My system drive is crypted with pre boot authentication, can I safely upgrade to Win10?

Discussion in 'encryption problems' started by bernhardinjo, Jul 23, 2015.

  1. bernhardinjo

    bernhardinjo Registered Member

    Joined:
    Jul 23, 2015
    Posts:
    2
    Hi guys,
    a short question.

    I got two drives in my PC, one SSD and one HDD. Both are encrypted with TC, the system drive uses pre boot authentication.

    Now Windows 10 is around the corner. Does anyone know if updating will f*ck up the bootloader? Does it mess with the bootloader at all? Will I just update and the pre boot authentication is still there?

    Or should I wipe the drive and do a fresh installation? Don't want that really as I just set it up a month ago. Thanks!
     
  2. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,974
    Location:
    Brasil
    As far as I'm concerned, yes. Once you authenticate, the system will behave as it normally would. Afterall, this is just an Update.
     
  3. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Well, yes and no. Windows 10 is an update that requires a tremendous amount of trust. Run a packet sniffer on Windows 10 and you'll never touch it again. Even with all the privacy settings at peak settings.
     
  4. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,974
    Location:
    Brasil
    That wasn't my concern regarding this issue. My concern was that the system will behave "normally" as it would without encryption. With encryption or not, no update/upgrade will be affected, considering the encryption software is actually capable of dealing with GPT.
     
  5. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    I haven't examined Win 10 but TC was notorious for requiring new bootloaders/config when versions change. Meaning if you use a Windows install disk.

    e.g. - A Vista TC bootloader did not work on Win 7 so upgrading to 7 from Vista required a new TC loader. I realize that TC handled multiple OS versions but we had to redo the loaders using TC when we switched OS.

    Other than the super obvious - reliable backups before starting. As a minimum you would want to decrypt your system disk before the upgrade. I would even detach any other drive that is encrypted before upgrading.

    If you selected "whole disk" instead of system disk only you have one chance to decrypt if the Windows installer is going to be used.


    Remember there is no manual or official support for Win 10 so why take any chances? For what its worth, it would be amazingly faster to restore the system disk from a backup. In my case its less than half an hour, while decryption would be quite a few hours. Simply play it safe and upgrade with Windows unencrypted and then re-encrypt. Its sure fire by comparison.

    Do what you want, its your drive. Just passing along many years of "fixing" broken drives for folks over time.
     
  6. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,974
    Location:
    Brasil
    But TrueCrypt isn't compatible with neither Windows 8 or 10, right? So OP should be using BitLocker.

    Oh wait, there's VeraCrypt. Is VeraCrypt compatible with Windows 8/10? I couldn't find that info on my 45 second research hehehehe.
     
  7. accessgranted

    accessgranted Registered Member

    Joined:
    Mar 10, 2010
    Posts:
    181
  8. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    Yep, VeraCrypt is coming along. Still, the main drawback is no UEFI support yet. Its not a factor for me, but many new machines are coming out without legacy bios. Not long from now it will be "what is legacy bios" if the trend continues.
     
  9. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,279
    The inclusion of legacy BIOS options was planned from the beginning as a temporary measure to ease the transition from BIOS to UEFI.
     
  10. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    569
    Location:
    USA
    You can't upgrade a disk encrypted with TC without decrypting it first: in-place upgrade will blow it up (I tried it assuming that would happen but I was doing a clean install afterwards anyway). If you want to run TC/VC after upgrading, you'll have to forgo UEFI/Secure Boot.

    Additionally, TC/VC does not utilise your disk's hardware encryption if it's a Self-Encrypting Device (SED) like BitLocker does (eDrive) or anything that uses TCG Opal. Of course, BitLocker is no help if you're upgrading to Win10 Home and I haven't found a free SED-utilising alternative.
     
  11. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    I just downloaded Win 10 Pro so I'll be setting up a "test" machine bare metal to run VC through some trials. I have been wanting to give VC a spin and take a peek under the hood. Gathering whats needed to play with a compile and some code. Can't be as tough as doing the TC compile's. Also, no idea how to get around the signed driver issue in 10 yet. So many projects and so little time. Ha.
     
Loading...