Following are some tit bits about TDE in SQL Server 2008:

  • Instant file initialization is disabled for all encrypted databases so page headers are in a known state and the file does not include stray bits off the disk
  • Tempdb is encrypted if there are any encrypted user databases to avoid exposure of intermediate query results.
  • The only time the database will be re-encrypted is when the database encryption key is regenerated. If you’re re-generating the Service Master Key, Database Master Key or certificate, then the database will not be re-encrypted.