This project has moved. For the latest updates, please go here.

Concerns about WIMboot tablets.

Topics: Feature Requests, Technical Issues, Users Discussion
Aug 26, 2016 at 12:44 AM
Are tablets that use WIMboot secure with the current Veracrypt v1.18a EFI whole disk encryption? Are there any limitations or caveats?
Aug 26, 2016 at 12:52 PM
From box - no.

It is possible to configure VeraCrypt to support WIMboot manually.

Probably it can be in TODO list.
Aug 27, 2016 at 6:26 AM
Any instructions on how to do this? My understanding is that the WIMboot segment on the SSD remain permanently unmodified throughout the tablets' lifetime. If so can vercrypt encrypt the remaining SSD and provide reasonable security? Instructions on manual configuration would be great otherwise. Thanks for your help.
Aug 27, 2016 at 8:18 AM
It is difficult to write instruction because the technology is not stable.

I can explain idea to be implemented.

OS encryption works like full disk encryption. Difference: Full disk includes all sectors, OS encryption selects OS volume sectors only. It is possible to include WIMboot volume sectors to range encrypted.

OS encryption setup wizard becomes more complex. Need more configuration steps. It can be in TODO list.
Aug 28, 2016 at 2:28 AM
Please forgive my confusion. Veracrypt is currently capable of full disk encryption. In this case (as you state above), everything including the WIMboot partition would be encrypted. My goal is to encrypt everything including the WIMboot. Not only the OS. Is this not possible currently?
Aug 28, 2016 at 6:47 AM
EFI boot disk can't be full encrypted. GPT and EFI system boot volume has to be open because loader starts from EFI system boot volume.

Problem is to configure correctly sectors range encrypted.
Aug 31, 2016 at 11:31 AM
I successfully installed a standard version of windows 8.1. WIMboot is now gone. My concern is that you mention efi cannot be fully encrypted. On the support page it claims uefi for windows 8.1 is supported for full system encryption. What happened? Can you forward the question to idrassi if you think we have a miscommunication? If uefi is supported for full disk encryption, when will 32 bit uefi be supported? Many tablets use 32 bit uefi and could benefit from veracrypt.
Aug 31, 2016 at 3:51 PM
Edited Aug 31, 2016 at 3:52 PM
1. EFI system volume is small (~100MB) volume FAT formatted with loader.
To check contents of EFI system volume from cmd admin.
mountvol z: /s
dir z:

2. OS volume is volume with Windows (several GB)

OS volume is encrypted
EFI system volume is open and contains VeraCrypt loader in EFI\VeraCrypt directory.

About 32 bit.
Yes it is possible. We are lack of resources to prepare everything. We are testing touch screen keyboard for tablets also. Need time.
Sep 1, 2016 at 8:19 PM
On a typical windows 8.1 installation there are several partitions dedicated to recovery and booting. The one example is the EFI volume you mentioned. I wonder what the security implications are for an encrypted system that leaves these volumes open. Should users be concerned that these open volumes could compromise the encryption of their system using veracrypt? If not, wouldn't I still be able to encrypt a tablet that has WIMboot and assume the same level of protection from veracrypt? WIMboot would be another open volume after all. Just like the EFI mount volume. Is this correct?
Sep 1, 2016 at 10:53 PM
Many files of Windows volume are only links to files inside wim on WIMboot volume and WIMboot volume is not encrypted.
Sep 2, 2016 at 8:46 PM
That's fine. So can I encrypt my system? Or will It leak data. Keep in mind that I'm using a WIMboot tablet. If I don't have to worry about WIMboot being encrypted then I should be fine right?