Can the truecrypt bootloader be configured to run a non-encrypted operating system as well as an encrypted operating system on the same computer? That is, a dual-boot with an unencrypted "guest use" OS while still allowing a password-protected encrypted OS?
3 Answers
Despite being a bad decoy, you can still use an unencrypted system as the decoy by simply not encrypting the decoy OS after you install it, using the TrueCrypt rescue disk to restore the boot loader, and pressing [ESC] on boot, to boot the decoy.
To boot the hidden OS, you type your password for it.
You may want to change the boot loader screen to show a custom message such as "Press [ESC] to continue." so at first glance, no one else will realize that there is an encrypted hidden OS.
When your decoy OS boots, it can see all the other partitions. You may then want to install tracking software (such as Prey) in case your computer or laptop gets stolen.
You may also want to install something that formats and overwrites your encrypted partitions so basically it will destroy your hidden OS. You might as well make it destroy the decoy OS by deleting everything.
So what happens is, upon boot, you have 2 choices:
- type your hidden OS password, and use your hidden OS as normal.
- type the wrong password, and it will simply hang. reboot.
- press [ESC] and it will boot your unencrypted decoy OS that will immediately attempt to locate itself and send an email to you, destroy the encrypted partitions, and destroy itself.
The forensic team or dude will have to image your drive first, but it's possible they won't get that chance and your hidden OS will be safe (and gone.)
Or maybe you are not concerned about the loss of data as much as the recovery of your stolen laptop, so therefore you have an unencrypted decoy OS that phones home when the thief uses it.
You can make it easy for the thief to be distracted by installing 3 web browsers (Firefox, Internet Explorer and Chrome) and a bunch of freeware games and they are all on the desktop. Then you can secure the decoy OS by using a guest account, or using something like Deep Freeze to prevent permanent changes to the decoy OS.
-
I've been trying to achieve this exact situation, but can't seem to get the TrueCrypt/VeraCrypt boot menu to behave this way unless each copy of Windows is actually on its own separate physical hard disk. Just installing each copy on a separate partition of the same disk doesn't seem to work. I've documented the situation here - superuser.com/questions/1090155/… - if you have any idea how to get it running, I'd be immensely grateful :)– J23Commented Jun 16, 2016 at 19:28
-
An unecrypted decoy OS is a really bad decoy. It is pretty easy to spot encrypted data on a harddrive (there isn't much data that looks as random as encrypted files). It will be obvious to any forensics expert that there is encrypted data there. So what you want is 2 encrypted OS's. This way if you are asked to provided your decryption password, you can provide the decryption password for the decoy.
From the truecrypt FAQ:
Can I save data to the decoy system partition without risking damage to the hidden system partition?
Yes. You can write data to the decoy system partition anytime without any risk that the hidden volume will get damaged (because the decoy system is not installed within the same partition as the hidden system). For more information, see the section Hidden Operating System in the documentation.
See this link for documentation.
-
4
-
@trolle3000: haha, I love xkcd. That comic (plus a lot of court cases where the judge has just held people in contempt of court allowing them to remain in jail indefinably until they reveal there password) has made me realize my home encryption is pretty useless for legal matters. I could do a decoy OS if I was actually worried about that, but I am just doing it for fun and learning.– JarvinCommented Oct 14, 2010 at 21:15
It can work but only if you have two physical disks. As soon as you encrypt whole disk with TrueCrypt, only it can boot from it.
However, there is something called hidden volume that could help you.
answered Oct 14, 2010 at 6:28
