Can't upgrade Windows 10 not sure if I should decrypt whole drive or run the...
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Hello,
I have a laptop that is currently on update 1903 and I want to get it to 20H2 but when the reboot happens it stalls at the first screen where you are normally asked to enter your veracrypt password. After a couple of minutes it will say that the update has failed and takes me back to the veracrypt password screen, I type my password and I get into my 1903 installation.
I'm pretty sure that this is because I have full drive encryption so I thought I would decrypt, update and then encrypt again but not only will this take time; it will also add 2 complete write cycles to my ssd right? I would rather be safe than sorry so if decrypting is the safest option I would totally do it.
After some research I came across the patcher on github and it seems like it would solve my issue but I just want to know if anyone has used it recently.
I should mention that I'm on veracrypt version 1.23. I was thinking of updating to 1.24 but I noticed that people were having issues with it on Windows 10 a little while ago so I didn't do it.
Some advice would be appreciated.
Thanks
How many write cycles do you have left on your ssd drive? To decrypt is the easiest way to go if you want to upgrade your system, and then re-encrypt. Make sure you always create your emergency rescue disk. I haven't noticed as many freezes in 20H2, not very often now. If you don't really have sensitive data on your computer, then maybe 1.23 is good enough. I've wanted to go back to 1.23, but then wondered about all the bugs that have been fixed since then, not to mention bugs introduced since then. You can always upgrade Veracrypt later. Encryption of keys in RAM happened since 1.23, which is necessary because some programs can read that password from RAM, so unless you have super sensitive data (thoughts), then maybe you'll be okay with that for now.
I haven't used the patcher.
Last edit: DDD 2021-06-03
Thanks for the reply.
I think the drive is the OEM version of a Sandisk 256GB x400 m.2 which has an endurance of 80TB and I've written about 25TB in the last 3 years. Crytsladiskinfo says that the health status of the drive is "Good 84%".
The main reason for encrypting my drive is just in case it ever gets stolen. Since Veracrypt can have issues when it comes to upgrades I'm wondering if I should just use Windows Bitlocker instead.
Implementation of RAM encryption started with 1.24 version.
why isn't anybody telling this guy he doesn't need to decrypt anything which is HUGE risk because of how ssd handle data.
just go to C:\ProgramData\VeraCrypt and run SetupComplete.bat as ADMIN.
That's it, for now on you can do big feature updates with no worries with system encryption and automatic updates. Do not update manually from some setup file as this won't work unless you run the setup file with custom parameter
Thanks for the reply.
If you don't mind me asking, what will happen when I run SetupComplete?
I also don't understand what you mean by not updating manually from some setup file. I usually just run windows update and have it do everything or I use windows update assistant.
it will tell windows to load veracrypt drivers instead of its own which is the reason why it crashes if you don't.
use the normal windows update feature and you will be fine, trust me.
Windows can be manually upgraded if you download the iso from microsoft and stuff, that's what i'm sayin to avoid, simple update it the classic way.
I had no idea it was that simple! If it's that simple, next time Windows wants to install the latest Windows through Windows Update, then I will run that SetupComplete.bat as admin before I choose to "update and restart". Right? Truthfully, if I had known about this, I would have mentioned this, and not many seem to post replies on this forum. There are a lot of crickets. Thank you for posting!
Such a pity there's little to no official documentation on this whole Windows feature update/system backups of a Veracrypt encrypted system drive. Surely the other knowledgeable ones out there can chip in with their assistance and not leave Mounir to be a one man army of such a colossal project.
I've been using Truecrypt/Veracrypt for nearly ten years but never found the courage to go ahead with OS encryption because of the mystery surrounding the process and in the event of any untoward happening along the way. More so when it's your only system with no fall back options.
Why don't you use a backup program? I use Clonezilla (and Macrium Reflect running in Windows just to be safe), but you can also create a rescue iso using Macrium Reflect, write it to a usb stick using Rufus, and then boot off that to create a clone of your system. Then, if anything happens to your system, you'll have that backup.
well, official documentation is outdated and i don't understand why this isn't done automatically but i'm glad i could help
also i should mention that you only need to run SetupComplete.bat ONCE on a fresh windows install after encrypting the system, no need to run it every time before an update.
Go ahead and use system encryption , you won't have any issue if you to what i said.
Only annoying problem now in vera that only mounir can fix is the bad performance on nvme ssds even though from my tests the real life performance are not that bad as benchmarks shows, system is definitely faster than with a non encrypted sata ssd.
also imma drop this here too for those interested , i know someone who had his drive encrypted with bitlocker taken by law enforcement , 3 letter agencies were involved but indirectly, not their case , they could NOT decrypt it so i assume is safe and has no backdoor or if it does, it's only used for extremally valuable targets to keep it a secret. Obviously he had a strong unique password, no TPM or useless pins , no recovery key saved anywhere....etc.I still trust veracrypt more tho.
Last edit: hiddengod 2021-06-05
In your first post you said that there is a huge risk when decrypting a ssd, what is the issue?
https://www.veracrypt.fr/en/Trim%20Operation.html
https://www.veracrypt.fr/en/Wear-Leveling.html
if you had sensitive data uncrypted on a ssd there's a small chance that some part of it to be recovered as described in those 2 links, realistically if you use your ssd on a regular basis any sensitive data should be overwritten after awhile after everything is encrypted
best practice is to encrypt a brand new ssd before writing any data to it to be 100% sure
Just wanted to say thank you very much!
I updated the laptop to 20H2 yesterday and had no issues after running SetupComplete.
You solved an issue with a simple solution that no one else thought of when I posted in other places.
You talked about running setupcomplete.bat before an update, but wouldn't you see Windows Update installing the latest version of Windows, and THEN choose to run that .bat file?