Updating OS on system partition with FDE?

Discussion in 'encryption problems' started by abi, Mar 26, 2015.

  1. abi

    abi Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    6
    I use Tuecrypt 7.1a for FDE on my 64 bit W7 laptop formatted with MBR and set to legacy bios.

    It all works really well :)

    With Windows 10 around the corner I would like asking someone more tech savvy if it is technically possible to update / upgrade Windows while keeping the FDE, ie. WITHOUT decrypting the SDD first?

    (I'm not asking whether Windows 10 is supported or compatible with TC, because officially it is not, and Truecrypt support has ceased. Assuming it works on Windows 10 because if it doesn't then Veracrypt will, then is it fair to expect being able to update to Windows 10 WITHOUT touching the FDE...?)
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Doubtful. I haven't looked at 10 but I suspect the OS bootloader will be different than 7. Just a guess. TC has never worked with more than one OS because the various bootloaders change for mounting the operating systems. There are easy work arounds using boot media on flash, but a straight upgrade will likely break your setup.

    If the needed mounting bootloader changes it won't matter which software you are using for FDE regarding that part of your question. It might be that I should start refraining from answering windows questions with TC. I have used TC for many years including coding, but I left windows at 7 and migrated to linux for all my hobby needs now.

    Has anyone confirmed that windows 10 will even allow legacy bios? If it doesn't then you have your answer.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Paranoia about backdoors aside, Windows just isn't designed with privacy in mind. That's especially so since Win XP. So I don't get the point of doing FDE on Windows. The possibility of leakage is just too great. Doing hidden Windows with TrueCrypt is the only reason to consider it, I think. And based on the help requests that I've seen over the years, that's not such an easy thing.

    I recommend keeping your plain-vanilla stuff on Windows, and having a separate Linux box for your hobbies, FDE using dm-crypt/LUKS with LVM2. I've seen guides for encrypting everything, including the /boot partition. There's a tiny "pre-boot" partition that can go on a USB or SD card.
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Try DiskCryptor?
     
  5. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    One part of the OP's initial question was about NOT having to redo the disk encryption. As I see it, if the new OS requires a different bootloader to mount the system disk then you will need to use it to mount up. Most encryption software is not going to have the versatility needed for changing only that one part out.

    possible test:

    Maybe another way to test what I am referring to. Are any of you guys using DiskCryptor or VeraCrypt on an XP box? Could you then upgrade to a 7 Pro OS on the exact same FDE disk, and have either of those two programs just "adjust" the needed bootloader ---- all without having to redo the encryption? My hunch is no you can't, but I will subject my exposure here to being wrong. Takers?

    Mirimir we are "soul mates" on the Linux thing but you won't move the majority off of Windows no matter how long you preach. LOL!!
     
Loading...