Jump to content











Photo
- - - - -

Veracrypt Recovery Images on Bootable USB?

bootable recovery disk veracrypt bootable disk

  • Please log in to reply
No replies to this topic

#1 TechnicGeek

TechnicGeek

    Newbie

  • Members
  • 14 posts
  • Location:Israel
  • Interests:Computing, home DIY, technology
  •  
    Israel

Posted 19 March 2023 - 08:46 AM

Hi. I have 2 Veracrypt Recovery Images from laptop and PC that I want to keep on external storage and use in the case of emergency. I don't want to make bootable CD/DVD for each because I don't have the required devices but want the convenience of USB flash drive. I am aware of programs like Ventoy and WinToUSB that allow you to have multiple bootable images on one external storage and choose which one to boot from.

 

Is this possible with Veracrypt Recovery Images though?

I also want to use WinRar to password-protect these 2 files and store them online in the cloud in case I lose access to physical media.

 

What do you think of these methods and their security?


Edited by TechnicGeek, 19 March 2023 - 08:47 AM.


#2 misty

misty

    Gold Member

  • Developer
  • 1066 posts
  •  
    United Kingdom

Posted 19 March 2023 - 11:30 AM

@TechnicGeek
I've never used Veracrypt, however based on a quick look here, recovery/rescue media for MBR type disks uses GRUB4DOS.

Based on a quick look at the menu.lst entry in VeraCryptUsbRescueDisk.zip, it should be relatively easy to create a rescue disk with entries for 2 veracrypt .iso files. menu.lst entry -
title VERACRYPT RESCUE DISK 
find --set-root /veracrypt.iso 
map --mem /veracrypt.iso (hd32) 
map (hd0) (hd1) 
map (hd1) (hd0) 
map --hook 
root (hd32) 
chainloader (hd32)
Assuming you have 2 veracrypt .iso files (one for each image - and I'm guessing here) -
title VERACRYPT RESCUE DISK 1
find --set-root /veracrypt1.iso 
map --mem /veracrypt1.iso (hd32) 
map (hd0) (hd1) 
map (hd1) (hd0) 
map --hook 
root (hd32) 
chainloader (hd32)

title VERACRYPT RESCUE DISK 2
find --set-root /veracrypt2.iso 
map --mem /veracrypt2.iso (hd32) 
map (hd0) (hd1) 
map (hd1) (hd0) 
map --hook 
root (hd32) 
chainloader (hd32)
If you need to boot in UEFI mode, then there is not enough information on the VeraCrypt Rescue Disk page for me to provide any help or advice.

Misty

#3 VendettaReborn

VendettaReborn
  • Members
  • 9 posts
  •  
    United States

Posted 19 March 2023 - 10:57 PM

I do use VeraCrypt, for most of my external drives. If you want to keep it simple:

 

1.Create an Easy2Boot flash drive

2. Create VeraCrypt Rescue ISO

3. Copy to appropriate location on E2B drive

 

However, E2B will boot the ISO in legacy mode. If you need UEFI, add the al1ve UEFI stuff when creating the E2B drive. When you boot into the drive's 2nd partition (via your UEFI boot menu or whatever), it will load, allowing you to select the ISO and boot it in UEFI mode. The UEFI side of this is untested by me, but I think it should work.



#4 Rootman

Rootman

    Frequent Member

  • Advanced user
  • 382 posts
  • Location:USA

Posted 20 March 2023 - 11:52 AM

I use VeraCrypt, but I do not use it to encrypt my OS partitions, I've had to many problems with stuff like Windows updates messing it up.  As with ANY OS, especially encrypted ones, make backups regularly.  I use Macrium Reflect.   

 

I would imagine that Ventoy would work just fine booting to the VC ISO files, it has not failed me yet on various ISOs I've booted to.  If you have a spare USB stick just give it a try, it's one of the easiest multibooters to setup out there.  Download Ventoy and run the Ventoy2Disk.exe.  This will destroy the contents of the USB drive.  Put your ISO files for the VC recovery onto the 1st partition named Ventoy, the actual EFI partition that Ventoy loads with is hidden.  Boot to the stick and see if it works.  Let us know how it goes.

 

I use VC for secondary drive / partition encryption.  I have a WinPE that boots off an ISO file, so I put the WinPE ISO on my Ventoy drive.  If I need to get to a VC encrypted drive outside the OS I boot to WinPE and launch VC from it.  Works great. 



#5 VendettaReborn

VendettaReborn
  • Members
  • 9 posts
  •  
    United States

Posted 21 March 2023 - 01:13 AM

I use VeraCrypt, but I do not use it to encrypt my OS partitions, I've had to many problems with stuff like Windows updates messing it up.  As with ANY OS, especially encrypted ones, make backups regularly.  I use Macrium Reflect.   
 
