TrueCrypt system partition whole drive encryption on Windows 8.1

Windows 8.x is not listed as a supported operating system in TrueCrypt’s Supported OS’s http://www.truecrypt.org/docs/supported-operating-systems

truecryptsupportedos

Whole disk encryption was one of my key requirements to use Windows 8.1 as my primary OS on my primary device. Work, personal, and lab. No, unencrypted won’t do. Add to that every USB stick and drive I have is TrueCrypt encrypted.

I’d like to say I’m uber cool and run Kali bleeding edge as my primary OS but it just doesn’t work for my situation. Believe me I tried. For one it’s a work supplied laptop and 99.99% of my tools and responsibility are Windows servers. Not Linux, not pentesting 😦

No guts, no glory. Right? I decided to install it anyway. Googling wasn’t having very positive results. Most of the issues seemed to center around UEFI-based computers (GPT). Fine with me. I’m a BIOS/MBR man from way back.

It appears Windows 8.x is on TrueCrypt’s roadmap http://www.truecrypt.org/future

TCroadmap

I backed up my drive (SSD) to an encrypted USB drive. Afterward, I deleted the partitions and installed Windows 8.1 from scratch.

After installation, I patched it current and installed TrueCrypt latest stable version 7.1a. Default install.

I selected System > Encrypt system partition/drive and went through the other selections to encrypt the whole drive. After rebooting and testing successful I started the encryption process. Nine hours later it reported 100% encrypted.

Now was pucker time. Reboot.

Prompting me for my TrueCrypt passphrase

Starting Windows < Gooooooal! Uglier than Windows 7 but functioning. The next idea sounded brilliant at the time but later lead to having to restore the volume header. I installed True Image to take an image of the install so if/when it did corrupt I could reapply the image and save some time.

If you don’t know True Image try it. It will save you some time later on 🙂

Installing Acronis True Image 2014 went fine. Curious, I reviewed features and under tools and utilities was an interesting option which momentarily look like a genius time saver for what I was testing. The Acronis Startup Recovery Manager – If Windows works unstably, press F11 at boot time and recover your data or whole system.

So those of you that are know the product or have read any numerous of the excellent Acronis documents and help files know that this mishap was 100% cowboy self inflicted. Yes, Irony is a cruel lover and sometimes it’s fun.

Installing Acronis Startup Recover Manager wiped out my volume header. Making the drive nonbootable. The data fortunately safely encrypting at rest. Booting from my TrueCrypt Recovery ISO, saved at original volume encryption, I restored functionality by restoring the Volume Header. This was a lesson of why TrueCrypt forces you by default to burn an ISO or the volume encryption will not be allowed. Of course this can be overridden by command line switch. Like I did. If you do, make sure you backup the ISO file and secure it appropriately.

Also note, that if you change your passphrase and forget, this disc can be used to change the volume passphrase. This requires that you remember the initial passphrase that is protecting the master key on the disc. This is set during the initial install.

Besides that wild west moment, it’s been a little over a week and I have pounded it installing, uninstalling, a lot of disk i/o and no issues or corruption thus far.

One issue I have identified is the Windows feature File History is unable to use a mounted TrueCrypt disk as a destination for the backup.

File History is the love child of briefcase and Windows backup. Sure you can take system images but everything is geared more toward files data set backups and versioning verse bit for bit backup and recovery. You fully recover by restoring a system image then restore your files with File History. The issue being that another whole disk encryption solution is needed for the destination drive or physical security must be maintained. The later being a poor choice in my opinion as there is always possibilities of hardware walking away. Also a second symptom showed itself when creating new File History Jobs. When File History looks for backup devices it returns an error when mounted USB drives were encountered. True Image as well could not use a mounted USB has the destination in my tests.

I’m going to continue to use it and see how far down the road the future update is.

Thanks,

Scott Bollinger / kfalconspb / www.bollingerusa.com

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s