Veracrypt killed my PC, i cant even enter setup
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
When system encryption was done i restarted my pc and got this , just black screen, setup WONT LOAD, only that screen appear after boot and it longs for ever, i have waited 1.5 hour but nothing happened
Did you select encrypt entire drive or only the OS partition?
Did you create the VeraCrypt Rescue Disk?
What is your PC make and model?
What version of Windows is running on your PC?
Are you using MBR or UEFI for booting?
Did you use a custom PIM value? If yes, what value did you set for the PIM?
Last edit: Enigma2Illusion 2016-10-15
1) Entire drive
2) No, i have no Cd-discs for that
3) Lenovo ideapad y550p
4) Windows 7 Ultimate
5) MBR
6) No, im not using pim
Do you recall if your system had a System Reserved partition in the Windows Disk Management? If yes, this is the reason you cannot boot your system since you encrypted the System Reserved partition which is needed during bootup after the BIOS.
The only resolution is to decrypt your entire system drive using the Rescue Disk ISO.
NOTE: This must be the ISO created during the process of encrypting your PC since this ISO has the unique encryption key.
Did you make a copy of the VeraCrypt Rescue Disk ISO file that you can create a USB bootable device using the procedures described here?
If you do not have the Rescue Disk ISO, you can install VeraCrypt on another PC, remove the system drive from your Lenovo IdeaPad Y550P and install it as a secondary drive on another PC. Then use the mount system encryption without authentication option in order to copy off your data in case you do not have any backups of your system drive data.
I do not know if it is possible for VeraCrypt code can be modified to detect and abort the system encryption when the System Reserved partition exists for MBR and the user has selected entire drive option. And for EFI when the user has selected entire drive option, abort encrypting the EFI System Partition and/or the Recovery Partition.
Alex and Mounir, would this be possible?
Last edit: Enigma2Illusion 2016-10-15
Probably it is possible to attach the hdd from the notebook to another computer and mount the hdd via option "Mount partition using system encryption without preboot authentication"
VeraCrypt MBR loader place is [1,61] sectors of the HDD. It does not affect MS reservered partition.
GPT MS reserved partition and MBR MS reserved partition are different.
MBR- it holds windows boot loader by default (e.g. bitlocker need the loader to decrypt OS at boot).
GPT - it is empty space vendor dependent (e.g. RAID). Normally I've not seen real use of MSR in GPT disk.
During system encryption, when the user selects "Encrypt the whole device" and clicks the Next button, VeraCrypt should check for the existence of:
.
If any of these partitions exist, produce error that user cannot encrypt these Microsoft partitions and must select "Encrypt the Windows system partition".
Last edit: Enigma2Illusion 2016-10-16
"Encrypt the whole device" is disabled for GPT disk with Windows. Main reason is EFI system partition. (ESP contains loader)
MBR disk can have MS reserved partition but content is different. (MSRP can contain loader but it is not strict)
Hello Alex,
I agree that for MBR System Reserved partition may not have the boot files.
I would like to propose an idea that regardless of where the MBR boot files are located, to remove the system encryption option to encrypt the whole drive for the following reasons:
.
I believe this approach would make for a better user experience and remove the user frustration due to the idiosyncrasies involved with where are the boot files and the recovery of the other "data" partitions.
What are your thoughts?
Last edit: Enigma2Illusion 2016-10-16
Hello Enigma2Illusion,
Agree - full drive encryption with system requires extra checks and warnings. Probably to remove the possibility completely is not good because the tool has to be flexible.(up to user)
You wrote several checks. I've not thought much about it. Probably we can start the issue.
Next step of development is not clear enough - performance, reliability, new options.
For tracking purposes, I have opened a ticket on my proposal at the link below.
https://veracrypt.codeplex.com/workitem/561
Thank you and Mounir for your continued hard work on the VeraCrypt project! :-)
Thank you for interest and support of VC. We are trying to do the best.
Probably we can create extra option to block all r/w without crypt on system hdd. It can solve problems mentioned by cryptolover
Hi all,
There are already checks in case of MBR so that warnings are displayed if we detect the presence of non standard partitions on the disk like here and here. The warning message explains the risk of encrypt the whole disk in such case and it is clearly written that the machine may not boot if the BIOS needs data on disk.
In my opinion, the user ignored this warning but I will wait for his confirmation.
For now, the user must decrypt his system using the Rescue Disk on another machine (The Rescue Disk ISO can always be retrieved from the encrypted disk but using veracrypt on another machine or booting on a Linux CD).
Removing the option of MBR whole disk encryption altogether seems too much for me as many people that use standard disk layout would loose its benefit.
An alternative approach would be to disable MBR whole disk encryption if we detect the presence of non standard partitions instead of displaying a warning since many people seems to ignore the warning anyway.
I will try to implement this approach for the 1.19 that will be released today.
I really hope you don't remove the entire disk option, it's the only way to make sure the OS isn't using a special partition to store your stuff unencrypted. I'm using it on MBR mode and even though I have a System Reserved partition it works fine. If a user ignored a warning that's his fault and no one else's.
As for the Rescue Disk, the proper solution is to integrate USB flash drive support into the wizard, that way those that don't have a CD drive will be able to create it at the right time without searching around and using separate tools.
cryptolover wrote:
With Mounir's modification, the only concern I have by not removing the whole disk option feature is the issue users reported of being unable to access other user partitions on the system drive on both TrueCrypt and VeraCrypt when trying to recover data using the "Mount partition using system encryption without preboot authentication" option.
cryptolover wrote:
I have created a ticket to add this feature to VeraCrypt at the link below.
https://veracrypt.codeplex.com/workitem/560
However, the user will still have the choice to create an ISO file instead of creating the Rescue Disk CD or USB. Therefore, there is no guarantee the user will make a wise decision to create the Recue Disk before encryption starts.
Last edit: Enigma2Illusion 2016-10-17