Author Topic: should I encrypt thist 1st boot (system reserved) partition (1 GB) as well?  (Read 7120 times)

leopoldus

  • Newbie
  • *
  • Posts: 11
I deal now with encrypting.my new laptop's SSD with pre-installed Windows 7.
While thoroughly examining the SSD partitions, I have discovered, that there is a pre-configured small (less than 1,09 GB) hidden NTFS basic partition, which has the name "System_drv" - please see the screenshot below:
 

I'm not quite sure, but suppose it to be some special boot or system partition, as it is explained here http://windows.microsoft.com/is-is/windows7/what-are-system-partitions-and-boot-partitions. May be I mistake, don't sure...

However my question is, whether I should encrypt this partition too? It seems, that I can choose the proper encrypting command for this partition, but what are "pros" and "contras" of such step?

Thanks in advance!

P.S.
It seems, that for TrueCrypt is recommended not to encrypt this hidden partition (here http://forums.truecrypt.org/viewtopic.php?p=105412#105412 and here http://forums.truecrypt.org/viewtopic.php?p=105429#105429 at TrueCrypt support forum). But does it apply to DiskCryptor as well?

alkoro

  • Sr. Member
  • ****
  • Posts: 418
Re: should I encrypt thist 1st boot (system reserved) partition (1 GB) as well?
« Reply #1 on: September 26, 2013, 09:01:34 am »
Quote
whether I should encrypt this partition too?

Seems to be yes, you should to.
Usually, SYSTEM_DRV have 100 MB size. My advise, try to mount this partiton by attaching drive letter and check for hidden folder "Boot" and files "bootmgr","bootsec.bak" there. If its exists, then you should to encrypt this partiton too with "Windows7_OS" partition with same credentials.
OR :
1. copy/remove "Boot"  folder and bootmgr/bootsec.bak files to "Windows7_OS" partition. Do this from foreign system (attach hdd to another computer or use "Live CD"),
cause folder "Boot" are locked in active system.
2. encrypt "Windows7_OS" partition only
3. set up booting method option to "First partition with appropriate password"/"Specified partiton" in DC-bootloader configuration.
  OR
3. move active partition flag from "System_drv" to "Windows7_OS" by any low-level disk software or windows disk manager (from foreign system). DC-bootloader booting method may be any (I used Active or Boot disk MBR ) in this case.

leopoldus

  • Newbie
  • *
  • Posts: 11
Re: should I encrypt thist 1st boot (system reserved) partition (1 GB) as well?
« Reply #2 on: September 26, 2013, 03:32:49 pm »
: alkoro
Thank you for your explanations.

Quote
My advise, try to mount this partiton by attaching drive letter and check for hidden folder "Boot" and files "bootmgr","bootsec.bak" there. If its exists, then you should to encrypt this partiton too with "Windows7_OS" partition with same credentials.

Could you please take a look at the files lists of the root folder and other folders on this hidden "System_drv" partition to help me to understand, what thing is is and why is has size 1,09 GB  instead of common 100 MB:
 

Thanks in advance!

alkoro

  • Sr. Member
  • ****
  • Posts: 418
Re: should I encrypt thist 1st boot (system reserved) partition (1 GB) as well?
« Reply #3 on: September 26, 2013, 05:47:20 pm »
Quote
why is has size 1,09 GB  instead of common 100 MB:
MFGSTAT and Recovery folders seems as manufacturer's configuration, contained clean image of windows7 copy, needs to repair whole system.
As I see, if you encrypt this partition, you lost access to accident recovery.

My Acer notebook have dedicated recovery partiton, and clean installation of windows 7 starts at new (2nd) 100 MB and (3rd) windows partiton.

leopoldus

  • Newbie
  • *
  • Posts: 11
Re: should I encrypt thist 1st boot (system reserved) partition (1 GB) as well?
« Reply #4 on: September 26, 2013, 06:44:45 pm »
alkoro
MFGSTAT and Recovery folders seems as manufacturer's configuration, contained clean image of windows7 copy, needs to repair whole system.
As I see, if you encrypt this partition, you lost access to accident recovery.

Thank you, I see.

But as much as I can understand, in your previous post your position was rather to encrypt this hidden partition and in your last post it is rather not to encrypt, am I right? So what's your final advice at this point?
« Last Edit: September 26, 2013, 06:46:29 pm by leopoldus »

alkoro

  • Sr. Member
  • ****
  • Posts: 418
Re: should I encrypt thist 1st boot (system reserved) partition (1 GB) as well?
« Reply #5 on: September 27, 2013, 08:32:18 am »
Quote
So what's your final advice at this point?
in your case -
Copy boot+bootmgr from SYSTEM_DRV to Windows7_OS partition (junc them with Windows).
Take windows partition as Active.
Then its done - (re)boot and make sure that reboot is ok.
After that encrypt Windows partition and set-up bootloader with "Boot from active partiton"/"First partition with appropriate password"/"Specified partiton" option.
Keep first partiton unencrypted, and do not delete it (because Windows bootmanager remember windows leave on 2nd partiton).
If you want to reinstall whole system in future, just make first partiton as active [upd]:+ remove DC-bootloader, of course and (seems to be) press some keys (or what function?) to execute manufacturer's restore.
« Last Edit: September 27, 2013, 09:05:25 am by alkoro »