Desktop shit

Win10 & Veracrypt & systemd-boot

There are some things seemingly nobody does. For example, …

  • double-booting Win10 and Linux
  • on an UEFI System
  • while the Win10 Partition is encrypted using VeraCrypt.

Yes, it’s a complex scenario, but since MS in all of his (money-grabbing) wisdom does not include BitLocker in Win10 Home, this is a necessary precaution. I’ll not go over the installation of both systems (pretty straightforward, and Arch Linux has – as always – a nice Wiki entry about it).

Unfortunately, Win10 likes to break its own boot manager on updates, which is very scary (“Your Windows partition is damaged”), and super annoying, but I think I got the solution now.

So, the Linux-based (of course) solution for Windows 10 and VeraCrypt is:

# esp partition - /loader/entries/winvera.conf
title Windows 10 VeraCrypt
efi /EFI/VeraCrypt/DcsBoot.efi

This is in fact all you need to do. Now, if Windows fucks up its own boot loader, it seems systemd-boot just ignores everything, loads the correct VeraCrypt bootloader (as it is supposed to be), and all is well.

It can happen though that Windows places its own boot manager back in front of systemd-boot again, so it’s used as the default one. Then use one of the methods described here, and you should be fine. (This did not happen to me, it always used the correct boot manager but fucked up Windows boot)

2 replies on “Win10 & Veracrypt & systemd-boot”

Great tips! Unfortunately, your article didn’t solve my PC’s problem. After days of trying to make this work on a dual boot LUKS-encrypted PopOS 20.10 and Veracrypt-encrypted Windows 10 installed on separate drives, I assume this only works when both OSes are installed on the same drive. Because, when trying to boot into Windows, after entering the Veracrypt password, I get this error: “Authorization failed. Wrong password, PIM or hash.” I think the Veracrypt bootloader expects the Windows system partition to be on the same drive. Is there any way to setup the Veracrypt bootloader to load Windows from a different drive? I really haven’t found any other solutions or discussions on this topic. Please let me know, I appreciate any help I can get. Thanks!

nope, the error message is very clear – wrong password. maybe you have an issue with the keyboard layout? in germany it’s usually a switch between y/z, and most of the speical chars are on different locations on the keyboard. remember when the PC starts it’s in “english keyboard” mode. (en-us layout, usually). also the PIM is usually just pressing ENTER if you didn’t define one.

Leave a Reply

Your email address will not be published. Required fields are marked *