US Patent 11048802 Encrypted hard disk imaging process

One method disclosed includes booting a computer with a bootloader, where the bootloader is stored on an unencrypted portion of a data storage device of the computer. The method further includes unsealing a decryption password for an encrypted portion of the data storage device from a trusted platform module (TPM) using a first sealing policy, where the first sealing policy excludes dependence on a first platform configuration register (PCR), wherein the first PCR stores a measurement result associated with the bootloader. The method subsequently includes sealing the decryption password into the TPM using a second sealing policy, where the second sealing policy includes dependence on the first PCR.