How to encrypt a dual boot system with Veracrypt?
I want to dual boot Windows 10 alongside Arch Linux on 1 SSD. The SSD is 465GB and I want to use Veracrypt to encrypt the hard drive and enable pre-boot authentication.
I haven't attempted to do this as of yet as I cannot find any information about this on the Veracrypt website.
Would I have to wipe the drive, split it in to two partitions then install the respective operating systems on to their partitions? What about after that? I can encrypt the system using Veracrypt when I'm logged in to my Windows OS for example but would this encrypt the Linux partition as well?
Would they use the same pre-boot password and would I be able to choose which operating system to boot in to from Veracrypt's boot loader?
Furthermore, if I encrypt a non-system partition that is part of a different hard drive than which the operating systems are installed on, would I be able to access the encrypted partition from both operating systems without any trouble?
No wipe needed. OSes are always on their own partition. Veracrypt can only encrypt a Windows system and only if using BIOS vs UEFI. The dev has stated that there are no plans for *nix systems support. If you want your Linux system encrypted, look into dm-crypt and LUKS. Also, you seem to misunderstand Veracrypt's system encryption capability. It doesn't support full-disk encryption; only the Windows system partition itself. The restore and recovery partitions are not encrypted.
If you have multiple Windows partitions (normal or hidden and normal), the bootloader should only show a password input field. It's your responsibility to remember the password and know which OS it unlocks. Each bootable partition would use it's own password. No idea what happens if you choose to put the same password for different systems.
As long as you have Veracrypt installed on both, you will be able to access Veracrypt-encrypted partitions on any drive connected.
I did something like that with truecrypt and it should be possible with veracrypt too.
- Install windows
- give it the whole disk
- after installation encrypt with veracrypt telling it, that windows "is the only one" on the drive.
- After that restart your pc with windows, shrink your drive, make an additional partition
- restart again and install linux alongside windows
- make sure that the windows boot loader survives, so place the linux bootloader into the new partition and not into the mbr!
- Only thing remaining should be an entry in the windows bootloader pointing to linux bootloader.
It worked last time I did this with truecrypt. If veracrypt is the successor it should work, too.
But please be aware that there both systems can and will be seen in the bootloader. So no "plausible deniabilty" possible. So depending on your country, this might not be the solution you are looking for.