Many people use TrueCrypt to encrypt their systems and maintain their data as safe as possible. Encrypting your computer when you have one operating system installed and one partition is relatively easy, even with TrueCrypt. But, what about encrypting your system drive when using a multi-boot setup? That's really complicated and this guide is here to help.
Prerequisites - What You Must Have Before You Start
There are a few things you need before moving ahead with the encryption process:
- The latest version of TrueCrypt, which can be downloaded from here: TrueCrypt Downloads.
- A blank CD on which to burn the TrueCrypt Rescue Disk. Creating this disc is mandatory and you won't be able to encrypt your system without it. If you plan to encrypt more than one computer, prepare a blank CD for each, as you cannot reuse the same disc on all computers.
- Plenty of time and patience. This process is very long, involves lots of careful reading and many steps. One wrong choice and you can encounter problems which are difficult to solve. Therefore, don't this if you don't have at least an hour to spare.
How to Encrypt the System Partition
After you install TrueCrypt, run the tool and press Create Volume.
The TrueCrypt Volume Creation Wizard now opens. You are asked to select what you want to encrypt. Select "Encrypt the system partition or entire system drive" and press Next.
Next you are asked about the type of encryption you would like to perform. Normal should work out for most users. Then, press Next.
Now you are asked what area of the hard drive you want to encrypt. "Encrypt the Windows system partition" is the best choice if you are interested in encrypting only the partition where Windows is installed. If you choose "Encrypt the whole drive", then the whole hard drive will be encrypted with all its partitions.
Select the option you prefer and press Next.
You are asked about the number of operating systems existing on your computer. Since this guide is about encrypting a system drive in a multi-boot configuration, I had to select Multi-boot and press Next.
Then, you receive a funny warning sharing that inexperienced users should never attempt to encrypting Windows in multi-boot configurations. 🙂
Have a laugh and press Yes to continue.
Then, you are asked whether the operating system you are encrypting is installed on the boot drive. The boot drive in this context means the hard drive where the Windows boot loader (or boot partition) is found. In most cases the answer is Yes. However, if your Windows installation is on another hard drive (not partition, but hard drive), you should select No.
After choosing the correct answer, press Next.
You are asked about the number of system drives on your hard drive. The language is a bit tricky here. If you have two or more operating systems installed on different partitions, you should select "2 or more". In a multi-boot configuration, this is always the correct answer.
Then, press Next.
You are now asked whether there are other operating systems installed on the hard drive on which the current operating system is installed. In most multi-boot configurations, users install multiple operating systems on different partitions on the same hard drive. If that's the case for you, then answer Yes.
If the other operating systems are installed on other hard drives, the answer is No.
Once you made the correct choice, press Next.
Next... another important question is asked: are you using a non-Windows boot loader on your master boot record (MBR)? If you have a Linux installation in your multi-boot setup, then the answer is Yes. If you have only Windows installations, then the answer is No. Make the appropriate choice and press Next.
You are informed how the multi-boot setup will work depending on the choices you've made. I strongly recommend that you carefully read everything and only then press Next.
You are asked to select the encryption and hash algorithms that will be used by TrueCrypt. Don't hesitate to read the official documentation, prior to making a choice. Information can be found here: TrueCrypt Encryption Algorithms.
Choose the algorithms you prefer and press Next.
You are asked to set a password. This password will be used to boot your system and access the encrypted operating system and also to decrypt or recover the encrypted drive. Make sure you don't forget this password and that it is a strong password.
Write the password twice and press Next.
If you have used a password shorter than 20 characters, you are warned by TrueCrypt. You can choose to use the password or change it for a stronger one.
Then, TrueCrypt collects some random data to generate your encryption keys. Move your mouse a couple of times on top of the encryption window and press Next.
You are informed that they keys have been generated. Press Next.
TrueCrypt now creates a rescue disc to be used in case of problems. Specify the location where it will store the ISO image of the disc and press Next.
Now you are informed that TrueCrypt will use the Windows Disc Image Burner to burn that image on a recovery disk. Press OK and the Windows Disc Image Burner window opens.
Insert the blank CD, press Burn and wait for the process to finish. If you need some help using this tool, check this tutorial: The Complete Guide to Burning Disk Images (ISO & IMG) In Windows 7.
After the disc is burned, Windows Disc Image Burner automatically ejects it. Insert it back into the drive and press Next in the TrueCrypt Volume Creation Wizard, so that it verifies the burned disc. If the check is successful, press Next to move on.
If the check is not successful, you will receive an error message similar to the one below. You won't be able to move ahead until the disc is burned and verified.
You are getting close to starting the encryption process. First, you are asked if you want TrueCrypt to wipe the empty space existing on the drive (so that any data still left on it is not recoverable) prior to encrypting your computer. Choose the Wipe mode you prefer and press Next.
Now, a pre-test is necessary, to confirm that your settings will work without problems, prior to encrypting the drive. Read the information presented by TrueCrypt and press Test.
You are shown some notes on what to do if Windows cannot start. Read and/or print the information displayed and press OK.
Now you are asked if you are OK to restart your computer. Press Yes.
Windows restarts and, before you boot, you need to enter the TrueCrypt password you have set. If entering the password works fine and you log into Windows, TrueCrypt resumes the encryption wizard and informs you that the pretest was completed.
NOTE: If for some reason your keyboard doesn't send the password while you type it, it means it was not initialized properly. Check your BIOS settings to make sure it is initialized at startup and your input is sent to the computer.
To finally start the encryption process, press Encrypt.
You are shown some additional information on how to use the TrueCrypt Rescue Disk you created earlier. Read the information being displayed and print it if you consider it useful. Then, press OK.
The encryption starts and takes quite a bit of time. Luckily, you can use your computer while the encryption is performed.
When done, you are informed about its success.
Press Finish to close the TrueCrypt Volume Creation Wizard.
The encrypted system partition is now shown in the TrueCrypt window.
Conclusion
Encrypting your system drive, when using a multi-boot configuration is a painful and lengthy process. However, it can be done by almost anyone. You just need to make sure you read everything carefully, choose your options wisely and you have the rescue disc available in case of issues.