Encrypting hard drive containing the MBR with Veracrypt
Clash Royale CLAN TAG#URR8PPP
I have three hard drives in my laptop: /dev/sdc (an mSATA drive) is where the system is installed and is completely encrypted with LUKS. /dev/sdb (for media/text files - the majority of /home) was encrypted with Veracrypt and decrypted and mounted on boot via crypttab and fstab.
During the installation (Manjaro calamares installer) I installed the MBR on /dev/sda as I previously had problems with trying to boot from the other hard drives. When I start the machine it reads the MBR from /dev/sda, I enter my password, it decrypts /dev/sdc and boots into Manjaro.
Currently /dev/sda is unencrypted but I would like to encrypt it via Veracrypt and decrypt/mount on boot like I do already with /dev/sdb. However, I am worried that by fully encrypting this drive I will not be able to boot into the system as this HDD contains the MBR.
Could someone tell me if the encryption affects the reading of the MBR at all or will encrypting the drive cause no problems? The drive also has the "/boot" flag.
Thank you
linux encryption luks mbr veracrypt
asked Dec 29 '18 at 0:54
swhizzleswhizzle
62
add a comment |
I have three hard drives in my laptop: /dev/sdc (an mSATA drive) is where the system is installed and is completely encrypted with LUKS. /dev/sdb (for media/text files - the majority of /home) was encrypted with Veracrypt and decrypted and mounted on boot via crypttab and fstab.
During the installation (Manjaro calamares installer) I installed the MBR on /dev/sda as I previously had problems with trying to boot from the other hard drives. When I start the machine it reads the MBR from /dev/sda, I enter my password, it decrypts /dev/sdc and boots into Manjaro.
Currently /dev/sda is unencrypted but I would like to encrypt it via Veracrypt and decrypt/mount on boot like I do already with /dev/sdb. However, I am worried that by fully encrypting this drive I will not be able to boot into the system as this HDD contains the MBR.
Could someone tell me if the encryption affects the reading of the MBR at all or will encrypting the drive cause no problems? The drive also has the "/boot" flag.
Thank you
linux encryption luks mbr veracrypt
asked Dec 29 '18 at 0:54
swhizzleswhizzle
62
1
possibly related
– RubberStamp
Dec 29 '18 at 1:44
Thank you! I've read the question before and I assume that due to the question being asked then the MBR never gets encrypted from FDE. However, I wouldn't mind someone confirming this to be the case.
– swhizzle
Dec 29 '18 at 2:02
My experience is always "on-the-job" ... I'll be glad to run a test after Jan 2nd... I'll bookmark and give it a try if no one else gets to it first.
– RubberStamp
Dec 29 '18 at 2:05
If Veracrypt works with loop files, you could make create a "test drive" with a MBR, then see exactly what veracrypt does
– Xen2050
Dec 29 '18 at 5:14
add a comment |
I have three hard drives in my laptop: /dev/sdc (an mSATA drive) is where the system is installed and is completely encrypted with LUKS. /dev/sdb (for media/text files - the majority of /home) was encrypted with Veracrypt and decrypted and mounted on boot via crypttab and fstab.
During the installation (Manjaro calamares installer) I installed the MBR on /dev/sda as I previously had problems with trying to boot from the other hard drives. When I start the machine it reads the MBR from /dev/sda, I enter my password, it decrypts /dev/sdc and boots into Manjaro.
Currently /dev/sda is unencrypted but I would like to encrypt it via Veracrypt and decrypt/mount on boot like I do already with /dev/sdb. However, I am worried that by fully encrypting this drive I will not be able to boot into the system as this HDD contains the MBR.
Could someone tell me if the encryption affects the reading of the MBR at all or will encrypting the drive cause no problems? The drive also has the "/boot" flag.
Thank you
linux encryption luks mbr veracrypt
asked Dec 29 '18 at 0:54
swhizzleswhizzle
62
I have three hard drives in my laptop: /dev/sdc (an mSATA drive) is where the system is installed and is completely encrypted with LUKS. /dev/sdb (for media/text files - the majority of /home) was encrypted with Veracrypt and decrypted and mounted on boot via crypttab and fstab.
During the installation (Manjaro calamares installer) I installed the MBR on /dev/sda as I previously had problems with trying to boot from the other hard drives. When I start the machine it reads the MBR from /dev/sda, I enter my password, it decrypts /dev/sdc and boots into Manjaro.
