SSD veracrypt issue how is it correct
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
I had an windows 10 computer with an nvme ssd that I encrypted with the veracrypt system encryption (Encrypt the windows system partition). The other option was greyed out.
Now I purchased a new PC with 3 ssds of which 2 are nvme. After some research on encryption I learned that system encryption of an ssd is much more complicated then I thought it was. To name a few wear-leveling, trim and that data that was on the ssd before encryption is not encrypted.
I want to learn how I can encrypt all drives without the possibility that any personal files can be discoverd without the password.
I have not installed windows on the new computer yet.
I hope that you can help me encrypting my drives the right way
Last edit: Rouven Rouven 2024-11-19
My recommendations are pretty straightforward:
1) Do a secure erase operation if your SSD supports it (it usually will), although this isn't necessary if the drive is brand new and has none of your own leftovers. The secure erase should take only a few seconds and scrambles even the memory cells that are in the reserve memory pool and temporarily out of reach of any OS but can be accessed by some forensic tools.
2) Install Windows with the normal bare bones of personal information.
3) Install VeraCrypt and apply system encryption, making a couple copies of your VeraCrypt Rescue disk.
4) Now it's completely safe to copy all of your private information.
5) This would also be a good time to install and test a backup solution that is compatible with VeraCrypt. I highly recommend Macrium Reflect based on my own experience, but there are other solutions available. Unencrypted system drives are always subject to hardware or system failures, and encryption adds an extra layer of fragility in exchange for keeping your data private. With 3 new drives, you're in an excellent position to test the round trip backup/restore procedures.
Last edit: Gary Marks 2024-11-19
Thanks! But I can only encrypt the system partition not the whole drive. What should I do with the other 2 partitions? Leave them like they are? Also if I encrypt ssds that are not system but only storage how do I encrypt them?
Last edit: Rouven Rouven 2024-11-22
There are other types of encryption besides just system encryption. Now it's time to learn about your options for non-system disks, partitions, and containers. Since you're just starting with VeraCrypt, this documentation gives much more useful information than I possibly could...
https://veracrypt.fr/en/VeraCrypt%20Volume.html
(keep clicking "Next Section>>" links at bottom)
Last edit: Gary Marks 2024-11-23