TrueCrypt: Full Disk Encryption

After seeing how easy TrueCrypt worked when I used it to encrypt files (or more accurately, create a encrypted container to hold files) I decided to give full disk encryption a try on my new Dell Inspiron laptop. I was planning to take the laptop on my vacation trip and wanted to encrypt the data. The laptop was new and not a critical part of my workflow so if full disk encryption cratered the laptop, requiring a rebuild, it could wait until after my trip without causing any serious problems.

Advertisements
TrueCrypt Logo

After seeing how easy TrueCrypt worked when I used it to encrypt files (or more accurately, create a encrypted container to hold files) I decided to give full disk encryption a try on my new Dell Inspiron laptop. I was planning to take the laptop on my vacation trip and wanted to encrypt the data. The laptop was new and not a critical part of my workflow so if full disk encryption cratered the laptop, requiring a rebuild, it could wait until after my trip without causing any serious problems.

As it turned out, the full disk encryption worked without any problems. While I hadn’t used the new laptop enough to gauge any before/after performance differences, the benchmarks showed a negligible difference.

I’d already installed TrueCrypt on the laptop so all I needed to do was encrypt the system drive. I decide to encrypt the entire system drive (the only drive in the laptop) and I’ll just use normal encryption. I won’t bother with the hidden option since I mainly care about preventing someone who steals my laptop from being able to access the files. The encryption  process is wizard based and the screens are shown below. I don’t have any plans to dual boot this laptop so I can keep it simple with a single boot configuration. I also stick with AES encryption since it benchmarks better than the other options.

System Disk Encryption Wizard Screen 1 System Disk Encryption Wizard Screen 2

System Disk Encryption Wizard Screen 3 System Disk Encryption Wizard Screen 4

At this point I was presented with a UAC prompt as TrueCrypt looked for hidden sectors in the host protected area. The process was too quick to get a screenshot or even read the entire message. TrueCrypt apparently liked what it found (or didn’t find) and moved on.

System Disk Encryption Wizard Screen 6 System Disk Encryption Wizard Screen 7

System Disk Encryption Wizard Screen 8 System Disk Encryption Wizard Screen 9

System Disk Encryption Wizard Screen 10

At this point I’m prompted to create a rescue disk which I do. Should something happen to the hard drive that prevents the PC from booting.  The Rescue Disk can be used to boot the PC and then unencrypt the hard drive so that the data can be copied off the drive.

System Disk Encryption Wizard Screen 11 System Disk Encryption Wizard Screen 12

System Disk Encryption Wizard Screen 13 System Disk Encryption Wizard Screen 14

System Disk Encryption Wizard Screen 15

After the detour to create the rescue disk we’re back to work on setting up the full disk encryption. At this point no actual encryption has happened yet.

System Disk Encryption Wizard Screen 16 System Disk Encryption Wizard Screen 17

Now things will begin to happen so a couple screens provide instructions on what to do should things go horribly wrong.

System Disk Encryption Wizard Screen 18a System Disk Encryption Wizard Screen 18b

Then the PC reboots and does it’s thing. I’m told the pretest was successful. After clicking the encrypt button there’s more instructions about how to recover if there’s a problem.

System Disk Encryption Wizard Screen 19 System Disk Encryption Wizard Screen 20a

System Disk Encryption Wizard Screen 20b System Disk Encryption Wizard Screen 20c

There was another UAC prompt when I clicked “OK” on the message box. As the encryption is going on the status is displayed.

System Disk Encryption Wizard Screen 21 System Disk Encryption Wizard Screen 22

My 580 GB Hard Drive with about 75 GB in use (both as reported by Windows) took about 8 hours to encrypt. I didn’t use the PC during this time so the encryption process should have gotten all the available resources.

Conclusion

After the encryption was finished I rebooted the PC to make sure everything was OK. The reboot was fine although things seemed to be slower than before. I hadn’t had the laptop long enough to really get a good feel on the performance so it may have been more perception than reality. I had benchmarked the Dell Inspiron laptop prior to encryption so I did it again now. There was a significant drop in the disk benchmark score.

The pre-TrueCrypt encryption disk results were 21% better than the post encryption score. While I expected some performance hit, this seemed extreme. I rebooted one more time and there was a noticeable improvement. I ran the benchmark again and the disk actually scored about 10% better than the pre-encryption benchmark. (I don’t stop all background tasks to do the benchmarks so some variation is to be expected.) Like I said before, I didn’t have the laptop very long before I encrypted it so I didn’t get a good feel for performance, but I don’t have any complaints and it seems peppy enough. It was interesting that it took two reboots after the encryption finished for things to settle down.

I haven’t had problems running any software and there hasn’t been any instability with the system. My Windows Home Server backup runs just fine. Since the disk is decrypted at boot the WHS backup software sees the file system the same way it did prior to encryption.

Overall I’m happy with TrueCrypt full disk encryption, it’s worked well and I’m happy with the performance. While I certainly don’t want to lose my laptop, I’m happy to know that if I do the data will be protected.