Best flow for installing and encrypting

Post Reply
goldengate2032
Posts: 3
Joined: Sun Aug 01, 2021 1:15 am

Best flow for installing and encrypting

Post by goldengate2032 »

I am looking to encrypt my Windows 10 PC with just one OS. I tried Veracrypt and it was easy to install and easy to make a recoverable USB device but VC is very unstable thus unusable.

I am trying to understand the best way to install. I assume I need to enter the BIOS and turn on legacy and UEFI support and turn off secure boot? I then need to create a bootable Windows 10 USB device since I don't have a DVD using Rufus in case I need to decrypt the hard drive. I need to install Diskcryptor to the HD and to the USB? When installing DC to the HD do I need to install the bootloader to the HD or to the Windows bootable flash or another flash drive? If installing it to the HD, I read on your website that I have to worry about the Evil Maid Attack.

User avatar
DavidXanatos
Posts: 340
Joined: Fri Mar 19, 2021 11:26 am

Re: Best flow for installing and encrypting

Post by DavidXanatos »

Hi,

Legacy support is not required as DC supports UEFI, but you should disable secure boot, yes.
Normal you install the bootloader to you boot drive, in case of uefi to the uefi partition, which remains not encrypted.

And yes, someone could get his hands physically on your laptop and install a manipulated boot loader.
If you are worried about such a scenario you could indeed go with the option of booting with a flash drive instead.

goldengate2032
Posts: 3
Joined: Sun Aug 01, 2021 1:15 am

Re: Best flow for installing and encrypting

Post by goldengate2032 »

Hi David,

Thanks for the help. Does DC make a bootable flash drive for you or create a zip file that allows the user to create one for recovery purposes? If no, how does a user decrypt their HD in case of an emergency.

Thanks for continuing the development of DC!

User avatar
DavidXanatos
Posts: 340
Joined: Fri Mar 19, 2021 11:26 am

Re: Best flow for installing and encrypting

Post by DavidXanatos »

The only things you need to decrypt any drive is the password + keyfiles (if used) and the drives volume header being in tack or you having a backup.

So you can create a bootable usb drive on any PC with DC installed and it wil work with any other DC encrypted PC.
you can also just take a DC encrypted drive put it into a PC with DC enter the passwords and access the data.

My personal favorite is to have a 2nd boot drive with a full blown and also encrypted windows with DC to access the main drive in case of problems.
Rufus can create USB bootable windows live drives, this is best imho

CRBR
Posts: 1
Joined: Thu Aug 12, 2021 10:19 am

Re: Best flow for installing and encrypting

Post by CRBR »

Hello,

Are there alternatives to "Windows To Go Drive" Recovery/Backup option. Dedicating a 16GB+ USB drive (needs to be purchased) just to run Windows live bloat is best avoided by those who can ill afford to splurge on non-essentials. Also, the whole Windows thing requires a 4GB+ download at one go, which again isn't feasible when you're on limited bandwidth (cellular network).

A portable version of DC, if made available could negate the need for relying on Windows related recovery options and the like. There are other lightweight options (like Macrium Reflect etc) that can run a portable version in a live environment with little hassle.

Hope you'd consider the request for a portable version of DC

Post Reply