Encrypting a 2-HDD set-up with dual-boot Debian+Windows on 1 drive and Program Files+Data on the other

1

I had the following set-up in mind: SSD 1: Dual boot Debian + Windows (base OS only). HDD 2: Used for Program Files + Data.

I assume that if I encrypt both drives separately, errors will show up because once Windows has booted it can't find start-up programs for example because the HDD drive isn't unlocked yet.

Is it possible to encrypt both drives as a whole? If so, how (by software)? Debian partitions can be encrypted as a whole, can I divide those partitions between the SSD and HHD? Maybe a RAID configuration if by software is not possible? Bear in mind that my configuration has 1 SSD and 1 HDD.

Jan

Posted 2015-09-27T11:38:57.917

Reputation: 11

Answers

0

I don't believe what you are doing is possible (because the OS's have different options for whole disk encryption for the OS, however I wonder if its actually even the best way of doing it.

I would attempt something as follows - although it may not answer your concerns, depending on why you are doing the encryption:

  1. I'd divide the 128 Gig SSD into multiple partitions and house both OS's on it, ie dual boot it. I would NOT encrypt these.

  2. Once the OS's are installed I'd install Veracrypt (I have not used Veracrypt, I used its predecessor Truecrypt, but same idea) on each OS.

  3. I'd encrypt the HDD using Veracrypt, and store all my documents and stuff worth encrypting on it. (This might include moving my home directory onto it under both Linux and Windows - not Trivial, but doable)

davidgo

Posted 2015-09-27T11:38:57.917

Reputation: 49 152

That's the way I had it in mind, a Linux partition and Windows partition on SSD. And Data on HDD. But the answer I was looking for was, If I encrypt both drives separately, will I be asked for both passwords on boot? Because, if only the OS partition gets unlocked, I'm afraid errors start to appear.. Which makes this whole set-up useless. Thanks for your answer btw :) – Jan – 2015-09-29T17:38:47.833

Its a bit difficult to understand what you are asking - What do you mean by "both passwords" ? I imagine the answer to your question is "it depends on your distro, but no, you will not usually be automatically prompted" unless you modify the startup script. Why do you need to encrypt to OS partition though ? – davidgo – 2015-09-29T18:05:13.183

I encrypt SSD, it is protected bij password A. And I encrypt HDD, it is protected by password B. Will I be asked for password A first and directly after that password B? Will both drives be unlocked at boot if they are separately encrypted? Or will only the SSD (OS drive) be unlocked at boot? I don't see what the reason to encrypt has to do with this whole thing, but I just want a decent lock on my virtual door.. To protect my privacy in my own virtual home, to protect my personal data, and to protect my business data. – Jan – 2015-10-03T07:30:58.930

The question about "reason to encrypt" is to establish why you would want to encrypt the OS partitions. Life would be a lot easier for you if you did not do this. Unless you have a startup script or configuration added, only the Boot drive will be decrypted. On the other hand, if you are wanting to be paranoid about all hints of your data you need to encrypt your SWAP as well. OS encryption makes life a lot harder (and slower) as you need a minimal environment to load before the OS can load, which means more partitions and complexity. – davidgo – 2015-10-03T07:36:36.667

If it was not hard and complex I wouldn't be asking here. I just want this extra security, I am aware that it is hard, slow, etc. And I am willing to sacrifice. I already know how to encrypt and wipe Windows SWAP (pagefile.sys) and use it. I already use a VM Debian with FDE(incl. SWAP partition) for testing. Thank you for mentioning that only the Boot drive will be decrypted. – Jan – 2015-10-04T17:25:17.177

Asked: 2015-09-27T11:38:57.917

Viewed: 400 times

Active: 2015-09-27T23:53:27.420