SecureDoc for Linux

Modern Enterprise-Class Full Disk Encryption for Linux Environments

As modern enterprises increasingly rely on Linux for servers, workstations, and cloud infrastructure, the risk of unprotected data-at-rest is too often underestimated. While Linux does offer native Full Disk Encryption (FDE) through dm-crypt, it lacks the centralized key management, automation, and integration capabilities that enterprises expect — unlike Windows environments with BitLocker.


SecureDoc Linux for Servers, the only enterprise-class Full Disk Encryption software on the market for Linux Servers works on top of dm-crypt, rather than replacing it, to better manage encryption – taking Linux encryption management to the next level and solving the real-world needs of large global technology organizations. SecureDoc Linux for Servers delivers — a fully enterprise-class encryption solution — enhanced native Linux security adding robust capabilities such as multi-factor authentication (MFA) at login, centralized key management, and remote, unattended pre-boot authentication, all while avoiding the need for reinstallation or service disruption.


In today’s fast-moving and distributed IT environments, SecureDoc provides the control, visibility, and assurance enterprises need to secure Linux data-at-rest — whether on physical servers, in virtual machines, or across hybrid cloud architectures.

Full Disk Encryption for Linux

SecureDoc for Linux Servers – Key Features

Linux FDE with centralized key management

Enterprise-Grade Encryption Without Compromise

  • Protect root, data, and swap volumes without wiping the disk
  • Fully compatible with RAID arrays and complex storage setups
  • Encrypt existing Linux servers without reinstallation or downtime
Linux FDE with centralized key management

Separation of Encryption and Key Management

Unlike native Linux solutions, SecureDoc separates encryption and key management—a best practice for scalable, secure operations.

  • Manage native OS encryption (Linux, Windows, macOS) and Self-Encrypting Drives (SEDs)
  • Centralize encryption policies across your hybrid or multi-OS environment
  • Cryptographically erase keys for repurposed or compromised systems
Linux FDE with centralized key management

Automated Pre-Boot Network Authentication (PBConnex)

Traditional Linux FDE requires local password input at boot—a major challenge for servers in remote or distributed data centers. SecureDoc solves this with PBConnex, enabling remote, unattended booting and rebooting securely over the network.

  • Authenticate via Active Directory credentials at pre-boot
  • Eliminate the need for local admin intervention
  • Reduce operational burden while strengthening access controls
Linux FDE with centralized key management

Centralized Management with SecureDoc Enterprise Server (SES)

Control your entire encrypted infrastructure — including Linux, Windows, and macOS endpoints — through a single centralized console:

  • Backup and recover keys with centralized oversight
  • Track encryption status and compliance in real time
  • Audit operations with complete traceability
Linux FDE with centralized key management

Optimized for Compliance

From GDPR to HIPAA, today’s regulations demand provable data protection. SecureDoc for Linux helps enterprises demonstrate compliance with ease:

  • Ensure encryption is always active with continuous monitoring
  • Instantly view device encryption status through a single pane of glass
  • Generate reports and audit logs to satisfy regulators and security teams

SecureDoc for Linux – Key Features

Passwordless SSH authentication tool for Linux

Live initial encryption

This process allows the system to remain fully operational while it encrypts disk sectors in place. The conversion is robust against interruptions, including unexpected shutdowns or power failures, ensuring no data loss or corruption. An accelerated encryption mode is available, which targets only allocated (in-use) sectors, significantly reducing total encryption time — often completing within minutes rather than hours. This in-place encryption eliminates the need to format the drive or reinstall the operating system to achieve full disk protection.

Passwordless SSH authentication tool for Linux

Multi-factor authentication (MFA) at pre-boot authentication (PBA)

Supports USB tokens, smartcards, and TPM-protected PINs, with upcoming support for proximity-based authentication via Bluetooth and network-based identity verification—consistent with capabilities in SecureDoc for Windows (PBA). Pre-boot networking functionality allows devices to authenticate directly against enterprise identity providers such as Active Directory (AD) and Azure Active Directory (AAD) in real-time, without requiring prior user provisioning on the endpoint. This architecture supports dynamic user authentication with no practical limit on the number of users per endpoint.

