Recent Win Update: Now must change Bootloader Order in BIOS for each boot
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Hi!
(VeraCrypt 1.23, Win 10 Pro, i7-3770, ASRock Z77 Extreme4-M)
Since the recent Windows Update, I am having the same problem with VeraCrypt that I had a couple years ago:
When booting my computer, the VeraCrypt PW Promt does not appear, instead Windows tries to boot and gets stuck in "automatic repair". When I enter BIOS, I find that "Windows boot manager" is listed before "VeraCrypt boot loader". I then move VeraCrypt before Windows, Save&Exit BIOS and then am asked for VeraCrypt PW and after entering it, Windows boots as expected. However, on next boot or restart, the Boot Loader Order is again changed to Windows 1st, so I must manipulate the order each time I want to access my computer.
Can this be fixed and prevented in future releases of VC?
Thanks!
\Nick
Last edit: Nick 2018-11-17
This happened to me too and is why I had to decrypt and encrypt my drive again but now I'm stuck. Adding it back to the booloader from the rescue disk just makes it disappear next reboot and you have to keep manually adding it.
Badger, have you been having this problem since the most recent Windows Update?
Yes, I'm on 1809 OS build 17763.165. I noticed it started happening after my PC rebooted when Windows forced an update then I lost my bootloader when 17763.134 was installed. I'm presuming Windows did something and caused my bootloader to break. Only solution was decrypting the whole drive and encrypting again and install a new bootloader again. So far it's working and when I rebooted the loader works now like it did before.
Regarding your problem this typically happens when you're doing a Windows major update. Your problem is different from mine I believe because my bootloader was not authorizing correctly and I couldn't boot at all nor access a windows recovery screen etc. You have to patch windows when doing a major win 10 update and use a script to update without decrypting your drive. You can use this guys script and see if it fixes your problem.
https://github.com/th-wilde/veracrypt-w10-patcher
If you need a visual tutorial here is a guide: https://www.youtube.com/watch?v=B55XVjXbFLA
Last edit: badger 2018-11-17
Thanks!
Actually, I had waited several VeraCrypt versions before upgrading to 1.23, when I finally read in the release notes, that it now supports Windows 10 Major Updates:
1.23 Release Notes:
"Add compatibility of system encryption with Windows 10 upgrade using ReflectDrivers mechanism"
...doesn't seem like it. :(
Oh well, I will follow your advice, badger, and decrypt and re-encrypt my system drive to solve my above mentioned problem. Hope it works...
Hi Nick,
No need to decrypt the system.
You can simply fix this issue but executing the following in a command
prompt that was launched as an administrator:
Can you please confirm if the above command fixes your problem?
Normally, VeraCrypt follows documented procedure by Microsoft on how to
issue the above command automatically after an upgrade. It was tested
and validated before 1.23 release but it seems that it is not working
anymore with latest Windows upgrades. You can read my post on the
subject where I give a detailed explanation on how this mechanism was
implemented in VeraCrypt:
https://sourceforge.net/p/veracrypt/discussion/technical/thread/9ae9be4b80/#37ad/ea82
Hopefully, I can find the reason why this mechanism doesn't work in
order to come up with the best workaround.
Hi Mounir,
thank you for personally helping out with my issue and for your great work with VeraCrypt. Unluckily, I had already proceeded with decrypting and re-encrypting my system drive, as badger suggested above, which fixed my issue. I wish I had known this cli command just a few hours ealier, haha! Therefore, I am unable to confirm if the command would have fixed it, which ofcourse would have been the much simpler solution. Thans again anyway!
\Nick
Last edit: Nick 2018-11-22
Hi Mounir,
yet again after a Windows Update, I am faced with the problem described in the first post above. This time I tried your cmd command but unfortunately it had no effect. It seems I must decrypt and re-encrypt my system drive again and possibly after each future Windows Update.
Is this a problem related to my specific Mainboard's UEFI?
\Nick
OH THANK YOU THANK YOU FOR THIS FIX FINALLY!!!
Release Notes: "Fix issue related to Windows Update breaking VeraCrypt UEFI bootloader."
Just upgraded to 1.24 and I am happy! I have waited so long for this!
No longer must I enter UEFI-BIOS each and every time I boot my computer in order to place VeraCrypt BootLoader before Windows BootLoader. The only workaround for this was to completely decrypt and re-encrypt system partition after each major Windows Update that messed with the Boot Loader order. This ofcourse was not a viable option for me. Those cmd-commands that Mounir suggested above did not fix the problem either.
Now let's see if VeraCrypt BootLoader STAYS at the top even after the next upcoming major Windows Update. But I am confident that it will, since it is explicitly addressed in the Release Notes.
Good work!
Hi!
Unfortunately, the issue described here initially, has resurfaced!
A very recent Windows Update (not sure how to provide details about Windows Updates) has messed with the order of the boot loaders and I am yet again having to enter BIOS on each boot to push Vera Crypt Boot loader back to the top of the list.
Using latest VeraCrypt 1.24-Update7