Encrypting hard drive containing the MBR with Veracrypt

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












1














I have three hard drives in my laptop: /dev/sdc (an mSATA drive) is where the system is installed and is completely encrypted with LUKS. /dev/sdb (for media/text files - the majority of /home) was encrypted with Veracrypt and decrypted and mounted on boot via crypttab and fstab.



During the installation (Manjaro calamares installer) I installed the MBR on /dev/sda as I previously had problems with trying to boot from the other hard drives. When I start the machine it reads the MBR from /dev/sda, I enter my password, it decrypts /dev/sdc and boots into Manjaro.



Currently /dev/sda is unencrypted but I would like to encrypt it via Veracrypt and decrypt/mount on boot like I do already with /dev/sdb. However, I am worried that by fully encrypting this drive I will not be able to boot into the system as this HDD contains the MBR.



Could someone tell me if the encryption affects the reading of the MBR at all or will encrypting the drive cause no problems? The drive also has the "/boot" flag.



Thank you










share|improve this question



















  • 1




    possibly related
    – RubberStamp
    Dec 29 '18 at 1:44










  • Thank you! I've read the question before and I assume that due to the question being asked then the MBR never gets encrypted from FDE. However, I wouldn't mind someone confirming this to be the case.
    – swhizzle
    Dec 29 '18 at 2:02










  • My experience is always "on-the-job" ... I'll be glad to run a test after Jan 2nd... I'll bookmark and give it a try if no one else gets to it first.
    – RubberStamp
    Dec 29 '18 at 2:05










  • If Veracrypt works with loop files, you could make create a "test drive" with a MBR, then see exactly what veracrypt does
    – Xen2050
    Dec 29 '18 at 5:14
















1














I have three hard drives in my laptop: /dev/sdc (an mSATA drive) is where the system is installed and is completely encrypted with LUKS. /dev/sdb (for media/text files - the majority of /home) was encrypted with Veracrypt and decrypted and mounted on boot via crypttab and fstab.



During the installation (Manjaro calamares installer) I installed the MBR on /dev/sda as I previously had problems with trying to boot from the other hard drives. When I start the machine it reads the MBR from /dev/sda, I enter my password, it decrypts /dev/sdc and boots into Manjaro.



Currently /dev/sda is unencrypted but I would like to encrypt it via Veracrypt and decrypt/mount on boot like I do already with /dev/sdb. However, I am worried that by fully encrypting this drive I will not be able to boot into the system as this HDD contains the MBR.



Could someone tell me if the encryption affects the reading of the MBR at all or will encrypting the drive cause no problems? The drive also has the "/boot" flag.



Thank you










share|improve this question



















  • 1




    possibly related
    – RubberStamp
    Dec 29 '18 at 1:44










  • Thank you! I've read the question before and I assume that due to the question being asked then the MBR never gets encrypted from FDE. However, I wouldn't mind someone confirming this to be the case.
    – swhizzle
    Dec 29 '18 at 2:02










  • My experience is always "on-the-job" ... I'll be glad to run a test after Jan 2nd... I'll bookmark and give it a try if no one else gets to it first.
    – RubberStamp
    Dec 29 '18 at 2:05










  • If Veracrypt works with loop files, you could make create a "test drive" with a MBR, then see exactly what veracrypt does
    – Xen2050
    Dec 29 '18 at 5:14














1












1








1


1





I have three hard drives in my laptop: /dev/sdc (an mSATA drive) is where the system is installed and is completely encrypted with LUKS. /dev/sdb (for media/text files - the majority of /home) was encrypted with Veracrypt and decrypted and mounted on boot via crypttab and fstab.



During the installation (Manjaro calamares installer) I installed the MBR on /dev/sda as I previously had problems with trying to boot from the other hard drives. When I start the machine it reads the MBR from /dev/sda, I enter my password, it decrypts /dev/sdc and boots into Manjaro.



Currently /dev/sda is unencrypted but I would like to encrypt it via Veracrypt and decrypt/mount on boot like I do already with /dev/sdb. However, I am worried that by fully encrypting this drive I will not be able to boot into the system as this HDD contains the MBR.



