Old MBR FDE vs new UEFI system partition encrypt only

Open source disk encryption with strong security for the Paranoid

Brought to you by: idrassi

Old MBR FDE vs new UEFI system partition encrypt only

Forum: Technical Topics

Creator: jeanelle5

Created: 2022-10-23

Updated: 2022-10-24

jeanelle5 - 2022-10-23

I want to migrate onto new platform from over 10years old one. (amd phenom generation)
It have regular legacy bios with some just some features like support for +3TB hard drives (still its old school bios)
Now I want to get some last gen AM5 platform or Intel 13gen one
My issue is according to news they has dropped support for legacy boot mode (?)
So I wont be able to boot my old system at all on those?
...And so Im being left just with strict uefi boot mode
When using uefi boot mode in veracrypt full drive encryption is grayed out so you can only encrypt current partition... Isnt that actual security issue? Even when windows is being installed on single partition it always creates like 3-5 for recovery or whatever they call it.
Cannot files be written on there (hidden boot partition) by bad actors and then its all left being unencrypted?
How about "Host Protected Area" from this picture?
https://www.wintips.org/wp-content/uploads/2019/01/image-75.png

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

jeanelle5 - 2022-10-23

https://en.wikipedia.org/wiki/Microsoft_Reserved_Partition
So this partition isnt encrypted when using EFI boot mode... and it can store data....?

The UEFI specification does not allow hidden sectors on GPT-formatted disks. Microsoft reserves a chunk of disk space using this MSR partition type, to provide an alternative data storage space for such software components which previously may have used hidden sectors on MBR formatted disks.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Gary Marks - 2022-10-23

Legacy MBR booting is still supported on some AM5 platforms. For example, here's a link to a manual for MSI motherboards...
http://download.msi.com/archive/mnu_exe/mb/AMDAM5BIOS.pdf
Check on page 18 in the section "Boot Mode Select." I also use legacy booting (on the AM4 platform), due to its ease with multi-boot arrangements. Keep in mind that legacy MBR booting may not necessarily be available on a prebuilt computer, so this may be a DIY-only path, and also be aware that Windows 11 strictly requires UEFI booting.

I'll leave your UEFI-related questions for others to answer. I only wanted to clear up the prematurely reported death of MBR booting :)

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- jeanelle5 - 2022-10-24
  
  Thanks a lot for pointing this out Gary!
  Now I'm sure about going for AMD platform instead of Intel, even if it is going to be way more expensive with less theoretical performance.
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.