Is it possible to also encrypt the Rescue Disk?
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Hello, if I wanted to encrypt the Rescue Disk (for w/e reason), would it be possible?
Encrypting normal usb sticks should be possible. Meaning if I would stick the encrypted stick into my other PC and then decrypt it there and then move the files to a non-encrypted stick, it should work, right? Moving to a non-encrypted stick so I can stick it into my first/encrypted computer. The first PC should then be possible to be decrypted, right?
Nobody with an answer here?
There are two separate cases here.
The Rescue Disk that you actually boot from can't itself be stored only inside a VeraCrypt encrypted USB volume, because the BIOS/UEFI firmware must be able to read the boot files before VeraCrypt is running.
However, you can safely keep a backup copy of the generated Rescue Disk image on an encrypted VeraCrypt USB stick or inside any VeraCrypt volume. If you need it later, mount/decrypt that storage on another trusted computer, then create normal unencrypted bootable rescue media from it.
For EFI systems, extract the Rescue Disk ZIP directly to the root of a FAT32 USB stick. For legacy MBR systems, the ISO must be burned/written as a bootable image, or used with the documented legacy USB method; simply copying ISO contents to a USB stick is not sufficient.
After creating the final rescue media, use "System > Verify Rescue Disk" if possible. Also remember that a Rescue Disk is specific to the system encryption instance for which it was created, and a new one should be created after changing the system password/key data or updating the bootloader.
Alright, that explains all. Thank you very much, sir!