This project has moved. For the latest updates, please go here.

Two Post-System Encryption Questions

Topics: Technical Issues, Users Discussion
Sep 1, 2016 at 5:21 PM
Hello,

I just want to preface this by saying I am a novice user...
  1. I just encrypted my system partition, but see that my primary drive containing my data (different drive from the system partition) is unencrypted. Is there any security advantage to also encrypting the other this drive (non-system partition), or is this a moot point because pre-boot authentication is enabled and in theory no one would be able to access, read or write those files without the pre-boot password?
  2. Is Veracrypt compatible with Tails OS? After encrypting my system partition, I cannot install Tails. I have changed the BIOS settings and manually adjusted the boot priority to boot from USB, but still cannot seem to boot from USB to install Tails after having encrypted my system partition.
Sep 1, 2016 at 6:47 PM
Edited Sep 1, 2016 at 6:58 PM
Jake_Stone wrote:
  1. . . . in theory no one would be able to access, read or write those files without the pre-boot password?
That seems a mighty strange theory. Why can't they? Maybe I've misunderstood, but it seems to me you haven't described anything to stop them. Data is normally what people want to protect with encryption and encrypting an OS is normally only considered when you are SO cautious about security of data that you want to protect the hints about that data that accumulate in system files, typically file names and such. It's hard to imagine circumstances when encrypting an OS and NOT encrypting data makes any sense at all.

Jake_Stone wrote:
  1. Is Veracrypt compatible with Tails OS?
Short and oversimple answer: yes and no. Yes, in that
using Tails shouldn't damage any of the software or data on your machine, and that includes
VC and crypts made with VC. In that sense, Tails is "compatible" with absolutely anything.
No, in that you can't normally accesss any of your local data, which
means you can't use your crypts or anything else stored locally, when using Tails.

Jake_Stone wrote:
  1. After encrypting my system partition, I cannot install Tails.
Tails isn't "installed". Tails is a live system you boot from. You use the iso to make a bootable
"live" system on some ROM, typically a CD or a USB memory stick. Then you boot from it as
an alternative to whatever you normally use. Using Tails, you have no access to local drives
AT ALL.

You would do well to study the basics on both projects. Read the Wikipedia articles on both.
Read the documentation on both sites. You seem to be unclear as to what either is for.
Sep 1, 2016 at 10:20 PM
Jake_Stone wrote:
  1. I just encrypted my system partition, but see that my primary drive containing my data (different drive from the system partition) is unencrypted. Is there any security advantage to also encrypting the other this drive (non-system partition), or is this a moot point because pre-boot authentication is enabled and in theory no one would be able to access, read or write those files without the pre-boot password?
.
Hello Jake,

A person could remove the "data" drive from your PC and mount on another PC as a secondary drive which will allow them access to the unencrypted data.

You can encrypt the "data" drive using the same password and PIM value you used for system encryption and have the "data" drive mount when you boot your system at the bootloader screen using System Favorites.

https://veracrypt.codeplex.com/wikipage?title=System%20Favorite%20Volumes
Sep 1, 2016 at 10:28 PM
Thank you for your response, I appreciate the input.
Sep 1, 2016 at 10:42 PM
Enigma2Illusion,

Thank you very much for the suggestion. I was able to figure out how to encrypt the other partition with said data in place and set the drive to mount as a system favorite. Now however, I see my hard disk is partitioned into 6 separate partitions (two of which are now encrypted). Again, forgive me, this is all over my head, but should I also be encrypting the other 4 partitions? One is an EFI system partition, two are recovery partitions, and I don't know what the last one is (it appears in the volume creation wizard, but not my disk management). Appreciate your help!
Sep 1, 2016 at 10:54 PM
Edited Sep 1, 2016 at 11:03 PM
Hi Jake,

Do not encrypt the other partitions or you will fail to boot your system (EFI partition) and in the case of recovery partitions, be unable to run the Windows recovery options.

https://en.wikipedia.org/wiki/EFI_system_partition

Depending when you upgraded your system to Windows 10, MS created a special recovery partition that should not to be confused with the other recovery partition.

http://www.disk-partition.com/windows-10/recovery-partition-after-upgrading-to-windows-10-4348.html
Sep 1, 2016 at 11:00 PM
Extremely glad I asked! Thanks again.
Sep 9, 2016 at 8:35 PM
"A person could remove the "data" drive from your PC and mount on another PC as a secondary drive which will allow them access to the unencrypted data. "

Or more easily, plug in a usb memory stick and boot from that. No screw driver needed. Or a cd, or floppy, dependingon the hardware.