smaller partition for hidden OS than system partition

Topics: Feature Requests, Technical Issues, Users Discussion
Dec 1, 2015 at 7:10 AM

I have a 500 GB SSD and I want to spend 80 GB for a hidden OS partition and the rest for the system partition. This way I can normally use the system OS daily and have as much as possible space available but also have a hidden OS that also has enough space.
In case I want to store some NSA documents that are larger than the hidden OS partition I always can use a VeryCrypt encrypted thumbdrive, external HDD, etc.

How can I get this done?
Dec 28, 2015 at 10:57 AM

First of all, this is not an issue or bug in VeraCrypt. The hidden OS feature is well documented and it requires cloning an existing OS into the partition that is behind the system one.

The core aspect of hidden OS is that VeraCrypt will make Windows believe that it is running on the original system partition whereas everything is redirected towards the hidden volume inside the second partition. That's why we need the hidden volume that contains the hidden OS to be physically identical to the first partition in order to be able to implement a transparent emulation while at the same time reporting the same disk layout that existed during the installation of Windows.

Based on this, your request is currently not possible using the current design since we can't clone the OS into the second partition that is too small.

Your situation requires implementing a new feature that would enable to install a hidden Windows into any partition regardless of the size or disk layout. This is technically impossible:
  • when the hidden Windows is running, the physical disk layout must match the one used during installation
  • VeraCrypt can intercept read/write operations and redirect them but it can't change physical disk layout.
  • If hidden Windows is running on 80 GB partition, this means that it must find an equivalent 80 GB partition at the beginning of the disk. This means that the current system partition must be 80 GB.
The current hidden OS feature is already doing complex work to make Windows running of a hidden volume and there are limits for such encryption software can do. At this stage, I don't see how we can achieve what you are requesting without including some kind of low level virtualization which is something that doesn't exist not easy to implement in a seamless way.

Any comments on this? Of course, I'm open to any technical proposals.