Windows 10 x64 system partition not booting (black screen after password verified)
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
I encrypted my Windows 10 x64 system partition (not the whole drive) using Veracrypt 1.19. The pre-encryption boot worked fine, Windows booted and encryption began. Encryption finished and all continued to work fine. After shutting down the system I am not able to boot it anymore. I enter the password, blank PIM and half a minute later see the 'Booting' prompt. After that, the screen turns black and nothing seems to happen. After a few minutes in this state, the laptop beeps once. Laptop has BIOS, not UEFI. What went wrong?
Edit: So I tried booting from a rescue disc and that worked fine. I thought that maybe the volume header got corrupted, but after trying to repair it I am still not able to boot from my HDD. I'm wondering whether the system reserved partition is causing this trouble?
Edit2: I unencrypted the partition, moved the Windows boot manager from the system reserved partiton, deleted the system reserved partition and then verified that all works well on an unencrypted system. I then encrypted the system partition, but the outcome is the same - I am able to boot from rescue disc, but not directly from the installed bootloader.
Last edit: asator 2016-11-03
Since I now have an empty partition (after removing the system reserved partition) I'm thinking about placing the rescue disc iso on that partition and using it to boot. Any ideas how to do this? Can I simply install Grub2Dos or Syslinux on that partition, make it active and overwrite the MBR? Is there any risk of corrupting Veracrypt 'stuff' when doing this?
Last edit: asator 2016-11-03
I assume that it is a big risk in doing this, because VC resides in the MBR as well.
There is another thing I would try. After decrypting again and testing that everything works fine, I would delete the empty partition and check functionality again. After success I would try encryption once more.
Good luck.
Andreas
Well sure there is a risk, but am I safe as long as I have the recovery disc? The previous time I did the encryption the system reserved partition was still existing, although not active anymore. Does Veracrypt take these kind of things into account when creating the bootloader? Is there any way to rewrite the bootloader without having to decrypt/encrypt again? I would be willing to try the multiboot option, or perhaps FDE since I don't have the system reserved partition anymore.
I am not sure if the rescue diskis able to recover all information that was stored in Your boot sectors. I prefer to rely on a tool called bootice (V1.3.3.2). It is a very mighty tool and also capable of installing and configuring other bootmanagers like grub and plop.
The problem of rewriting the bootloader while disk is encrypted is that You reinstall a standard boot sector and this definitely will kill the VC part. So You have to have a backup of the bootloader while encrypted and then You can try to manipulate it, of couse this is possible with bootice.
I am sure that You have an image backup, so there could only be a loss of time not data.
Regards
Andreas
Thank you for the suggestion. I tried unencrypting, and encrypting again with FDE, with no system reserved partition available at time of encryption (empty unallocated space in place of the deleted partition). This changed nothing, still can't boot from HDD. I don't think the unallocated space should be an issue, right?
I'll create a HDD image and play around with the bootloader - unless you have a different suggestion? Could this be a hardware (laptop) specific issue?
Update:
I tried repartitioning the drive so that it only contains one partition (no empty space before it). Veracrypt suggested FDE in this case which is what I did. Outcome was the same as in all previous tries.
I restored my drive to the original partitioning scheme (500MB system reserved partition + 120GB partition with Windows). I installed Grub4DOS on the 500MB partition and tried various boot configuration, but all of them failed in one way or another.
What did work is when I set the 500MB as the active partition and set the MBR to Grub4DOS. On bootup I can select to boot from the rescue disc which is on the 500MB partition. After entering my password in the rescue disc I am back at Grub4DOS. Now I can select to boot the Windows partition and that will work. This seems a long way to acheive what I want, and kind of hackish.
Working configuration: Boot to Grub4DOS -> load rescue disc -> Back to Grub4DOS -> load Windows
Tried and failed configurations: Use Veracrypt bootloader -> load Windows -> fails (black screen)
Use Veracrypt bootloader -> load Grub4DOS -> load Windows -> fails
I'll be happy to test and suggestions anyone may have, thanks.
Last edit: asator 2016-11-05
Still looking for a proper solution, however I was able to 'hide' the GRUB loader by making Windows the default and Veracrypt rescue disk as fallback, along with setting timeout to 0.