Built for sovereign Linux deployments

Encrypt thousands of Linux endpoints. Manage them from one place.

SecureDoc Linux brings Linux full disk encryption into a managed operating model: endpoint enrollment, owner assignment, remote user updates, access governance, key custody, recovery, reporting, and response from a central administrative layer. Seamless In-Place Encryption keeps your systems running while encrypting data on the fly. Enable fast mode to encrypt only populated sectors and save time.

In-place encryption while in use MFA pre-boot authentication Central policy, keys, and recovery Source code access for sovereign deployments
Built for the sovereign transition

Linux encryption that outperforms the Windows fleet.

European public-sector and enterprise organizations migrating to Linux at scale need more than a working FDE. SecureDoc Linux delivers the operational capabilities that have until now been considered Windows-only and brings them to Linux with more rigor: in-place encryption while devices remain in productive use, MFA pre-boot authentication tied to enterprise identity, centralized key custody and recovery, and remote remediation.

Outside US data jurisdiction

Headquartered in Canada, with a permanent presence and deep knowledge of the European market. Our European team brings direct experience of public-sector procurement, regulatory, and operational expectations.

28 years of FDE

WinMagic has built encryption products since 1997. SecureDoc Linux has been in development for over ten years, with long-standing customer relationships across European industry.

Source code access on request

For sovereign and classified deployments, WinMagic can provide complete source code for internal inspection.

Remote onboarding workflow

Stage, enroll, assign, and support encrypted devices from the center.

At fleet scale, an encrypted Linux device must be provisioned before the final owner is known, encrypted while remaining in use, assigned to a user remotely, and supported through ownership changes without rebuilding the endpoint.

1

Build the deployment package

Create install packages and profiles tied to the central SecureDoc environment so encryption policy is attached from the start.

2

Enroll the endpoint

Register Linux machines with SecureDoc Enterprise Server to bring device state, encryption policy, and recovery material under management.

3

Assign or update ownership

Provision machines before the final owner is known, then set or update ownership centrally as devices are issued, transferred, or repurposed.

4

Extend access remotely

Add users to encrypted devices, support recovery, and keep access aligned with operational changes without rebuilding the endpoint.

Centralized management & critical controls

Treat Linux encryption as a managed service, not a per-device task.

The hard part of full disk encryption is not the cryptography. It is the lifecycle: onboarding, ownership changes, key custody, recovery, audit evidence, and remediation when something goes wrong.

Policy governance

Apply encryption and pre-boot behavior through centrally administered profiles instead of relying on local endpoint configuration alone.

Key and recovery custody

Maintain recovery material and key-related workflows centrally so locked systems can be recovered through approved procedures.

Pre-boot network workflows

Use network-assisted pre-boot options for identity validation, remote unlock patterns, and unattended operational scenarios.

Remote remediation

Support incident response with central visibility and actions such as remote crypto-erase for compromised or unrecoverable devices.

Remote onboarding

Stage, enroll, assign, and support encrypted Linux devices even when the device owner or final destination is not known at build time.

Audit and recovery evidence

Maintain encryption status, policy enforcement, recovery activity, and device-state reporting from a single administrative layer.

Management priorities

The centralized capabilities that matter most at scale.

This grouped shortlist focuses on SecureDoc Linux capabilities that reduce operational risk when encrypted devices are deployed, supported, recovered, or retired remotely.

Feature group SecureDoc Linux
Remote onboarding and ownership
Prepare devices before final ownership is known, register them with SecureDoc Enterprise Server, then assign or update ownership centrally as assets are issued, transferred, returned, or repurposed.
Policy, keys, and recovery custody
Manage encryption behavior, pre-boot rules, key custody, recovery material, and approved recovery workflows through a central administrative layer.
Pre-boot network control
Use PBConnex-style pre-boot networking for identity validation, remote unlock patterns, and unattended access workflows before the Linux operating system starts.
Audit, compliance, and remediation
Maintain single-console evidence for encryption status, policy enforcement, recovery actions, and device lifecycle state, with central response options such as remote crypto-erase.
Migration and mixed-fleet transition
Bring existing Linux systems under management through in-place or live conversion, and maintain a common encryption governance layer across Linux, Windows, macOS, and self-encrypting drives during transition.
Deployment readiness

Design the rollout around enrollment, ownership, and recovery.

A successful Linux FDE program must validate how devices are onboarded, how pre-boot access works, and how central teams recover or remediate endpoints.

Enrollment architecture

  • Confirm supported Linux distributions, kernel versions, and storage layouts.
  • Define how deployment packages register devices with the central server.
  • Test onboarding for new, replacement, repurposed, and remote devices.

Ownership and access

  • Map owner assignment, owner updates, and service-account exclusions.
  • Define remote user-addition procedures for shared and reassigned assets.
  • Validate pre-boot identity, network, and AutoBoot behavior on real hardware.

Management and response

  • Define recovery approval, helpdesk, and manager-approved recovery flows.
  • Track encryption state, policy assignment, key custody, and recovery events.
  • Document remote crypto-erase and lost-device response playbooks.

Validate the rollout against your specific Linux distribution.

The right next step is a focused technical session: confirm distribution and storage compatibility, walk through enrollment and recovery on real hardware, and define the central management model for your fleet before scaling.

Explore SecureDoc Linux →
Beyond encryption

Continuous online trust, also on Linux.

Authentication and online access are the natural next layers of a sovereign Linux rollout. WinMagic’s MagicEndpoint architecture extends the same identity assurance that begins at pre-boot all the way to online services.

MagicEndpoint for sovereign Linux

WinMagic is bringing the MagicEndpoint architecture to sovereign Linux environments, integrated with open-source identity providers, a path to continuous, friction-free trust for online access beyond the desktop login.

Product resources

Use these public resources to verify product scope, supported platforms, deployment requirements, and centralized management capabilities before production rollout.

Before production deployment, validate the exact SecureDoc version, Linux distribution, hardware model, storage configuration, authentication method, network model, and support terms for the target fleet.

Certifications
GDPR FIPS 140-3 FIPS 140-2
keyboard_arrow_up