May 3, 2010

How to Encrypt Windows 7/Vista on a Dual Boot System

The aim of this post is to explain how to encrypt MS Windows 7/Vista using TrueCrypt after having installed and encrypted Ubuntu GNU/Linux as explained earlier.

Note: I am aware that certain editions of MS Windows 7, for example, allows the user to use (MS acquired) BitLocker; however, for certain reasons, I prefer not to use BitLocker and to use TrueCrypt instead.

In order to do this, you will have to:
1. Install TrueCrypt on your Windows machine.
2. In TrueCrypt, go to the System menu and choose "Encrypt System Partition/Drive..." Then answer the questions that follow next. On my test systems, the answers were as follows.
3. Type of System Encryption: Normal.
4. Area to Encrypt: Encrypt the Windows system partition. (GNU/Linux is already encrypted.)
5. Number of Operating Systems: Multi-boot. (because I have a GNU/Linux installation.)
6. Boot Drive: Yes. (I tried two different installations, in one case Windows 7 had a separate 100 MB boot partition and in the other case Windows 7 didn't have one. In both cases, answering "Yes" to this question will yield the required results.)
7. Number of System Drives: 1 (I was trying this on a system with 1 hard disk.)
8. Non-Windows Bootloader: No (GRUB was not installed on the MBR; it was installed on the GNU/Linux /boot partition instead.)

After this step, you will be asked to burn a TrueCrypt recovery CD. Once this CD is created, you will be able to test your system (not encrypted yet) with the TrueCrypt Bootloader. If everything went fine, you will be asked to encrypt your hard drive - a step that will take one or more hours depending on the size of your hard disk, choice of encryption algorithm, among other options which you might have chosen.

This is a screenshot of the TrueCrypt bootloader menu.


You can hit Esc key to boot other partitions, such as the GRUB installed on a /boot.


If you choose to boot the GNU/Linux parition from the TrueCrypt Boot Loader menu, you will be taken to the familiar GRUB page as this one.

This GRUB menu is still not updated after encrypting the Windows parition; therefore, it still enlists Windows 7 among the boot options. Choosing to boot Windows 7 from GRUB will result in an error (because it is encrypted!). Updating the GRUB menu should remove Windows 7 from the list.