svenk - 2019-01-17

Hello,

I am wondering if there is any more detailed documentation about system encryption on GPT disks. First thing I am curious about is that the encryption wizard talks inconsistently about rescue media (CD and/or USB stick). I understand that there is no longer a CD involved but the rescue files have to be copied to a USB stick.

But there seems to be no information about how to use that stick. Is this a bootable stick, and if so how do I make it bootable and boot from it? Or does the VeraCrypt bootloader check for the presence of the stick and involves the files himself? That would require the VeraCrypt loader to be present and intact of course. What if it is damaged?

The next question is: where does the encryption relevant information reside? On MBR based disks, the master key is located in track 0, so if it is damaged, the rescue disk would restore it. In the past I was also able to restore track 0 with backup software such as Acronis TrueImage. So, where is the master key located on GPT disks, and can the same be done here, too? Would that mean that I have to restore the EFI partition for this purpose?

Many thanks in advance!