Passwordless SSH authentication tool for Linux

Enterprise-Class Management

SecureDoc Enterprise Server (SES) delivers enterprise-class, centralized management for Linux, Windows, and macOS endpoints, enabling organizations to enforce consistent security policies, manage encryption keys, and maintain compliance across diverse environments. Built with over 25 years of continuous innovation, SES supports advanced identity and device management, including integration with AD, AAD, Red Hat Directory, and other enterprise directories allowing for unlimited number of users to access the endpoint device without pre-provisioning and sophisticated provisioning across platforms. Through pre-boot networking and real-time directory synchronization, SES allows dynamic, policy-driven user access to encrypted endpoints—scaling easily to support large, multi-user environments. Whether its for managing keys across all devices, assigning security policies, creating compliance reports or protecting compromised assets remotely (with Crypto erase) – SecureDoc Enterprise Server is your central hub for all your enterprise needs.

A persistent, secure connection between the endpoint and SES from power-on enables SES to verify user identity and device posture, and deliver a key file protected by user’s MFA profile on demand. Originally used to monitor anomalies in device security posture, this persistent connection can be leveraged as a trusted channel to enforce access control for online services—accurately, securely, and with no user interaction beyond logging in to the endpoint.

Passwordless SSH authentication tool for Linux

FIPS compliant

SecureDoc is FIPS 140 certified and when used in in conjunction with FIPS certified Linux distributions complies with strict federal government security standards to protect sensitive data from unauthorized access, tampering, or leakage.

Passwordless SSH authentication tool for Linux

LUKS and LUKS2 Takeover (Linux Unified Key Setup)

SecureDoc of Linux is utilized as a centralized encryption management system whereby LUKS Takeover on existing Linux encrypted systems is used to securely manage and store keys in our centralized management console (SES). Allows users to auto-unlock volumes to boot and access encrypted systems automatically by removing the need for redundant passphrase entries to unlock each volume with SecureDoc preboot — and provide network authentication for remote endpoints.

Central Management of Everything Encryption

Passwordless SSH authentication tool for Linux

  • Single-view console reduces risk of out of compliance devices
  • Central management of all encryption keys and policies
  • Simplified reporting & auditing for compliance

Ready for Enterprise Deployment

Passwordless SSH authentication tool for Linux

Whether you’re managing cloud-based workloads, on-prem servers, or virtualized Linux environments, SecureDoc delivers:

  • Frictionless deployment: No OS reinstallation required
  • Operational continuity: No downtime during encryption
  • Scalable security: Built for large, globally distributed IT environments
  • Multi-user support: Authenticate any number of authorized users per device without manual pre-enrollment.
  • Silent installation & automation: Supports scripted deployment, patch management, and remote administration.


Get Control Over Your Linux Attack Surface

SecureDoc for Linux is purpose-built for CISOs who require assurance across hybrid, cloud, and modern Linux environments. It closes a critical gap in Linux data security while preserving system performance and operational continuity.


As an imminent release, WinMagic will be launching an SSH Key Management for Authentication for Enterprise version expanding beyond its already available Secure SSH Freeware. This release will be made available free for a very limited time. To read more about this release, please see below.

SSH Key Authentication
for the Enterprise


Secure SSH Freeware

Passwordless SSH authentication
using endpoint-based identity

Easy setup
with OpenSSH and Linux environments

Zero manual key management
– on the client side

Local authentication
– Authentication remains local-first, ensuring security and performance


Get Started for Free

Don’t settle for “good enough.” Elevate your Linux infrastructure with SecureDoc Linux for Servers — trusted by leading enterprises worldwide to protect mission-critical data and streamline compliance.

Secure SSH Freeware is available for download now.  Experience the future of passwordless SSH authentication—no passwords, just security.

keyboard_arrow_up