Dual Boot VeraCrypt Windows + Linux (solution for 2 pendrives)

Spread the love

Good morning,

Today I’m going to describe the way I encrypted a computer with a Linux and Windows disk using VeraCrypt.

In my case, Windows was encrypted with VeraCrypt and Linux was encrypted on a hidden system partition using LUKS. LUKS, like VeraCrypt, is a very powerful encryption system for Linux.

Both VeraCrypt and LUKS are referred to as “paranoid encryption systems

I used a slightly more complex dual boot encryption system. To run Linux, you need two low capacity flash drives !!! 🙂

In my case, I encrypted Windows 10 and Linux MX (latest release).

The way I bypassed the forced windows boot is that the Linux boot loader (GRUB) was placed on a separate flash drive and not on the encrypted partition itself.

Here are the steps I took:

  1. Create two system partitions on the hard disk:
    a) Linux MX – ext4 filesystem
    b) Windows 10 – NTFS filesystem
  2. Installing Linux MX on a system partition with an ext4 file system.
  3. During the installation of Linux MX I chose the system encryption option and the bootloader location on a pendrive (it is possible) and this is a function built into the Linux MX operating system. After going through the setup procedure, the system partition was fully encrypted with the LUKS encryption system, but I might as well encrypt it with VeraCrypt after installation.
  4. Linux MX was installed, however, without using a bootloader pendrive (GRUB) will not start.
  5. In BIOS, we set the boot order to
    a) flash drive
    b) cd / dvd rom
    c) hard drive
  6. Now, after inserting the flash drive with the Linux bootloader, we can boot the system and decrypt the system partition.
  7. Close the system and insert the Windows 10 installation media (CD or bootable flash drive).
  8. Install Windows, then install Veracrypt on it and start the encryption process.
  9. After full encryption, reboot the system. Only the Veracrypt bootlader (Windows 10) is displayed NOW.
  10. We enter our password and we are in decrypted Windows 10.
  11. To start Linux, put the pendrive with bootloader (GRUB) and start the computer. Our computer should boot into the Linux MX bootloader.
    In my case, however, it did not happen, I don’t know why, but VeraCrypt stops booting GRUB from pendrive.
  12. I solved by creation a second bootable flash drive with SuperGrub2 program. (I created a bootable USB flash drive with Linux and SuperGrub2 using Rufus).
  13. Then I connected the GRUB Linux pendrive and the second SuperGrub2 pendrive. Now BIOS recognized bootloader. In the SuperGrub2 menu, I chose detection od bootloaders on my computer.
    We will see Linux bootloader / GRUB and Windows 10 bootloader.
  14. Now we can select the system we want to boot after decryption.
  15. Now our Linux system is double protected (LUKS or VeraCrypt) + 2 flash drives to run 🙂

I think that the solution that I created provides a very high level of security when working with Linux, because it will not be launched without 2 pendrives and partition decryption. Tip. I always use passwords over 40 characters with upper and lower case letters, special characters and numbers.

Leave a Reply

Your email address will not be published. Required fields are marked *