From DiskCryptor wiki
Jump to: navigation, search


If the following advises did not help please visit forum's Tutorials section.

How to Backup

  1. Backup your data
  2. Backup encrypted volume header via DC menu
  3. Backup file system header ?

How to Encrypt

System/Boot partition (single OS configuration)

  1. If you computer has UEFI/GPT that are not supported by DC bootloader:
  2. 100–500mb System Reserved partition
    1. Copy/remove "Boot" folder and bootmgr/bootsec.bak files to main Windows partition. Do this from foreign system (attach HDD to another computer or use "Live CD"), cause folder "Boot" are locked in active system.
    2. Encrypt only main Windows partition
    3. Set booting method:
      • Set up booting method option to "First partition with appropriate password"/"Specified partiton" in DC bootloader configuration. OR
      • Move active partition flag from System Reserved to main Windows partition by any low-level disk software or windows disk manager (from foreign system). DC-bootloader booting method may be any (I used Active or Boot disk MBR) in this case. forum
  3. ~1Gb Recovery partition from notebook manufacturer. Encryption is not required. forum
  4. Main Windows partition

System/Boot partition (multi OS configuration)

  1. 10 and 10
  2. 7 and 7
  3. 7 and XP
  4. 7 and linux
  5. XP and XP (one encrypted and one not)
  6. XX and XX

Tips for Designing Multiboot Configurations

Customizing a computer to perform a dual boot requires close attention to details. The Diskcryptor bootloader is designed to flexibly accommodate an abundance of dual boot scenarios, not all of which are discussed here in detail. What is presented here are tips to make a dual boot configuration work with Diskcryptor.

After the computer is started and the user enters a password, Diskcryptor allows chainloading of partitions that are encrypted with the password that was entered, as well as chainloading of unencrypted partitions. Diskcryptor supports chainloading of multiple partitions sequentially. For example, Diskcryptor may first cause a boot manager to be started on a certain encrypted partition. Then after the user selects an encrypted operating system located on another partition, that operating system starts with the help of Diskcryptor. For this to work, the boot manager partition and the operating system partition need to be encrypted with the same password.

If the configured booting method for Diskcryptor's bootloader is "first partition with appropriate password", it is possible to use two different passwords so that each password would result in Diskcryptor chainloading a different encrypted partition initially. For example, there is one disk in the computer with two partitions. The first partition is encrypted with password A. The second partition is encrypted with password B. If A is entered at the prompt, Diskcryptor chainloads the first partition; and if B is entered at the prompt, Diskcryptor chainloads the second partition. The first and second partitions each contain one Windows operating system from this list: XP, 7, 8, 10.

It is important to note that standard installations of Windows 7 and later have a boot manager partition which is separate from the operating system partition (C drive). It is possible to install Windows 7 or later, then remove the separate boot manager partition, and finally create a new functional copy of the boot manager inside the operating system partition. In the dual boot example above where passwords A and B are used, it is assumed that if Windows 7 or above is present in one of the partitions, this partition has been prearranged to include the boot manager for the operating system located there. The boot manager in the first partition needs to point the computer to the first partition on the disk, and the boot manager in the second partition needs to point the computer to the second partition on the disk.

It is also important to note that Diskcryptor's bootloader does not support GPT partitioned disks and UEFI native mode startup. It supports MBR partitioned disks and BIOS mode startup. BIOS mode startup may be emulated by a computer with UEFI if the boot mode is set to "legacy" or "CSM".

For more information about bootloader setup, look here: Bootloader

Experimentation with dual boot configurations may be done in virtual machines, using software such as VirtualBox or VMware Player. This can serve to isolate the experimental changes from the boot setup on the host computer. If two separate installations of Windows 7 are desired, each encrypted with a different password, here is a suggestion: Determine how to install unencrypted Windows 7 on a computer, so that the disk contains only one partition. Then determine how to install unencrypted Windows 7 on a computer so that the disk has two partitions, and the first partition is an unbootable encrypted data partition. Make partition images of the successful Windows 7 installations. Restore both system images to the disk as separate partitions, and do not leave the unbootable partition on the disk. (The system configured to come after an unbootable partition should be placed second, and the system configured to be within the only partition on a disk should be placed at the beginning of the disk.) Use a LiveCD to encrypt both partitions with different passwords, and install the Diskcryptor bootloader. Activate the bootloader option "first partition with appropriate password". Avoid conducting tests while using a computer that is connected to a drive containing information that must not be lost.

MultiOS configuration at one HDD (RUS)

MultiOS + Win7 100MB Bootpartition deleting(junction) (RUS) + more

Data partition