UEFI access / Windows boot issues after system encryption
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
UEFI access / Windows boot issues after system encryption
Hello
Before I'll describe the issue this is current structure of SSD in question (info from GParted).
/dev/sdb1 - name: EFI system partition / file system: FAT32 / size: 100MB / flags: boot, esp
/dev/sdb2 - name: Microsoft reserved partition / file system: unknown / size: 128MB / flags: msftres
/dev/sdb3 - name: Basic data partition / file system:unknown / size: 133GB / flags: msftdata
/dev/sdb4 - name: WIN10 / file system: NTFS / size: 105 GB / flags: msftdata
Few months ago I've encrypted sdb3 where Windows 7 was installed. I had some problems with booting
between Win 7 and Win 10 but managed to resolve them. However one issue remained after the encryption
was completed. I wasn't able to access UEFI. After pressing DEL key to access UEFI all I could see is
black screen sometimes with mouse cursor, sometimes without. When the mouse cursor was visible and I
moved the mouse it would go the direction that I moved at the beginning and then continue until it
reached edge of the screen. Also because the UEFI was inaccessible and the boot order was wrong I had
to use boot menu (F11 key) at each startup. Few day ago by mistake I've pressed DEL key (that enters
UEFI) instead of F11 that enters boot menu and by some miracle I've managed to enter the UEFI.
I've changed boot order to proper one, enabled integrated GPU, saved the changes and rebooted.
The boot order changes where effective anything seemed to work. However when I booted to the
Win 7 encrypted partition the system seemed to be booting properly but after few seconds the screen
is going black (no just black, I can see that the video signal is not preset because monitor reports
that there is no video signal). There is no video on integrated GPU. Booting to Win 10 that is pretty
much the same. The system seems to boot but then loading spinner spins forever and there nothing I can do.
How to I fix the situation? What I would like to do is to permanently decrypt Win 7 encrypted partition.
I've done it once before and it fixed UEFI access problem but then I was able to boot to that system
and now I can't. I still have the backup files created by VeraCrypt (the one that that has /Boot and /VeraCrypt
folders). How do I proceed with decrypting Win 7 encrypted partition when I can't boot to it?
Hello,
Firstly, I appreciate the detailed description you provided; it makes understanding the situation much clearer.
Let's tackle the issues one by one:
Decrypting the Windows 7 Partition:
To decrypt a system partition when you cannot boot into it, you will need to utilize the VeraCrypt Rescue Disk. This assumes that your system's BIOS/UEFI can automatically boot from an external USB drive containing the unzipped Rescue Disk. Based on the fact that you were able to boot into GParted to check the disk layout, it seems that this booting functionality is indeed possible on your system. Boot from the Rescue Disk and use the "Decrypt OS" menu.
Video Signal Issue with Windows 7 and Windows 10:
The problem you described doesn't seem to be directly linked to VeraCrypt, especially considering that Windows 10 (which isn't encrypted) is also showing similar video signal issues. This makes it plausible that the root cause is the integrated GPU or possibly the absence of appropriate drivers for it in both Windows versions. To tackle this, the only way is to access your BIOS/UEFI and disable the integrated GPU to see if that helps.
Accessing the BIOS:
An alternative you could try is to disconnect the SSD from your computer and then boot the system. Sometimes, the BIOS/UEFI expects to read some data from the disk when it is present and if the disk is absent, the BIOS may default to its factory settings. This method is relatively easy and doesn't carry much risk. If you can access the BIOS this way, you can then make any necessary changes to the integrated GPU setting or boot order, reconnect the SSD, and proceed from there.
In summary:
Of course, It's always wise to have a backup of your important data before making significant changes.
I hope these suggestions help. Let me know how things go.
Hello
The first thing I concentrated was to recover access to UEFI and turning off the integrated GPU, which caused the problem with starting Windows. I have already disconnected the SSD, which was encrypted with VeraCrypt but it didn't help. Out of curiosity, I disconnected all disks that were connected and I managed to get access to UEFI. After switching off the integrated GPU and reboot, I was able to start and log in to Windows normally. The process of decrypting the system partition was successful. However, I have to bring attention to one thing that confused me. Before deciphering the system partition, I've created Rescue Disk. The created file is a .zip file in which there is EFI directory and two subdirectories, /Boot and /VeraCrypt that contain files. Only after creating this image did I realize that I had the whole Rescue Disk originally created when originally encrypting the system! I was confused that the file has a .zip extension (not .iso) and a changed file name (by me). It looked just if I packed something into .zip myself and I couldn't remember how to use it. It seems to me that at https://www.veracrypt.fr/en/veracrypt%20rescue%20disk.html it would be appropriate to add the following information:
1) structure of directory and file names in the image.
2) how to write this .zip on USB because it is not .iso that can directly burned to USB pendrive.
In addition, in the 'Howto.txt' file, which is Veracryptusbrescuedisk.zip that can be downloaded by clicking on a link there is a line:
'Copy the Rescue Disk File "Veracrypt Rescue Disk.iso" To the USB Drive at the root and rename it veracrypt.iso.". I think that "Veracrypt Rescue Disk.iso" should be changed to "Veracrypt Rescue Disk.zip" but I may be wrong.
Thanks again for Your help, I've saved me a lot of time :-)
Best regards
Thank you @jarod-pl for your comprehensive feedback. I'm glad that you regained access to your Windows system.
Regarding the Rescue Disk documentation, you've pinpointed a genuine issue. Historically, it was written during the era of MBR boot mode prevalence. With the shift to UEFI, while I attempted to integrate mentions of the UEFI Rescue Disk in zip format, it inadvertently intertwined with mentions of the Rescue Disk iso file. This created the existing confusion.
Moving forward, I plan to:
Your suggestions on the points to include are invaluable. It's helpful to have the user's perspective, and I genuinely appreciate it.
Lastly, concerning the "howto.txt" file content, it applies solely to the MBR boot mode, which is not the case of modern PCs like yours. I'll ensure that this distinction is highlighted more explicitly so that users are aware that Veracryptusbrescuedisk.zip doesn't apply to modern UEFI PCs.