This project has moved and is read-only. For the latest updates, please go here.
54
Vote

GPT System Partition Encryption is not available

description

GPT System Partitions cannot be encrypted because the bootloader does not support GPT Partition Table

comments

idrassi wrote Jun 5, 2014 at 8:07 AM

GPT partitions and UEFI are not supported yet. This is planned but it is complex to implement. Work on it started but we can't give any release date yet.
As of today, no open source implementation of UEFI boot encryption for Windows exists and we hope to be the first to release such implementation.

filox wrote Oct 19, 2014 at 8:48 AM

Hi everybody, are there any news about gpt uefi encryption? It would be very important this development. now I don't know any software capable to do that. Only disk-locker can but is available only on pro version of windows which is very expensive. Any suggestions?

probspot wrote Jan 5, 2015 at 4:14 PM

Voted for this feature and even donated some money. GPT support is highly welcome in times of 6TB hard drives.

As far as I understand, VeraCrypt does work with non-system GPT partitions (e.g. when you do not need to boot from them), correct?

idrassi wrote Jan 5, 2015 at 8:07 PM

Yes, VeraCrypt works with non-system GPT partitions.

GPT is part of the UEFI specification, so its support will be developed in the context of UEFI support. Windows supports only GPT when booting using UEFI. There are hacks to boot on GPT using BIOS mode (Hybrid MBR, DUET) but they can be dangerous and in the case of disk encryption, they will interfere with us.

Thank for your continuous support. I'll keep this thread updated with advances on this subject.

ion2 wrote Jan 12, 2015 at 4:53 PM

I'm new, waiting on a truecrypt alternative.

I only care about this feature:
  • external 4TB hard drive with one GPT NTFS partition. Can i use veracrypt to encrypt that partition?
When was non system GPT support added? I see no mention of it in the changelog.

groissi wrote Mar 15, 2015 at 5:58 PM

Hej folks,

thank you so much for that awesome work so far... it's a really good TrueCrypt alternative. I would really appreciate the implementation of system-encryption on GPT system partitions. Thanks so far.

now2 wrote Aug 1, 2015 at 10:25 PM

+1 for UEFI support

niels1189 wrote Sep 2, 2015 at 8:27 AM

This should really be added. A must for the newer computers

Arne001 wrote Sep 29, 2015 at 9:23 PM

push

brocks wrote Sep 30, 2015 at 3:09 AM

No compelling reason for me to leave TrueCrypt until this is implemented. TC is faster, and plenty secure for the type of "adversaries" I have. GPT system encryption is the one and only feature I'm looking for that TC doesn't have.

CHIvera wrote Nov 7, 2015 at 3:22 PM

Is there any update on support for UEFI. As I cannot use on any new laptop?? Can you please update is there a ETA Thank you

idrassi wrote Nov 11, 2015 at 6:15 PM

Unfortunately development of UEFI support is on hold and no ETA can be provided.
The project is looking for external help on UEFI implementation.

@brocks: TrueCrypt has vulnerabilities patched in VeraCrypt so using it brings security risks. As for speed, VeraCrypt has a feature called "PIM" that makes booting and mounting as fast as TrueCrypt for those who need more speed and less security.

kudzu wrote Nov 11, 2015 at 8:31 PM

As I work regularly with boot loaders and assembly language I appreciate how difficult UEFI can be, however more and more computers are shipping with UEFI on and this problem will only become more urgent as time goes on.

I currently have several systems I cannot use full disk encryption with because they are GPT disks because of their size (4 and 8 TB drives).

RonZ8 wrote Nov 19, 2015 at 4:56 PM

I cant use Veracrypt option because my disk is GPT.
I dont know about UEFI.
I use windows 8 on 64bit. 1TB disk.
Can I reinstall the disk to MBR?
How to do? :/

BillHoltz wrote Jan 12, 2016 at 10:37 PM

I also would like to encrypt entire system drve with GPT. Status on update? weeks, months, unknown?
Thanks!


CHIvera wrote Nov 7, 2015 at 9:22 AM


Is there any update on support for UEFI. As I cannot use on any new laptop?? Can you please update is there a ETA Thank you



idrassi wrote Nov 11, 2015 at 12:15 PM


Unfortunately development of UEFI support is on hold and no ETA can be provided.
The project is looking for external help on UEFI implementation.

kudzu wrote Jan 14, 2016 at 3:52 PM

It looks like there are several open source boot loaders that can boot from GPT.. maybe something could be gleaned from them?

https://en.wikipedia.org/wiki/Comparison_of_boot_loaders

Also I understand how hard this is, but some boards are shipping now without legacy support and most installations of Windows are now coming preconfigured as UEFI which means GPT so this feature is becoming more and more urgent. I would GLADLY pay for this as a pro feature, $50 or so and I'm sure many others would as well.