Could someone tell me if the encryption affects the reading of the MBR at all or will encrypting the drive cause no problems? The drive also has the "/boot" flag.



Thank you










share|improve this question















I have three hard drives in my laptop: /dev/sdc (an mSATA drive) is where the system is installed and is completely encrypted with LUKS. /dev/sdb (for media/text files - the majority of /home) was encrypted with Veracrypt and decrypted and mounted on boot via crypttab and fstab.



During the installation (Manjaro calamares installer) I installed the MBR on /dev/sda as I previously had problems with trying to boot from the other hard drives. When I start the machine it reads the MBR from /dev/sda, I enter my password, it decrypts /dev/sdc and boots into Manjaro.



Currently /dev/sda is unencrypted but I would like to encrypt it via Veracrypt and decrypt/mount on boot like I do already with /dev/sdb. However, I am worried that by fully encrypting this drive I will not be able to boot into the system as this HDD contains the MBR.



Could someone tell me if the encryption affects the reading of the MBR at all or will encrypting the drive cause no problems? The drive also has the "/boot" flag.



Thank you







linux encryption luks mbr veracrypt






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 29 '18 at 10:44







swhizzle

















asked Dec 29 '18 at 0:54









swhizzleswhizzle

62




62







  • 1




    possibly related
    – RubberStamp
    Dec 29 '18 at 1:44










  • Thank you! I've read the question before and I assume that due to the question being asked then the MBR never gets encrypted from FDE. However, I wouldn't mind someone confirming this to be the case.
    – swhizzle
    Dec 29 '18 at 2:02










  • My experience is always "on-the-job" ... I'll be glad to run a test after Jan 2nd... I'll bookmark and give it a try if no one else gets to it first.
    – RubberStamp
    Dec 29 '18 at 2:05










  • If Veracrypt works with loop files, you could make create a "test drive" with a MBR, then see exactly what veracrypt does
    – Xen2050
    Dec 29 '18 at 5:14













  • 1




    possibly related
    – RubberStamp
    Dec 29 '18 at 1:44










  • Thank you! I've read the question before and I assume that due to the question being asked then the MBR never gets encrypted from FDE. However, I wouldn't mind someone confirming this to be the case.
    – swhizzle
    Dec 29 '18 at 2:02










  • My experience is always "on-the-job" ... I'll be glad to run a test after Jan 2nd... I'll bookmark and give it a try if no one else gets to it first.
    – RubberStamp
    Dec 29 '18 at 2:05










  • If Veracrypt works with loop files, you could make create a "test drive" with a MBR, then see exactly what veracrypt does
    – Xen2050
    Dec 29 '18 at 5:14








1




1




possibly related
– RubberStamp
Dec 29 '18 at 1:44




possibly related
– RubberStamp
Dec 29 '18 at 1:44












Thank you! I've read the question before and I assume that due to the question being asked then the MBR never gets encrypted from FDE. However, I wouldn't mind someone confirming this to be the case.
– swhizzle
Dec 29 '18 at 2:02




Thank you! I've read the question before and I assume that due to the question being asked then the MBR never gets encrypted from FDE. However, I wouldn't mind someone confirming this to be the case.
– swhizzle
Dec 29 '18 at 2:02












My experience is always "on-the-job" ... I'll be glad to run a test after Jan 2nd... I'll bookmark and give it a try if no one else gets to it first.
– RubberStamp
Dec 29 '18 at 2:05




My experience is always "on-the-job" ... I'll be glad to run a test after Jan 2nd... I'll bookmark and give it a try if no one else gets to it first.
– RubberStamp
Dec 29 '18 at 2:05












If Veracrypt works with loop files, you could make create a "test drive" with a MBR, then see exactly what veracrypt does
– Xen2050
Dec 29 '18 at 5:14





If Veracrypt works with loop files, you could make create a "test drive" with a MBR, then see exactly what veracrypt does
– Xen2050
Dec 29 '18 at 5:14











0






active

oldest

votes











Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f491401%2fencrypting-hard-drive-containing-the-mbr-with-veracrypt%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes















draft saved

draft discarded
















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f491401%2fencrypting-hard-drive-containing-the-mbr-with-veracrypt%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown






Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?