VeraCrypt system partition is just for Windows system partition.
That does not mean other partitions can be also encrypted, search for favorites in VeraCrypt for mounting your DATA partition automatically with a system encrypted partition.
Also VeraCrypt can encrypt Windows & Linux partitions, and mount them, but with some points in mind:
- Windows version does not like well having partitions inside a container file
- Windows version wants FAT32 or NTFS as the format for the encrypted (inside container file or partition)
- Linux version can encrypt a partition and with file containers you can also do fdisk inside them and divide into more than just one partition and format each of them with any Linux filesystem
- Linux version does not have pre-boot and so it can not encrypt (to be true can not boot) system partition
Concepts:
- Pre-Boot is only availabe for Windows System Partition
- Mounting a container (file or partition) on Windows suppose the it will contain only one filesystem formatted as FAT32 or NTFS.
- Mounting a container (file or partition) on Linux is just as having a new block device where you can crwate partitions with fdisk when mounted
Yes, on Linux you can have a physical partition of type encrypted by VeraCrypt and when you mount it for example on
/mny/MyVeraCryptPartition/
you can do a fdisk to that path and create partitions inside it
To clarify this point better: VeraCrypt on Linux mount a container as if is a block device, most people do a mkfs
on than mount point, but some of us do a full fdisk to divide it into partitions as well.
I did not test using command line on Windows, but I am afraid in Windows it is very limited.
To explain it more: On Linux you can do mkfs
to /dev/sdb/
but it is not so common, most users also do not think such would be possible, but Linux let you do it.
That is exactly what most users does after mounting encrypted containers (files and partition), create a filesystem on the whole block device, but Linux also lets you partition if by using fdisk.
I need help with: How to protect multi windows, I mean /dev/sda1
WindowsA, /dev/sda2
WindowsB /dev/sdaX
Grub2 etc using VeraCrypt ! I find nothing about how to do it.
Other thing about 'private data', if you do not encrypt 100% of all HDDs on the PC you can not be sure having private data not saved in 'plain' somewhere... SoureCode is not always available for all apps, so where and what saves some apps? More memory dumps? SWAP? ALL must be encrypted, else you will let data be saved in plain text.
Worst, more and more modern disk (most in SSDs) use an internal translation sector to male sectors be re-written the less as possible, so after a write you can not overwrite it because the hardware of the disk will save the data on another part less used, etc.
For a 100% secured system only one solution:
- Put Grub2 on a USB, boot from it, then mount
/dev/sda/
(yes the whole block device) as an on the fly encrypted volume, then mount from inside it the partitions, let the USB to be ejected, and do a boot from that partitions encrypted on the fly... so all bytes of the disk are encrypted.
- Step 2: Fill all the free space with a random file, then delete it, this is to write all the rest of the data, so no plain part still resides (need to full fill it so be root and force no % for reserved)
Yes, I may be seen as a paranoid! But not, it is just the main idea of: I do not know where all applications saves the data and neither what data they save, and on Windows it is impossible to be sure of anything, it is always using pagefile no matter if there is free RAM, some apps refuse to run if no virtual memory. Some apps saves data directly on first cylinder bypassing the filesystems.
Example: A word processing app, that crash and when rerun present you what you had written and you did not ever saved, where does it save that data? Some of them save that on temp folders, others on the folder where the app is installed, etc, it only depends on what the author had coded.
Just see LUKs with negability!