许多人使用TrueCrypt来加密他们的系统并尽可能安全地维护他们的数据。当您安装了一个操作系统和一个分区时加密您的计算机相对容易,即使使用TrueCrypt也是如此。但是,在使用多重引导设置时如何加密您的系统驱动器呢?这真的很复杂,本指南可为您提供帮助。
先决条件 - 开始之前必须具备的条件
在继续加密过程之前,您需要做一些事情:
- 最新版本的TrueCrypt,可以从这里下载:TrueCrypt 下载(TrueCrypt Downloads)。
- 用于刻录TrueCrypt 救援盘(TrueCrypt Rescue Disk)的空白 CD 。创建此光盘是强制性的,没有它您将无法加密您的系统。如果您计划加密多台计算机,请为每台计算机准备一张空白 CD,因为您无法在所有计算机上重复使用同一张光盘。
- 充足的时间和耐心。这个过程很长,需要大量的仔细阅读和很多步骤。一个错误的选择,你可能会遇到难以解决的问题。因此(Therefore),如果您没有至少一个小时的空闲时间,请不要这样做。
如何加密系统分区
安装TrueCrypt后,运行该工具并按Create Volume。
TrueCrypt 卷创建向导(TrueCrypt Volume Creation Wizard)现在打开。系统会要求您选择要加密的内容。选择“加密系统分区或整个系统驱动器”("Encrypt the system partition or entire system drive"),然后按Next。
接下来,系统会询问您要执行的加密类型。正常(Normal)应该适用于大多数用户。然后,按下一步(Next)。
现在询问您要加密的硬盘驱动器的哪个区域。如果您只想加密安装Windows的分区, (Windows)“加密 Windows 系统分区”("Encrypt the Windows system partition")是最佳选择。如果您选择“加密整个驱动器”("Encrypt the whole drive"),那么整个硬盘驱动器的所有分区都将被加密。
选择您喜欢的选项,然后按Next。
系统会询问您计算机上存在的操作系统数量。由于本指南是关于在多重引导配置中加密系统驱动器,因此我必须选择多重引导(Multi-boot)并按Next。
然后,您会收到一个有趣的警告分享,即没有经验的用户永远不要尝试在多启动配置中加密 Windows。🙂
大笑,然后按是(Yes)继续。
然后,系统会询问您正在加密的操作系统是否安装在引导驱动器上。在此上下文中的引导驱动器是指找到Windows(Windows)引导加载程序(或引导分区)的硬盘驱动器。在大多数情况下,答案是Yes。但是,如果您的Windows安装在另一个硬盘驱动器(不是分区,而是硬盘驱动器)上,您应该选择No。
选择正确答案后,按Next。
系统会询问您硬盘驱动器上的系统驱动器数量。这里的语言有点棘手。如果您在不同的分区上安装了两个或多个操作系统,您应该选择“2 or more”。在多引导配置中,这始终是正确答案。
然后,按下一步(Next)。
现在将询问您在安装当前操作系统的硬盘驱动器上是否安装了其他操作系统。在大多数多引导配置中,用户在同一硬盘驱动器的不同分区上安装多个操作系统。如果您是这种情况,请回答Yes。
如果其他操作系统安装在其他硬盘上,答案是否定(No)的。
做出正确选择后,按Next。
接下来... 另一个重要问题被问到:您是否在主引导记录 (MBR)(master boot record (MBR))上使用非 Windows 引导加载程序?如果您在多重引导设置中安装了Linux,那么答案是Yes。如果您只有Windows安装,那么答案是否定(No)的。做出适当的选择,然后按Next。
根据您所做的选择,您将被告知多引导设置将如何工作。我强烈建议您仔细阅读所有内容,然后按Next。
您被要求选择TrueCrypt(TrueCrypt)将使用的加密和哈希算法。在做出选择之前,请不要犹豫阅读官方文档。信息可以在这里找到:TrueCrypt 加密算法(TrueCrypt Encryption Algorithms)。
选择您喜欢的算法,然后按Next。
系统会要求您设置密码。此密码将用于启动您的系统并访问加密的操作系统,以及解密或恢复加密的驱动器。确保(Make)您不会忘记此密码,并且它是一个强密码。
输入密码两次,然后按Next。
如果您使用的密码少于 20 个字符,则会收到 TrueCrypt(TrueCrypt)警告。您可以选择使用密码或将其更改为更强的密码。
然后,TrueCrypt会收集一些随机数据来生成您的加密密钥。在加密窗口顶部移动鼠标几次,然后按Next。
您被告知他们的密钥已经生成。按下一步(Next)。
TrueCrypt现在会创建一张应急光盘,以备出现问题时使用。指定存储光盘ISO映像的位置,然后按Next。
现在您被告知TrueCrypt将使用Windows 光盘映像刻录(Windows Disc Image Burner)机将该映像刻录到恢复磁盘上。按OK,Windows 光盘映像刻录(Windows Disc Image Burner)机窗口打开。
插入空白 CD,按刻录(Burn)并等待该过程完成。如果您在使用此工具时需要帮助,请查看本教程:Windows 7 中刻录磁盘映像 (ISO 和 IMG) 的完整指南(The Complete Guide to Burning Disk Images (ISO & IMG) In Windows 7)。
刻录光盘后,Windows Disc Image Burner会自动将其弹出。将其重新插入驱动器,然后在TrueCrypt 卷创建向导中按(TrueCrypt Volume Creation Wizard)下一步(Next),以便验证刻录的光盘。如果检查成功,请按下一步(Next)继续。
如果检查不成功,您将收到与以下类似的错误消息。在刻录和验证光盘之前,您将无法继续前进。
您即将开始加密过程。首先(First),系统会询问您是否希望TrueCrypt在加密您的计算机之前擦除驱动器上存在的空白空间(这样仍然留在驱动器上的任何数据都无法恢复)。选择您喜欢的擦除模式,然后按(Wipe mode)Next。
