Today I’m going to describe the way I encrypted a computer with a Linux and Windows disk using VeraCrypt.
In my case, Windows was encrypted with VeraCrypt and Linux was encrypted on a hidden system partition using LUKS. LUKS, like VeraCrypt, is a very powerful encryption system for Linux.
Both VeraCrypt and LUKS are referred to as “paranoid encryption systems“
I used a slightly more complex dual boot encryption system. To run Linux, you need two low capacity flash drives !!! 🙂
In my case, I encrypted Windows 10 and Linux MX (latest release).
The way I bypassed the forced windows boot is that the Linux boot loader (GRUB) was placed on a separate flash drive and not on the encrypted partition itself.
Here are the steps I took:
- Create two system partitions on the hard disk:
a) Linux MX – ext4 filesystem
b) Windows 10 – NTFS filesystem
- Installing Linux MX on a system partition with an ext4 file system.
- During the installation of Linux MX I chose the system encryption option and the bootloader location on a pendrive (it is possible) and this is a function built into the Linux MX operating system. After going through the setup procedure, the system partition was fully encrypted with the LUKS encryption system, but I might as well encrypt it with VeraCrypt after installation.
- Linux MX was installed, however, without using a bootloader pendrive (GRUB) will not start.
- In BIOS, we set the boot order to
a) flash drive
b) cd / dvd rom
c) hard drive
- Now, after inserting the flash drive with the Linux bootloader, we can boot the system and decrypt the system partition.
- Close the system and insert the Windows 10 installation media (CD or bootable flash drive).
- Install Windows, then install Veracrypt on it and start the encryption process.
- After full encryption, reboot the system. Only the Veracrypt bootlader (Windows 10) is displayed NOW.
- We enter our password and we are in decrypted Windows 10.
- To start Linux, put the pendrive with bootloader (GRUB) and start the computer. Our computer should boot into the Linux MX bootloader.
In my case, however, it did not happen, I don’t know why, but VeraCrypt stops booting GRUB from pendrive.
- I solved by creation a second bootable flash drive with SuperGrub2 program. (I created a bootable USB flash drive with Linux and SuperGrub2 using Rufus).
- Then I connected the GRUB Linux pendrive and the second SuperGrub2 pendrive. Now BIOS recognized bootloader. In the SuperGrub2 menu, I chose detection od bootloaders on my computer.
We will see Linux bootloader / GRUB and Windows 10 bootloader.
- Now we can select the system we want to boot after decryption.
- Now our Linux system is double protected (LUKS or VeraCrypt) + 2 flash drives to run 🙂
I think that the solution that I created provides a very high level of security when working with Linux, because it will not be launched without 2 pendrives and partition decryption. Tip. I always use passwords over 40 characters with upper and lower case letters, special characters and numbers.