System drive changes necessary for FDE

[zyx888]

Hello, my first post here!

I am on Windows 7 Ultimate x64. I need to set up a full disk encryption either with TrueCrypt (preferably) or PGP Desktop.

I have five hard drives inside my PC. The System Reserved partition (100MB) and the OS (C:\) partition are on Disk 4. There are also D:\, E:\ and F:\ partitions on that drive.

I think in order to have a bootable encrypted system the system disk should be Disk 0 (and not Disk 4 as in my case). What should I do to make Disk 4 be Disk 0?

Second question: having read a lot about other people's experiences with FDE, most of them suggest to get rid off the 100MB system reserved partition. Can I do it without reinstalling Windows? Can I merge it with C:\ partition on the active system?

Third question: my system disk (Disk 4) is a dynamic disk. It's not supported neither by TC FDE nor PGP WDE. I have to change it to basic. What's the best and easiest way?

Another thing, I understand that FDE can be done only on systems with "legacy BIOS" and not other types of BIOS. My motherboard is Asus Sabertooth X58 - what kind of BIOS does it have (I can't find that info anywhere in the mobo's user guide)?

I know it's many questions for the first post, but I am in hurry to encrypt the system and these obstacles seems insuperable to me. I have already asked elsewhere but I didn't get any useful info.

I am sure this is the best community with excellent experts and I hope I'll find solutions to my issues here.

Thanks in advance

 

[gregrocker]

Have you considered Bitlocker which is a built-in feature for Win7 Ultimate. It requires the System reserved partition. Windows BitLocker Drive Encryption Step-by-Step Guide

The only way to convert Dynamic to Basic Disk non-destructively is to use free Partition Wizard bootable CD pre-version-5 which still includes it as a free feature: pw422.zip ISO - Windows Live

 

[zyx888]

Have you considered Bitlocker which is a built-in feature for Win7 Ultimate. It requires the System reserved partition. Windows BitLocker Drive Encryption Step-by-Step Guide

Hi, Greg, thanks for a quick reply!

Unfortunately, BitLocker is not considered a secure implementation of disk encryption as it keeps passwords in plaintext on the hard disk and in RAM (I've heard so) so I am not interested in it.

My prefered FDE software would be:

1. TrueCrypt
2. PGP Desktop
3. DiskCryptor


Could you point me to a solution of some of the above problems, please?

 

[edwar]

Why not move your OS disk, labeled C by the OS, to the first SATA port, port 0, and make the appropriate changes in the BIOS to boot from Port 0.
I'm not familiar with any of the encryption programs you list, never used encryption, but why are you under the assumption the boot disk needs to be on port 0? As long as it is listed in the BIOS as the first boot device and the OS is listed as being installed on C, along with the hidden 100MB partition on the same drive I don't think you wil have a problem.
It has ben my experience with newer motherboards and Win 7 that the listed SATA port in the BIOS are not what Win 7 sees. I have my boot disk, C with one other partition D and the 100MB partition, on port 0 an my E drive on port 1 but 7 sees that second disk as Drive 3. The drive that is connected to port 2, the third SATA port, is listed as Disk 2 by 7.

 

[zyx888]

Why not move your OS disk, labeled C by the OS, to the first SATA port, port 0, and make the appropriate changes in the BIOS to boot from Port 0.

Probably I'll have to do that, but I am hesitant because I don't have any experience in doing it (I've never connected or disconnected a HDD).

I'm not familiar with any of the encryption programs you list, never used encryption, but why are you under the assumption the boot disk needs to be on port 0? As long as it is listed in the BIOS as the first boot device and the OS is listed as being installed on C, along with the hidden 100MB partition on the same drive I don't think you wil have a problem.

What you say seems logical to me too and I never thought that might be a problem, but I read on TrueCrypt forums that when you have FDE, TrueCrypt looks for the bootloader on Disk 0 and if it doesn't find it there the system won't boot.

It has ben my experience with newer motherboards and Win 7 that the listed SATA port in the BIOS are not what Win 7 sees. I have my boot disk, C with one other partition D and the 100MB partition, on port 0 an my E drive on port 1 but 7 sees that second disk as Drive 3. The drive that is connected to port 2, the third SATA port, is listed as Disk 2 by 7.

Uhh, I don't know how to solve this...

 

[zyx888]

Why not move your OS disk, labeled C by the OS, to the first SATA port, port 0, and make the appropriate changes in the BIOS to boot from Port 0.

I have tried different combinations with connecting and disconnecting HDDs.

Windows sees my system disk as disk 0 only if it is the only disk connected. As soon as I add another disk the system disk moves to disk 1 position and the newly added disk is disk 0. When I connect all disks the system disk is listed as the last one - disk 4.

Could it be because the system disk is the only dynamic disk (all other disks are basic disks)? Does it influence disk listing in any way? I can't think of any other reason.

 

[edwar]

Not sure I've never worked with Dynamic disks. Why is that disk dynamic?

You could try adding the other disks first, boot go into BIOS, shut down add another, do the same, add another and so on until the last disk you add is the boot drive. Maybe then the OS will see the last disk as Disk0.

 

[zyx888]

Not sure I've never worked with Dynamic disks. Why is that disk dynamic?

Not sure. The IT guy who compiled the PC and installed the OS made it so (is it default in Win7?).

You could try adding the other disks first, boot go into BIOS, shut down add another, do the same, add another and so on until the last disk you add is the boot drive. Maybe then the OS will see the last disk as Disk0.

I'm not quite sure I understand what you mean. How can I boot from other disks without OS installed?

 

[edwar]

Not sure I've never worked with Dynamic disks. Why is that disk dynamic?

Not sure. The IT guy who compiled the PC and installed the OS made it so (is it default in Win7?).

You could try adding the other disks first, boot go into BIOS, shut down add another, do the same, add another and so on until the last disk you add is the boot drive. Maybe then the OS will see the last disk as Disk0.

I'm not quite sure I understand what you mean. How can I boot from other disks without OS installed?

You don't boot from any disk. you start the computer and at the BIOS screen hit the key/key combo to enter the BIOS setup screens. Check the disk placement, Save and exit then hold down the power button when the PC starts to reboot to turn it off. Add another drive and go through those steps again until the last disk you add is the OS drive.

No the default in any version of Windows is a basic disk. Not sure why the person that set it up set the boot drive as Dynamic. No good reason IMHO to have any dynamic disk in a desktop system. Maybe to add a RAID array at some time in the future or to add a second disk to the boot volume???????????????

 

[seavixen32]

By default, Windows 7 is installed on a basic disk.

A dynamic disk is used in a software RAID configuration.

To see how to convert your dynamic disk to a basic disk, please read this tutorial.

http://www.sevenforums.com/tutorials/26829-convert-dynamic-disk-basic-disk.html

A hard drive can have a maximum of four basic partitions, with one of them being an extended partition within which you can create a multitude of logical partitons if you need more than four partitions.