recently i needed to prepare the following dual boot security setup on my notebook (HP 630):
-> Windows 7 SP1 Encrypted with VeraCrypt;
-> openSUSE Linux 15.0 Encrypted with dm-crypt.
DISCLAIMER: This procedure is EXPERIMENTAL and could damage your system and/or destroy your data so do it at your own risk.
Now let’s start.
- Install openSUSE Linux 15.0 with the following partition configuration:
- An encrypted EXT4 / partition (use a long and complicated password!);
- A /boot partition;
- Once installed reboot;
- Install Windows (tested with Microsoft Windows 7 Service Pack 1);
- Now the Windows bootloader overwritten openSUSE’s GRUB, so let’s use GParted Live (or similar) in order to set the boot flag on the previously created /boot partition (this step could be done also during the installation phase of openSUSE, specifying GRUB install options);
- Now we have to add the Windows’ entry to GRUB again, this can be done with different methods, for ex. boot into openSUSE, open YaST -> Boot Loader -> Tab Boot Loader Options and uncheck and check again the “Check other OS” item and save;
- Check if you can boot into Windows 7;
- In Windows 7 install VeraCrypt and open it;
- From VeraCrypt go in System -> “Encrypt System Partition/Drive”;
- Type of System Encryption -> I have used “normal”;
- Area to Encrypt -> Encrypt the Windows System Partition;
- Number of Operating Systems -> Multiboot;
- Boot Drive -> Yes;
- Number of System Drives -> 1;
- Non-Windows Boot Loader -> No;
- Now insert the password (as long and as complicated as possible);
- Key Generated -> Next;
- Prepare the Rescue Disk -> Next;
- Do the Pretest -> Restart the PC;
Is strongly recommended to backup the GRUB configuration, because at the first kernel update, the boot config could be overwritten, losing info for Windows booting.
The same config can be achieved in different ways, this was an experiment mainly from the dual-boot perspective.