I like Windows 7. I also like TruCrypt full disk encryption on my personal laptop. It may potentially be the last line of defence should my personal laptop fall in the the wrong hands. However getting Windows 7 and TrueCrypt to play together is a bit of a pain.
Unknown to almost all users, the Windows 7 installation routine creates a small 100Mb 'hidden' primary partition alongside it's traditional "C:\" partition. The 100Mb partition holds the Windows Recovery Environment (WinRE), system files and bootable files that are essential to boot and repair Windows 7 in the event of a need to recover the OS.
What's interesting is that once the partition has been unknowingly created, it is almost impossible to remove it. Long-story-short this is because the 100MB partition does not use the standard sector zoning format.
Of course, TrueCrypt 6.2a does not understand this and simply refuses to install.
Why not just use Windows 7 BitLocker? I hear you say...
Simple. My laptop does not have a TPM chip which means I would have to use a USB key to boot my laptop. So every time I switch on my laptop I have to find and plug in a USB key?!!! What a pain in the ar$£! What's wrong with an fashioned boot prompt and a complex password?!?
Anyway, luckily enough there is a simple way to stop the creation of the 100Mb partition all together, thus allowing TrueCrypt to install and run without issue. Unfortunately you need to backup your data and start a fresh Windows 7 install:
- Chris
Unknown to almost all users, the Windows 7 installation routine creates a small 100Mb 'hidden' primary partition alongside it's traditional "C:\" partition. The 100Mb partition holds the Windows Recovery Environment (WinRE), system files and bootable files that are essential to boot and repair Windows 7 in the event of a need to recover the OS.
What's interesting is that once the partition has been unknowingly created, it is almost impossible to remove it. Long-story-short this is because the 100MB partition does not use the standard sector zoning format.
Of course, TrueCrypt 6.2a does not understand this and simply refuses to install.
Why not just use Windows 7 BitLocker? I hear you say...
Simple. My laptop does not have a TPM chip which means I would have to use a USB key to boot my laptop. So every time I switch on my laptop I have to find and plug in a USB key?!!! What a pain in the ar$£! What's wrong with an fashioned boot prompt and a complex password?!?
Anyway, luckily enough there is a simple way to stop the creation of the 100Mb partition all together, thus allowing TrueCrypt to install and run without issue. Unfortunately you need to backup your data and start a fresh Windows 7 install:
- Boot from Windows 7 installation DVD
- Once setup loads, press Shift and F10 at the first setup screen (language, keyboard and locale selection). This will open a Command Prompt window.
- Enter diskpart
- Enter the following commands one by one. (comments in brackets)
- list disk (to show the ID number of the hard disk to partition, normally Disk 0)
- select disk 0 (change 0 to another number if applicable)
- clean (delete any existing disk partitioning and data)
- create partition primary size=80000 (create a partition with 80 GB space. To use entire disk as one partition, omit the “size=value” parameter)
- select partition 1
- active
- format fs=ntfs quick
- exit
- Type exit at command prompt to close Command Prompt window.
- Continue Windows 7 installation as usual.
- At the disk partitioning dialogue, highlight and select the newly created partition
- Once the install completes, run Computer Management: compmgmt.msc
- Double check that your disk partitioning is as expected (i.e. no hidden disk partitions)
TrueCrypt 6.2a installed and running on Windows 7
If you are not sure how to or just curious how TrueCrypt is configured to do full disk encryption, then check out this excellent InformIT article.- Chris