I find Truecrypt's Hidden OS method rather complicated and restrictive, possibly necessarily, but I wondered if this alternative method would be feasible. It's quite common to have dual-boot systems, so could the first partition contain the decoy/everyday OS, and the second partition hold another decoy OS that isn't used, with the remaining space on the second partition holding the Hidden OS in an encrypted form. This way, one could explain why the decoy OS on the second partition hadn't been used recently by saying that it was a backup OS to be used if the main one got corrupted or infected or that it was just used occasionally to test software in a clean environment. With the current Truecrypt method, one has to have the second partition setup as a data partition, which would be unusual in itself as normally one would use the first partitions for OSes and make an Extended partition for data after that. For this decoy partition to be convincing, one also has to regularly write files to it and also the Hidden OS would need to only occupy a small section of it for it not to be suspicious. It seems that it might also negate the need for the Hidden OS to spoof that it's running from partition1, as Truecrypt currently does, as there would be an OS on partition2 which would explain why files indicate that they were written by an OS on that partition. I have to admit, I don't quite understand the need to spoof in this way, as the Hidden OS is unable to write to anything other than itself or Hidden volumes anyway. This restriction also seems unnecessarily restrictive, as writing to a normal encrypted container, rather than a hidden volume contained in one and itself stored on an encrypted filesystem, as Truecrypt requires, would seem to be quite safe. I may well be overlooking something though and I'd be interested to hear people's thoughts on these ideas.