1
1
I have some questions about how TrueCrypt and other Encryption Software work.
TrueCrypt overrides the Bootcode in the MBR. Is there any other TrueCrypt Code on the disk which is not encrypted (Chain Loader?) If so, where is the second-stage Bootloader of TC stored? In the so-called mbr-gap between the mbr and the first partition?
Is it correct that other encryption software that can work with UEFI and GPT store their bootloader in the efi system partition?
The Windows Bootloader is stored on the system partition and is not overriden, right?
When the Computer starts, the user has to enter a password in order to encrypt the disk. If the password is correct, the TrueCrypt Bootloader loads the OS. TrueCrypt installs a driver that detects every access to the disk and encrypts / decrypts on-the-fly. How is it possible to start this driver, before the OS has started?
Yes but I'm not sure, if the TrueCrypt Loader really overrides the Windows Loader because I dont know where the Windows Loader is stored. Is the MBR Bootloader overriden and the 2-level Windows loader which is stored on the disk is encrypted? And is the entire TrueCrypt Loader stored in the MBR or is the MBR loading a 2-level Truecrypt bootloader from the disk that is not encrypted? – Max – 2015-09-01T11:24:36.530
I've updated the question and made some improvements – Max – 2015-09-02T08:42:53.423