• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 313
  • Last Modified:

encrypted drive does not boot

I am encrypting a system drive with Truecrypt after it successfully finishes and I reboot I enter the password and it says that No bootable partition found. PS I am installing on a SSD.
0
RTTV
Asked:
RTTV
2 Solutions
 
noxchoGlobal Support CoordinatorCommented:
As far as I remember TrueCrypt warns about encrypting system volume. Did you get any warning before you started encryption?
Also does it boot if you decrypt the volume completely?
0
 
Rich RumbleSecurity SamuraiCommented:
SSD's and flash-drives that are fully encrypted don't preform well when using TC, in fact you will hurt your HD performance without question, maybe even to the degree that your SSD is slower than a "normal" harddrive...
http://www.truecrypt.org/docs/?s=wear-leveling
You also have to disable page-files before doing FDE, then enable them after fully encrypting the drive:
http://www.truecrypt.org/docs/?s=wear-leveling
-rich
0
 
Rich RumbleSecurity SamuraiCommented:
http://www.truecrypt.org/docs/?s=paging-file is the proper link for the page-file details.
-rich
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
RTTVAuthor Commented:
I am aware of the performance issues. And I doubt that page-files would cause the system to not see the bootable partition. There are no problems with full system encryption I used to have it on a regular drive and it worked perfectly. Any other ideas?
0
 
Rich RumbleSecurity SamuraiCommented:
Other than them not recommending TC for SSD's, I don't know... Some have had success, but others have also reported failures.. Wear-Leveling is used to extend the life of the SSD, it could be your shortening the life of the drive by encrypting it fully.
<snip>
If you decide not to follow this recommendation and you intend to use in-place encryption on a drive that utilizes wear-leveling mechanisms, make sure the partition/drive does not contain any sensitive data before you fully encrypt it (TrueCrypt cannot reliably perform secure in-place encryption of existing data on such a drive; however, after the partition/drive has been fully encrypted, any new data that will be saved to it will be reliably encrypted on the fly). That includes the following precautions:
Before you run TrueCrypt to set up pre-boot authentication, disable the paging files and restart the operating system (you can enable the paging files after the system partition/drive has been fully encrypted).  [Appears to be for security reasons rather than technical ones]
Hibernation must be prevented during the period between the moment when you start TrueCrypt to set up pre-boot authentication and the moment when the system partition/drive has been fully encrypted.
</snip>
You can reverse the encryption, by mounting that SSD as a secondary drive in another system, and using the recovery CD/Key to decrypt the drive through the TC Gui on that PC, and hopefully you haven't lost what was on the drive. You may have to try it again if you really want it to work, I've not used an SSD as of yet, but I know some are coming that will have the encryption built-in.
http://www.engadget.com/2009/04/16/samsung-comes-clean-with-self-encrypting-ssds/
I hope you can get it going/retry to see if it's a fluke or if your SSD doesn't like being all the way"full"...
-rich
0
 
btanExec ConsultantCommented:
Hopefully you have the rescue disk and done backup before the process, below are two key links:
a) Restore Partition: http://www.truecrypt.org/docs/?s=rescue-disk
b) Back Up Securely: http://www.truecrypt.org/docs/?s=how-to-back-up-securely

Your TrueCrypt Rescue Disk contains a backup of the original content of the first drive track (made before the TrueCrypt Boot Loader was written to it) and allows you to restore it if necessary. The first track of a boot drive typically contains a system loader or boot manager.

File system within a TrueCrypt volume may become corrupted in the same way as any normal unencrypted file system. When that happens, you can use filesystem repair tools supplied with your operating system to fix it. In Windows, it is the 'chkdsk' tool.

But adding on top of not going for SSD, is the TRIM operation

Trim Operation: http://www.truecrypt.org/docs/?s=trim-operation

In those cases, the adversary will be able to tell which sectors contain free space (and may be able to use this information for further analysis and attacks) and plausible deniability may be negatively affected. If you want to avoid those issues, do not use system encryption on drives that use the trim operation and, under Linux, either configure TrueCrypt not to use the Linux native kernel cryptographic services or make sure TrueCrypt volumes are not located on drives that use the trim operation.
There is a possibility to boot in another system OS (separate HDD) and see the drive of the non-bootable Truecrypt HDD.

0
 
QlemoC++ DeveloperCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now