This is the top voted issue here, and the second top voted issue (UEFI support, https://en.wikipedia.org/wiki/Comparison_of_boot_loaders) is essentially the same issue.

If the bootloader is to big to fit in the space it uses now, even if VC required a separate partition for itself as Windows does with its 100MB partition, that would be acceptable.

Until then this appears to be a possible solution (it does support UEFI) but I havent fully evaluated it. Bruce Schneier mentioned it.

http://www.jetico.com/products/personal-privacy/bestcrypt-volume-encryption/

I would prefer VC though as I would have to convert a lot of drives over to this and I dont know if it has all the other features VC has.

idrassi wrote Feb 22, 2016 at 11:53 PM

There are good news: another developer has posted links to a working implementation on Sourceforge forum (https://tinyurl.com/jo56xyu).
The code uses CipherShed/TrueCrypt as a basis but it can be adapted easily to VeraCrypt. Now, priority is integration and validation of the implementation before tackling the missing components.
I'm optimistic that this time we'll be able to have at least a preview UEFI version before the next major VeraCrypt release.

kudzu wrote Feb 23, 2016 at 4:22 PM

This is great news! I just put in a small HD and reinstalled Windows to get past this and reinstalled 3 others as MBR instead of GPT... But this is still great news moving forward!

Xalaxis wrote Feb 26, 2016 at 5:18 PM

Oh my goodness! I had thought this issue was dead. I am amazingly pleased to be proven wrong. Good job team VeraCrypt, and thank you for keeping true to your promise to provide updates idrassi!

filox wrote Feb 27, 2016 at 8:37 AM

I'm very happy to know about that!!!!!!!

It's an important feature

I hope it come soon

Have a good work

Tumalu wrote Mar 19, 2016 at 6:53 PM

That's good news indeed. I'm happy about this project, your work, and the feeling that my donations aren't just sucked up in a void without any relevant progress comming forth any more (an impression the TrueCrypt project gave me after a while).

idrassi wrote May 20, 2016 at 2:53 PM

I have uploaded a new preview of VeraCrypt 1.18 (BETA7) installer with EFI GPT system encryption.
This new release solves many compatibility, usability and stability issues. You can get it from the same URL https://sourceforge.net/projects/veracrypt/files/VeraCrypt%20Nightly%20Builds/VeraCrypt%20Setup%201.18-EFI-PREVIEW-BETA.exe/download

One enhancement is this version is the System Encryption settings dialog (menu System -> Settings) which supports basic configuration of EFI bootloader (for now only storing PIM and storing hash). Other configurations will be added in the future.

There is still no rescue disk in this version although an ISO is created that only serves as holder of the backup header.

Important Note: Disabling legacy compatibility mode in BIOS configuration before starting system encryption solves many Pre-Test failures. This option can be called CSM, Compatibility Mode, Legacy Mode or other names depending on the motherboard manufacturer.

Big thanks to Alex from Sourceforge forum for his help and hard work on EFI loader. He is now a member of VeraCrypt dev team in charge of EFI bootloader.
Big thanks also for all those who tested the previous EFI version and reported their results. More tests are needed and your feedback is welcomed.

idrassi wrote May 24, 2016 at 7:04 AM

I have uploaded a new version (BETA8) of the EFI Preview installer.

This build brings a fix for a Windows booting issue on some machines. It also introduces a first implementation of some GOST standards (Streebog and GOSTHASH for hashing and GOST89 for encryption).
The new GOST encryption standard Kuznyechik (also known as Grasshopper) and the Japanese Camellia cipher will be included in a next build.

These GOST implementations are not optimized (taken from GostCrypt project) so small PIM values (like 1) are more practical for testing.

As usual, tests and feedback are welcomed.

decoder13 wrote Jun 11, 2016 at 8:52 AM

hello, i using whole disk encryption on my macbook 15" 2015 with bootcamp.
when i restart for test encryption it comes only black screen when try to boot windows.

need then restore to old boot loader :(

can help me?

Enigma2Illusion wrote Jun 11, 2016 at 4:14 PM

@decoder13, I would post your question in the forums and not this ticket which is about Windows OS supporting GPT/UEFI for system encryption.

marcogaio wrote Jul 21, 2016 at 11:22 AM

I've just downloaded the latest beta (BETA9) from SF site.

I've installed on a Toshiba Tecra A50-C, without fiddling at all on bios settings, bare install.

Then i've encrypted the system partition, do some boot test, de-encrypt them, and uninstall the software.
ALL test went well, without warning and things to note about.

I can do some more test on that system, if needed, by some days/hour, before putting in production; it have a SSD disk, so encryption took less then an hour.

I hope on a final release. Thanks.