Currently /dev/sda is unencrypted but I would like to encrypt it via Veracrypt and decrypt/mount on boot like I do already with /dev/sdb. However, I am worried that by fully encrypting this drive I will not be able to boot into the system as this HDD contains the MBR.
Could someone tell me if the encryption affects the reading of the MBR at all or will encrypting the drive cause no problems? The drive also has the "/boot" flag.
Thank you
linux encryption luks mbr veracrypt
linux encryption luks mbr veracrypt
asked Dec 29 '18 at 0:54
swhizzleswhizzle
62
asked Dec 29 '18 at 0:54
swhizzleswhizzle
62
edited Dec 29 '18 at 10:44
swhizzle
asked Dec 29 '18 at 0:54
swhizzleswhizzle
62
asked Dec 29 '18 at 0:54
swhizzleswhizzle
62
asked Dec 29 '18 at 0:54
swhizzleswhizzle
62
62
1
possibly related
– RubberStamp
Dec 29 '18 at 1:44
Thank you! I've read the question before and I assume that due to the question being asked then the MBR never gets encrypted from FDE. However, I wouldn't mind someone confirming this to be the case.
– swhizzle
Dec 29 '18 at 2:02
My experience is always "on-the-job" ... I'll be glad to run a test after Jan 2nd... I'll bookmark and give it a try if no one else gets to it first.
– RubberStamp
Dec 29 '18 at 2:05
If Veracrypt works with loop files, you could make create a "test drive" with a MBR, then see exactly what veracrypt does
– Xen2050
Dec 29 '18 at 5:14
add a comment |
1
possibly related
– RubberStamp
Dec 29 '18 at 1:44
Thank you! I've read the question before and I assume that due to the question being asked then the MBR never gets encrypted from FDE. However, I wouldn't mind someone confirming this to be the case.
– swhizzle
Dec 29 '18 at 2:02
My experience is always "on-the-job" ... I'll be glad to run a test after Jan 2nd... I'll bookmark and give it a try if no one else gets to it first.
– RubberStamp
Dec 29 '18 at 2:05
If Veracrypt works with loop files, you could make create a "test drive" with a MBR, then see exactly what veracrypt does
– Xen2050
Dec 29 '18 at 5:14
1
1
possibly related
– RubberStamp
Dec 29 '18 at 1:44
possibly related
– RubberStamp
Dec 29 '18 at 1:44
Thank you! I've read the question before and I assume that due to the question being asked then the MBR never gets encrypted from FDE. However, I wouldn't mind someone confirming this to be the case.
– swhizzle
Dec 29 '18 at 2:02
Thank you! I've read the question before and I assume that due to the question being asked then the MBR never gets encrypted from FDE. However, I wouldn't mind someone confirming this to be the case.
– swhizzle
Dec 29 '18 at 2:02
My experience is always "on-the-job" ... I'll be glad to run a test after Jan 2nd... I'll bookmark and give it a try if no one else gets to it first.
– RubberStamp
Dec 29 '18 at 2:05
My experience is always "on-the-job" ... I'll be glad to run a test after Jan 2nd... I'll bookmark and give it a try if no one else gets to it first.
– RubberStamp
Dec 29 '18 at 2:05
If Veracrypt works with loop files, you could make create a "test drive" with a MBR, then see exactly what veracrypt does
– Xen2050
Dec 29 '18 at 5:14
If Veracrypt works with loop files, you could make create a "test drive" with a MBR, then see exactly what veracrypt does
– Xen2050
Dec 29 '18 at 5:14
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f491401%2fencrypting-hard-drive-containing-the-mbr-with-veracrypt%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f491401%2fencrypting-hard-drive-containing-the-mbr-with-veracrypt%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
possibly related
– RubberStamp
Dec 29 '18 at 1:44
Thank you! I've read the question before and I assume that due to the question being asked then the MBR never gets encrypted from FDE. However, I wouldn't mind someone confirming this to be the case.
– swhizzle
Dec 29 '18 at 2:02
My experience is always "on-the-job" ... I'll be glad to run a test after Jan 2nd... I'll bookmark and give it a try if no one else gets to it first.
– RubberStamp
Dec 29 '18 at 2:05
If Veracrypt works with loop files, you could make create a "test drive" with a MBR, then see exactly what veracrypt does
– Xen2050
Dec 29 '18 at 5:14