现在,在加密驱动器之前,需要进行预测试,以确认您的设置可以正常工作。阅读TrueCrypt提供的信息,然后按测试(Test)。
如果Windows(Windows)无法启动,您会看到一些说明。阅读(Read)和/或打印显示的信息,然后按OK。
现在系统会询问您是否可以重新启动计算机。按是(Yes)。
Windows 重新启动,在您启动之前,您需要输入您设置的TrueCrypt密码。如果输入密码正常并且您登录到Windows,TrueCrypt将恢复加密向导并通知您预测试已完成。
注意:(NOTE:)如果由于某种原因您的键盘在您键入密码时没有发送密码,这意味着它没有正确初始化。检查您的BIOS设置以确保它在启动时已初始化,并且您的输入已发送到计算机。
要最终开始加密过程,请按Encrypt。
您将看到一些关于如何使用您之前创建的TrueCrypt 救援磁盘的附加信息。(TrueCrypt Rescue Disk)如果您认为有用,请阅读显示的信息并将其打印出来。然后,按OK。
加密开始并需要相当长的时间。幸运的是,您可以在执行加密时使用您的计算机。
完成后,您将获悉其成功。
按完成(Finish)关闭TrueCrypt 卷创建向导(TrueCrypt Volume Creation Wizard)。
加密的系统分区现在显示在TrueCrypt窗口中。
结论
在使用多重引导配置时,加密您的系统驱动器是一个痛苦而漫长的过程。但是,几乎任何人都可以完成。您只需要确保仔细阅读所有内容,明智地选择选项,并且在出现问题时可以使用救援光盘。
How to Encrypt Your System Drive With TrueCrypt In a Multi-Boot Configuration
Many people use TrueCrypt to encrypt their systems and maintain their data as safe as possible. Encrypting your computer when you have one operating system installed and one partition is relatively easy, even with TrueCrypt. But, what about encrypting your system drive when using a multi-boot setup? That's really complicated and this guide is here to help.
Prerequisites - What You Must Have Before You Start
There are a few things you need before moving ahead with the encryption process:
- The latest version of TrueCrypt, which can be downloaded from here: TrueCrypt Downloads.
- A blank CD on which to burn the TrueCrypt Rescue Disk. Creating this disc is mandatory and you won't be able to encrypt your system without it. If you plan to encrypt more than one computer, prepare a blank CD for each, as you cannot reuse the same disc on all computers.
- Plenty of time and patience. This process is very long, involves lots of careful reading and many steps. One wrong choice and you can encounter problems which are difficult to solve. Therefore, don't this if you don't have at least an hour to spare.
How to Encrypt the System Partition
After you install TrueCrypt, run the tool and press Create Volume.
The TrueCrypt Volume Creation Wizard now opens. You are asked to select what you want to encrypt. Select "Encrypt the system partition or entire system drive" and press Next.
Next you are asked about the type of encryption you would like to perform. Normal should work out for most users. Then, press Next.
Now you are asked what area of the hard drive you want to encrypt. "Encrypt the Windows system partition" is the best choice if you are interested in encrypting only the partition where Windows is installed. If you choose "Encrypt the whole drive", then the whole hard drive will be encrypted with all its partitions.
Select the option you prefer and press Next.
