VeraCrypt
VeraCrypt copied to clipboard
veracrypt
VSS and non-system partition (again...)
VSS and non-system partition (again...)
Current behavior
Veracrypt's documentation states (https://www.veracrypt.fr/en/Issues%20and%20Limitations.html):
"The Windows Volume Shadow Copy Service is currently supported only for partitions within the key scope of system encryption (e.g. a system partition encrypted by VeraCrypt, or a non-system partition located on a system drive encrypted by VeraCrypt, mounted when the encrypted operating system is running)."
Considering how UEFI boot works: https://docs.microsoft.com/en-us/windows-hardware/drivers/bringup/images/oem-boot-flow-overview.png
Desired behavior / Design proposals / Additional information
I propose a workaround to overcome the limitation:
modify the VeraCrypt-DCS so that the non-system drive (even not on the same disk) can be mounted at boot time and not by a Windows service.
add an option to "VeraCrypt Format" to make the partition key the same as the system disk and set the bootloader configuration
Limitations (I think it is necessary):
- no more than one or two(?) partition;
- the partition to be loaded at boot must be created AFTER system encryption;
- the user must have elevated privileges
I think that in this way you can deceive Windows and have the VSS working on other non-system disk
Environment
VeraCrypt 1.24-Update7 Windows 10 21H2 (19044.1348) 64-bit
