a disk drive. In non-confidential computing environments, FDE is typically implemented using the Linux Unified Key Setup (LUKS) and user-supplied keys. However, in a TrustZone-based confidential computing architecture such as virtCCA, encryption keys are obtained using an attestation service instead of being provided by users. For details about how to integrate FDE with virtCCA, see Full Disk Encryption.