I would imagine that Ventoy would work just fine booting to the VC ISO files, it has not failed me yet on various ISOs I've booted to.  If you have a spare USB stick just give it a try, it's one of the easiest multibooters to setup out there.  Download Ventoy and run the Ventoy2Disk.exe.  This will destroy the contents of the USB drive.  Put your ISO files for the VC recovery onto the 1st partition named Ventoy, the actual EFI partition that Ventoy loads with is hidden.  Boot to the stick and see if it works.  Let us know how it goes.
 
I use VC for secondary drive / partition encryption.  I have a WinPE that boots off an ISO file, so I put the WinPE ISO on my Ventoy drive.  If I need to get to a VC encrypted drive outside the OS I boot to WinPE and launch VC from it.  Works great.


I completely forgot that E2B also supports Ventoy, as well as al1ve's loader. That might work too, but I've never used it. However, soon I'll be building a gaming desktop that will likely have a mobo that only support UEFI class 3, which means no legacy booting at all. Then I'll have to get used to booting stuff in UEFI only.

G4D has a UEFI loader called G4E, I wonder why the E2B maintainer hasn't added it to the mix of available options.

#6 Rootman

Rootman

    Frequent Member

  • Advanced user
  • 382 posts
  • Location:USA

Posted 21 March 2023 - 02:14 PM

I completely forgot that E2B also supports Ventoy, as well as al1ve's loader. That might work too, but I've never used it. However, soon I'll be building a gaming desktop that will likely have a mobo that only support UEFI class 3, which means no legacy booting at all. Then I'll have to get used to booting stuff in UEFI only.

G4D has a UEFI loader called G4E, I wonder why the E2B maintainer hasn't added it to the mix of available options.

 

I've used E2B since Steve first introduced it years ago With the decline of MBR booting the E2B itself has become less and less useful.  I used it with the Ventoy and AGFM extensions he introduced but you still had to boot to AGFM to get to Ventoy, and it seems that Ventoy booted everything that I needed. I always had to use Ventoy to boot to Windows installation ISOs.  So one Saturday afternoon I checked out the full Ventoy system out and used it on a spare USB stick.  I was more than pleased with the simplicity of it all. Unlike AGFM it would scan for and find all the ISO files.  I used the Ventoy tool VentoyPlugson.exe to change the default layout to TREE view and the interface to TEXT instead of the GUI, it boots fast, scans the drive for ISO files quickly and presents a nice simple view of my ISO files.  What I especially liked is that I can arrange the ISO files into whatever folders I want to to sort them by function, I was not limited to just the folders that E2B provides.  For instance,  I could separate out my WORK Macrium Reflect ISO files from my HOME ISO files.  I have 4 ISO files in the root of the 1st partition and the rest stored in a subfolder named ISO, and into separate folders below that.  When I boot to Ventoy I get a small menu of my 4 root ISO files and a submenu called ISO to which I can quickly navigate and launch my other less used ISO files.  

 

For the occasional MBR boot you can still use Ventoy,  It's a bit wonky at times but works pretty reliable on my USB sticks which are setup as MBR partitions.  It shows in the Legacy boot menu of the computers boot menu and actually  - somehow - boots the ISO files just fine. I am not sure if it leverages them into a EFI boot or really boots them as Legacy boot.  I have not tried it on a PC that does not do EFI boot to check if it still works, I don't happen to have one around that does not also do EFI.  



#7 Rootman

Rootman

    Frequent Member

  • Advanced user
  • 382 posts
  • Location:USA

Posted 07 April 2023 - 09:45 PM

I came back to this thread after trying the regular full Ventoy installation version.  Previously I had used a modified version of Ventoy the Steve at Easy2Boot provided.  As the prevalence of MBR booting systems faded it became less useful and seldom used. Steve really stepped up and provided a simple way to install the aGFM and Ventoy additions to Easy2Boot for good EFI boot coverage. I had read some posts on various sites about the regular (non Esy2Boot supplied version) of Ventoy and decided to give it a try.  I was VERY pleased with it and found it did a great job of booting EFI and MBR systems with everything I threw at it.  It seemed much simpler and more straight forward then Easy2Boot+aGFM+Ventoy.  So I decided to switch to it entirely. I managed to swap all my bootable USB drives over to Ventoy quite easily.  I have 30 some ISO files on tem and all boot wonderfully.     

