Using a Self-Initializing token in Drive Encryption

A Self-Initializing token is a form of PKI token, but rather than referencing certificate information and pre-initializing the token data in McAfee ePO, the client sees the card and performs the necessary initialization steps. Only the client performs the initialization of the token data. One of the assumptions for using a Self-Initializing token is that the necessary certificate information cannot be referenced in Active Directory or any other supported Directory Service.

The token is initialized the first time the card is presented to Drive Encryption, which happens in the Pre-Boot environment.