Unable to login after system encryption
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
I run Windows 10 on MSI GT80 Titan. I installed the latest version of VeraCrypt.
I have two SSDs, one is the primary boot and the second is the clone of the primary and the bootloader gives me a choice which drive to select. I booted into the clone drive, installed latest VC and did "Encrypt the entire drive".
Now upon booting, it skips the place where I got a choice which SSD to boot, directly asks me for the passsword.
It does not take my password and says "Wrong password, PIM or hash". I swapped the SSDs, with the clone going into the primary slot and vice-versa to no avail. I never selected the PIM value.
what is going on and how can I recover the encrypted bootloader?
It resolved itself, I clicked on "TEST" and now it's back. I swapped both SSDs and have had to do some bcdboot/bcdedit configuration.
In short, something went wrong here. I don't think I will attempt it again. I don't know if it's that PIM issue. I think there is a bug in it as I certainly did not have "Use PIM" checked on. It was off, nevertheless when I booted, it prompted me again.
Causiming me a stressful moment as I could not log in and thought I would have to do a recovery of some kind. Maybe roll back to another drive.
You will always be prompted for the PIM in the bootloader. Merely hit return on the PIM to use the default PIM value.
If you read the documentation regarding the PIM, you will see that the PIM controls the number of iterations performed on the hash which is the delay you experience before the OS boots or on non-system volumes, the delay before the VeraCrypt volume mounts.
That is what I did, I just hit the return at that prompt and still could not log in and I am certain I was using the right password. I was not able to login.
When running VeraCrypt, I never selected anything about PIM, no value so it was the default value. The password I used adn then hitting Enter for PM did not get me in.
Question, why did I not default to the SSD #1, the primary choice in the boot sequence? I ran VeraCrypt on the SSD #2 and it should not have affected anything on SSD #1, correct?
I thought I only had to do VeraCrypt if I chose that second SSD and at that point it would engage the decryption process, not before the prompt for which drive to boot off? I set up the booting choice using bcdedit / bcdcopy.
And I read the manual of course I understand on the theoretical level what PIM is.
Something was malfunctioning as the password I chose did not let me in. I tried 10 times.
the other thing I do not understand is why the boot prompt I set up with bcdedit disappeared and the first thing that happened after I hit the power button was the prompt for the password, well, right after the MSI logo screen.
The boot menu is on the first drive which I did not encrypt, I encrypted just the second. By default, the computer goes to the first SSD. And I have to manually point to the second drive.
So it is a mystery to me.
I thought upon boot, it would give me the choice to select which drive to boot off, just like before and only after I made the selection, it would prompt for the decryption password/PIM stuff.
Seems like VeraCrypt took control over both drives and that was not my intention.
The machine is MSI Titan GT80 SLI running latest version of Windows 10 with latest version of VC, patched with the hotfix #2.
I already replied to the other thread but thought I would make it clear here, even if a bit redundant:
To make it perfectly clear, I have several separate drives (SSDs) in the machine. Multiple Os are not installed on the same drive. But, on separate drives.
Windows 10 primary boot lives on SSD0.
Windows 10 clone of the above lives on SSD1.
Linux - I plan to install on SSD2.
There is also drive number SSD3 currently used for data but I could theoretically put an operating system on it as well.
So yesterday I experimented with the latest VeraCrypt version and installed it on my SSD1, which is a test drive more or less, it's a clone of the primary, I can do whatever I want on it without affecting the primary SSD0 which is my default boot drive.
I did the full disk encryption while booted into SSD1. Rebooted the machine. To my horror, I discovered that (1) I no longer got the prompt for which drive I want to boot into, SSD0 or SSD1 and it immediately prompted me for the VC password.
How is that possible since presumably while on SSD1 it only encrypted the MBR of SSD1 and left alone SSD0? They are two independent disks with two independent MBRs.
My horror compounded when the password I set did not work.. repeatedly, I thought I hosed the computer for sure. I removed the SSD1 drive and still had issues.
I think there is a serious bug or lack of feature in VeraCrypt as it pertains to multiple drives on the machine with multiple operating systems.
When I did the encryption, it said "TEST" and then it went back to normal so I never really encrypted the drive but this was scary enough to the point I don't think I will engage full disk encryption as that will make me lose multiple-OS multiple-disk capability which is vital.
Hey Dictum, it sounds like you had a similar problem to me.
https://sourceforge.net/p/veracrypt/discussion/technical/thread/749de49e53/
Reading your post here...are you saying it simply fixed itself miraculously? I'm unclear on how you got the thing to boot.
This is a shot in the dark but it may be the same problem I had while installing Linux to a drive. I had set up my motherboard to boot a certain drive first "HD2". It was NOT the natural first boot. The actual connection. The first "natural" connection/boot would be named on the board HD0. When Linux installed it didn't install to the drive I selected , even though it showed it as going to another drive, it installed to drive HD2 which was my windows system drive. Example.
I have drive HD0
HD1
HD2
These are the sata connection labels that I'm using for drive naming but when Linux is running the motherboard confuses it by making HD2= to HD0
I make the motherboard boot to HD2 first. Linux actaully shows it installing to that drive HD0, checked the size. but then it actually installs to HD0.
What a nightmare. That was my windows system drive took me forever to fix it.
I wonder if veracrypt is ignoring the motherboard drive sequence and instead using the actual drive. I mean on the motherbaoard in my case the HD0 sata port on the board???
Now when I install any OS I undo all my drives except the one I'm working on.