 

So I would encourage anyone needing an ISO, IMG, VHD boot system to give Ventoy a try.  It can boot nearly everything and is super simple to setup.  I've installed Windows and Linux systems from the same USB stick in just minutes, various versions of both. I have various rescue and recovery utilities on it, from Macrium Reflect to MiniTool Partition Wizard to a few others like WinPE.

 

Either Easy2Boot or Ventoy is a superb way to offer a lot of powerful utilities on a single stick that you can keep in your pocket.  It has really made my job and life a lot easier.   



#8 TechnicGeek

TechnicGeek

    Newbie

  • Members
  • 14 posts
  • Location:Israel
  • Interests:Computing, home DIY, technology
  •  
    Israel

Posted 30 April 2023 - 09:18 AM

@TechnicGeek
I've never used Veracrypt, however based on a quick look here, recovery/rescue media for MBR type disks uses GRUB4DOS.

If you need to boot in UEFI mode, then there is not enough information on the VeraCrypt Rescue Disk page for me to provide any help or advice.


Misty

 

 

 

I have succeeded with MBR and your suggested addition to menu.1st file to add 2 VeraCrypt files to the list. I could also press a hot key and edit that file in bootloader. I could rename .ISO file and it will update list on the fly so I could run different file.

 

For UEFI on that same help page it says: "For EFI boot mode, just insert your Rescue Disk into a USB port, boot your computer on it and then select Boot VeraCrypt loader from rescue disk on the Rescue Disk screen." I think I just need to burn the .ISO on USB drive and that's it.

 

 

I do use VeraCrypt, for most of my external drives. If you want to keep it simple:

 

1.Create an Easy2Boot flash drive

2. Create VeraCrypt Rescue ISO

3. Copy to appropriate location on E2B drive

 

However, E2B will boot the ISO in legacy mode. If you need UEFI, add the al1ve UEFI stuff when creating the E2B drive. When you boot into the drive's 2nd partition (via your UEFI boot menu or whatever), it will load, allowing you to select the ISO and boot it in UEFI mode. The UEFI side of this is untested by me, but I think it should work.

 

The .ISO itself is for UEFI boot. You mean E2B by default boots in legacy mode? What if I won't add al1ve UEFI in options? Would that render .ISO and bootloader incompatible and fail to boot?

 

 

I use VeraCrypt, but I do not use it to encrypt my OS partitions, I've had to many problems with stuff like Windows updates messing it up.  As with ANY OS, especially encrypted ones, make backups regularly.  I use Macrium Reflect.

 

I would imagine that Ventoy would work just fine booting to the VC ISO files, it has not failed me yet on various ISOs I've booted to.  If you have a spare USB stick just give it a try, it's one of the easiest multibooters to setup out there.  Download Ventoy and run the Ventoy2Disk.exe.  This will destroy the contents of the USB drive.  Put your ISO files for the VC recovery onto the 1st partition named Ventoy, the actual EFI partition that Ventoy loads with is hidden.  Boot to the stick and see if it works.  Let us know how it goes.

 

Didn't work with Ventoy and 2 .ISO images. Here's what I get when I go the Vintoy route after I hit enter on either of 2 .ISO files:

 

mobialivecd-normal-mode-023-04-30-111441

 

Here's the screen I get after attempting to load .ISO again both in normal mode and grub mode:

 

 mobialivecd-grub-mode-023-04-30-111441.j

 

And here's what I get after burning VeraCrypt MBR version on USB drive using their own tools: 

 

not-ventoy-mobalivecd-2023-04-30-110117.

not-ventoy-2023-04-30-110117.jpg

 

 

I boot-tested on QEMU Simple Boot and MobaLiveCD. Same errors. Maybe it's because I need to boot on my actual computers than in QEMU? For this I better backup my encrypted system drives first on both computers to be on the safe side? Is it necessary to unencrypt system drives first to backup?

 

But since it worked with MBR legacy mode and with additions suggested by misty so I will try it without simulation on both computers. I will only run VeraCrypt rescue disk but won't perform any actions.

 

Should I backup my hard drives on both computers before that to be on a safe side? They are encrypted. Should I decrypt them first and backup?


Edited by TechnicGeek, 30 April 2023 - 09:57 AM.


#9 TechnicGeek

TechnicGeek

    Newbie

  • Members
  • 14 posts
  • Location:Israel
  • Interests:Computing, home DIY, technology
  •  
    Israel

Posted 30 April 2023 - 09:43 AM

Also I am using generic no-name USB drive for testing:

 

image.png

 

Easy2Boot is unable to write to it in administrator mode and with antivirus turned off. Shell window shows operations and closes but USB drive remains unchanged. Not even formatted. I used different tool to burn FreeDos bootloader and DSL Linux on it though and both worked. Maybe E2B does not work with generic no-name drives? 






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users