Laptop wont boot after encryption finished

[John Cassell]

Hi all, I'm moving from Truecrypt up to Veracrypt and this is my first install. I installed the software, selected to encrypt Windows System partition, created the rescue disk (on USB) and rebooted (for the test). All went smoothly and I then proceeded to finish the encryption (took about half hour).

I have rebooted for the first time and all my laptop now does is immediately go to Windows Repair - it doesn't even ask for the Veracrypt password. This is what I have done..

a) tried copying the EFI folder (from the rescue disk step) and booting from CD - won't boot
b) tried booting from USB (just a normal non-bootable USB) with the EFI folder on it.

Perhaps there is a problem in the BIOS setting but then how did the test succeed?

Could someone help please? Thanks, John

[Alex]

It looks like HP or DELL notebook issue.

https://sourceforge.net/p/veracrypt/discussion/technical/thread/5b859040/

[Mounir IDRASSI]

Hi John,

VeraCrypt performs a shutdown for the Pre-Test even if it says that it reboots the system.
Did you clicked yes when VeraCrypt offered to reboot the system or did you perform a manual reboot?

As Alex indicated above, there is a know issue for some machines and shutting down during Pre-Test detects such system. You can find many workarounds in this thread to boot your machine without Rescue Disk, including an important one from Alex that should work all the time.

In your situation, you have to boot using USB Rescue Disk (it must be formatted using FAT32). This should work and at least you should be able to force your system to boot on it by going to BIOS boot menu.

Can you share the information about the model of your machine? Is it possible to post screenshots of the boot related options?

Last point: if you want to decrypt your system, don't do it from 1.19 rescue disk but rather from Windows because there is know issue in the OS decryption functionnality of 1.19 Rescue Disk.

[John Cassell]

Hi Alex/Mounir, thanks for the replies. My laptop is a HP 250 G5.

Alex I have read your link and it sounds like HP's really struggle with Veracrypt. Before I go down the troubleshooting route - is it possible to actually get this to work normally with HP (without having to know the boot menu?). If its not possible then I may just use format the laptop and use BitLocker instead?

Thanks
John

[Alex]

The solution below is tested.

HP boot loader differs from UEFI spec. It always loads EFI\Microsoft\Boot\Bootmgfw.efi and do not allow change boot order.

Probably you can do the following:
1. Rename EFI\Microsoft\Boot\bootmgfw.efi bootmgfw_ms.efi
2. edit DcsProp file and add config key
<config key="ActionSuccess">postexec file(EFI\Microsoft\Boot\bootmgfw_ms.efi)</config>
3. Copy DcsBoot.efi to EFI\Microsoft\Boot\bootmgfw.efi

To access from Windows EFI volume from admin console

mountvol o: /s
notepad o:\EFI\VeraCrypt\DcsProp
ren o:\EFI\Microsoft\Boot\bootmgfw.efi bootmgfw_ms.efi

[John Cassell]

Thanks very much Alex but from your post it seemed that, while this solution works, later on (because of Windows Updates) the boot order can then be changed. This laptop is for my boss who travels a lot so therefore it would be unacceptable for something regular like a Windows Update to potentially lock him out. Or do you feel I am wrong in this assumption? Thanks, John

[Alex]

Boot order cannot be changed from OS. DcsBml module blocks modification of boot order from OS.
Problem is bootmgfw.efi can be updated by windows update.

There are several possibilities:
1. You can setup Windows update server (WSUS) and control all updates of your computers.
2. You can try to setup boot loader as EFI driver instead of boot application. It is possible from EFI shell "bcfg" command

Note: 1.20B2 has several possibilities like RUD (require USB device) or hidden OS
https://veracrypt.codeplex.com/discussions/660061
https://veracrypt.codeplex.com/discussions/656304