This project has moved and is read-only. For the latest updates, please go here.
1
Vote

Stuck on booting...

description

Hi.
I am currently trying to encrypt my computer and I am having difficulties. Situation as follows:
SSD: NTFS Win764
HDD1: NTFS Windows data
HDD2: Ubuntu
Ubuntu HDD and Windows SSD boot completely independently, I switch between them only throught BIOS priorities.
...I would like to encrypt only SSD with Windows first. I choose encrypt system drive, choose AES, enter password etc, everything is fine. The boot test starts, I enter password, it says password OK, booting...and thats when it ends. I tried it twice altready and always ended up using rescue disc and restoring original OS bootloader. Can someone help me?

file attachments

comments

Enigma2Illusion wrote May 31, 2015 at 4:56 PM

You selected the option to only encrypt the OS partition and not the whole drive. Is that correct?

Another possible issue is the BIOs for your motherboard is configured to use UEFI boot mode instead of the BIOS-compatibility mode. For now, VeraCrypt does not support UEFI boot mode.

See the posting from Mounir and include the results from the utility he created.

http://sourceforge.net/p/veracrypt/discussion/technical/thread/8fbec2b2/#3d3f

Zakarumit wrote May 31, 2015 at 7:52 PM

I think I tried both-first whole drive and then OS partition (selected not to encrypt the small additional partition, or however its called during the encryption). I am pretty sure I am using UEFI compatibility mode, its checked in the bios. I even checked for Win installation type and it should be non-UEFI as well. (not sure, if its important)

Result of my win SSD:

Get drive size and alignment information
Copyright Mounir IDRASSI (mounir@idrix.fr) 2015

Disk Free Space = 0000032708038656 Bytes
Disk Total Size = 0000119926681600 Bytes

Disk Number = 2
Disk Offset = 0000000105906176
Disk Length = 0000119926685696
Drive Serial = 3035323042363237393435303044383120202020
Logical sector size = 512
Physical sector size = 512
Byte offset for alignment = 0

Enigma2Illusion wrote Jun 1, 2015 at 4:55 PM

I am pretty sure I am using UEFI compatibility mode, its checked in the bios.
You need to switch from UEFI to Legacy mode in the BIOS.

idrassi wrote Jun 2, 2015 at 12:10 AM

Since you see the VeraCrypt password, it is safe to assume that your motherboard is booting using legacy BIOS mode.

After displaying "booting..." message, VeraCrypt executes the boot sector of the active partition. If it stuck, one possible explanation is that the active partition was not detected correctly and VeraCrypt is trying to execute the wrong boot sector.

Is it possible to see your partitions layout (using Windows disk management)? Here is an example on a functioning Windows 7 system:

DiskLayout

The sector size and alignment of your disk are OK. Let's wait to see your partitioning before advancing further?

Zakarumit wrote Jun 2, 2015 at 3:49 PM

Please find enclosed my partition layout.
2 questions:
Should I choose to encrypt hidden partition at the end of the HDD or not? Only hidden partition on windows disc is the 100MB system one, but I doubt thats what is meant there.
Should I pick single or multi boot? As I said, I have got Ubuntu on the other HDD, but they have no connection, even separate bootloaders. Switching between them only throught BIOS boot priorities.
Thanks

Zakarumit wrote Jun 2, 2015 at 3:53 PM

...I cannot see the attachment anywhere, so here we go:
Image

idrassi wrote Jun 4, 2015 at 11:46 PM

Your configuration has nothing special.
Usually encrypting only the system partition and leaving the 100MB system reserved partition unencrypted avoids having such issues, but you seem to have already tries this. Do you confirm?

I'm afraid you may be in the same situation that existed in TrueCrypt where some users are unable to encrypt their system while the reserved 100MB is present.
I don't understand the root cause of this: in the code after displaying the "booting" message, we map the boot sector of the active partition (here it is the 100MB reserved parition) to the memory segment 0000:7c00, which is the standard boot sector memory offset, and then we execute it in order to boot Windows.
This mechanism works on most machine but there have always been situations where boot sector of the 100MB partition doesn't execute correctly.

It is not easy to investigate without having such machine in order to do debugging.

A possible workaround that should be working is the same as the one for TrueCrypt: avoid having the 100MB partition for such machines.

Here are some links that talks about this but manipulations must be done carefully:
http://www.terabyteunlimited.com/kb/article.php?id=409
http://www.sevenforums.com/tutorials/71363-system-reserved-partition-delete.html

Zakarumit wrote Jun 6, 2015 at 9:41 AM

I can confirm that. Just tried it once again to make sure - choosed Encrypt the system partition, pop up came out saying my system partition is almost entire HDD and if I would like to encrypt entire HDD instead, I said no. Done everything, tested, and again got stuck on booting....
Well, if the only solution is removing that 100MB windows partition, I might try that, but seems risky and I am not sure if I want to do that right now.
Anyway, thanks for help. If you come up with some other solution or perhaps would like to ask some question about my HW/SW which might cause this problem, let me know.

Enigma2Illusion wrote Jun 6, 2015 at 4:06 PM

Hello Mounir,

Does it matter that Zakarumit Windows disk is disk 2 instead of disk 0?

I assume that Zakarumit's Ubuntu is on disk 1 which is why we are seeing a second active partition. Should their only be one active partition in a multiple boot environment?

Sorry if these questions are basic. But I am curious. :)

Thank you!

idrassi wrote Jun 19, 2015 at 11:55 PM

These are not basic questions.

In the code, we look only for active partitions on the boot drive given to us by the BIOS. So, if the BIOS is configured to boot on disk 2, then VeraCrypt will only work on disk2. Other disks are not relevant in the code...at least theoretically.

There must be something messing with this logic...and it is probably linked to the Windows reserved partition. I'll have to replicate the issue to be able to study it in depth.