Recovery Partition with Hidden OS help?

[Anonymous]

Hello,

I've recently just bought a new laptop which I plan on using for my Hidden Operating System. Before I go ahead and create the Hidden Operating System there are a few questions i'd like to ask just in case things go wrong like they have many times before!

The laptop comes with a recovery partition which I can use to the reset the Laptop back to it's factory defaults. Has 1TB of Hard Drive space.

1. After I have finished wiping the area where the original OS was. Can I use the recovery partition to re-install the OS on the original partition and use that as my Decoy OS? Will this remove the Outer Volume in the process of re-installing using the recovery partition?

2. Previously when I attempted to create a Hidden Operating System on a different computer I came across an annoying problem. It gave me an error saying that my install of Windows has a seperate boot partition and that if I keep the boot partition then the Decoy OS must be encrypted with same encryption method as the Hidden OS. And if I wanted to remove the boot partition I would have to do it by reinstalling Windows. Is there anyway I can remove the boot partition for Windows without having to do what VeraCrypt says and re-install Windows and merge the two together during re-installation.

3. Once the whole process of creating the Hidden Operating System has been completed and I wanted to change some of the sensitive looking files which were already on the Outer Volume. If I were to add to many files by accident will it damage the Hidden OS because I will have overwritten some of it?

4. Are there any major disadvantages to having a Hidden Operating System? Will it impact on anything I do on my Decoy OS or will it just be like a normal OS. Will it impact on anything I do on my Hidden OS or will it just be like a normal OS aswell.

Sorry if these questions are hard to understand but i'm doing my best. Thanks for taking the time to read this!

[Mounir IDRASSI]

Hi,

1. First, the OS re-installed using the recovery partition can't be called a decoy OS. By using a unencrypted OS, the hidden OS paradigm doesn't exist anymore. Concerning your question, it depends on how the recovery process works. There are recovery partitions that only re-install the OS on a given partition but there are also recovery partitions that will erase the entire disk. So, it is better to check with the manufacturer of your PC.
2. The easiest way is to avoid having this extra boot partition. You can find several methods on the internet on how to do that. If you can't avoid having this boot partition, then you must use the same encryption algorithm for both decoy and hidden OS.
3. Yes, writing too much data to the outer volume can damage the hidden OS. That's why there is a mount option to protect the hidden volume inside the outer. So, use this option!!
4. A hidden OS is like a normal OS apart from the fact that "that all local unencrypted filesystems and non-hidden VeraCrypt volumes are read-only". This is explained in the documentation. Decoy OS and hidden OS are two different things and they are separate. There is no link between them apart from the creation process where the hidden OS is created by copying the decoy OS.

I hope I answered your questions. Please be aware that you need to careful practice this technology before going further. VeraCrypt can't be held responsible for any damage that may occur.
Last point: most of what I have written is already present in the documentation. The objective of the documentation is to reduce the burden of answering individual questions. So, I always asks to do efforts and read the documentation carefully before asking but judging from the different posts of the forums (and the private emails I receive), people seem to have difficulty reading or understanding the documentation.

[Anonymous]

Thanks, sorry for the questions. I just had difficulty understanding the documentation at times.

You have answered everything I need!

Thanks again.

[Anonymous]

Hi again it's me.

Just another few questions please.

1. Before I do anything to do with encryption I will clone the entire OS onto an external hard drive. I will then create the Hidden OS. After the Hidden OS has been created I will then copy the OS from the external hard drive back onto the first partition and use that as my Decoy OS. Will this work?

2. If I do have a recovery partition which does not support reinstalling the OS to a specific partition and instead wipes the whole drive before reinstalling, would I be able to clone the Outer Volume partition onto an external hard drive and then let the recovery partition reinstall the OS. After that, can I just clone the Outer Volume back onto the Computer and then encrypt the fresh install to become the Decoy OS. Will this work?

3. If I wasn't able to remove the system reserved partition and ended up having to encrypt the Decoy OS and the Hidden OS with the same Encryption Algorithm and Hash Algorithm (Both will be a cascading encryption and Whirlpool) what explanation could I give to an adversary that would still create Plausable Deniability for the decoy OS to be installed with a cascading encryption and strong Hash?

I'm real sorry for all these questions. Thanks very much for reading them!

Bye.