You are asked about the number of operating systems existing on your computer. Since this guide is about encrypting a system drive in a multi-boot configuration, I had to select Multi-boot and press Next.
Then, you receive a funny warning sharing that inexperienced users should never attempt to encrypting Windows in multi-boot configurations. 🙂
Have a laugh and press Yes to continue.
Then, you are asked whether the operating system you are encrypting is installed on the boot drive. The boot drive in this context means the hard drive where the Windows boot loader (or boot partition) is found. In most cases the answer is Yes. However, if your Windows installation is on another hard drive (not partition, but hard drive), you should select No.
After choosing the correct answer, press Next.
You are asked about the number of system drives on your hard drive. The language is a bit tricky here. If you have two or more operating systems installed on different partitions, you should select "2 or more". In a multi-boot configuration, this is always the correct answer.
Then, press Next.
You are now asked whether there are other operating systems installed on the hard drive on which the current operating system is installed. In most multi-boot configurations, users install multiple operating systems on different partitions on the same hard drive. If that's the case for you, then answer Yes.
If the other operating systems are installed on other hard drives, the answer is No.
Once you made the correct choice, press Next.
Next... another important question is asked: are you using a non-Windows boot loader on your master boot record (MBR)? If you have a Linux installation in your multi-boot setup, then the answer is Yes. If you have only Windows installations, then the answer is No. Make the appropriate choice and press Next.
You are informed how the multi-boot setup will work depending on the choices you've made. I strongly recommend that you carefully read everything and only then press Next.
You are asked to select the encryption and hash algorithms that will be used by TrueCrypt. Don't hesitate to read the official documentation, prior to making a choice. Information can be found here: TrueCrypt Encryption Algorithms.
Choose the algorithms you prefer and press Next.
You are asked to set a password. This password will be used to boot your system and access the encrypted operating system and also to decrypt or recover the encrypted drive. Make sure you don't forget this password and that it is a strong password.
Write the password twice and press Next.
If you have used a password shorter than 20 characters, you are warned by TrueCrypt. You can choose to use the password or change it for a stronger one.
Then, TrueCrypt collects some random data to generate your encryption keys. Move your mouse a couple of times on top of the encryption window and press Next.
You are informed that they keys have been generated. Press Next.
TrueCrypt now creates a rescue disc to be used in case of problems. Specify the location where it will store the ISO image of the disc and press Next.
Now you are informed that TrueCrypt will use the Windows Disc Image Burner to burn that image on a recovery disk. Press OK and the Windows Disc Image Burner window opens.
Insert the blank CD, press Burn and wait for the process to finish. If you need some help using this tool, check this tutorial: The Complete Guide to Burning Disk Images (ISO & IMG) In Windows 7.
After the disc is burned, Windows Disc Image Burner automatically ejects it. Insert it back into the drive and press Next in the TrueCrypt Volume Creation Wizard, so that it verifies the burned disc. If the check is successful, press Next to move on.
If the check is not successful, you will receive an error message similar to the one below. You won't be able to move ahead until the disc is burned and verified.
You are getting close to starting the encryption process. First, you are asked if you want TrueCrypt to wipe the empty space existing on the drive (so that any data still left on it is not recoverable) prior to encrypting your computer. Choose the Wipe mode you prefer and press Next.
Now, a pre-test is necessary, to confirm that your settings will work without problems, prior to encrypting the drive. Read the information presented by TrueCrypt and press Test.
You are shown some notes on what to do if Windows cannot start. Read and/or print the information displayed and press OK.
Now you are asked if you are OK to restart your computer. Press Yes.
Windows restarts and, before you boot, you need to enter the TrueCrypt password you have set. If entering the password works fine and you log into Windows, TrueCrypt resumes the encryption wizard and informs you that the pretest was completed.
NOTE: If for some reason your keyboard doesn't send the password while you type it, it means it was not initialized properly. Check your BIOS settings to make sure it is initialized at startup and your input is sent to the computer.
To finally start the encryption process, press Encrypt.
You are shown some additional information on how to use the TrueCrypt Rescue Disk you created earlier. Read the information being displayed and print it if you consider it useful. Then, press OK.
The encryption starts and takes quite a bit of time. Luckily, you can use your computer while the encryption is performed.
When done, you are informed about its success.
Press Finish to close the TrueCrypt Volume Creation Wizard.
The encrypted system partition is now shown in the TrueCrypt window.
Conclusion
Encrypting your system drive, when using a multi-boot configuration is a painful and lengthy process. However, it can be done by almost anyone. You just need to make sure you read everything carefully, choose your options wisely and you have the rescue disc available in case of issues.