Use GParted for this: http://gparted.org/livecd.php. Windows doesn’t likes moving its own system partition while it’s running.
Burn to cd or or install to USB drive
Ensure you shut down windows completely. Do this by running shutdown -s -f -t 0 in the command prompt.
Boot from said CD or USB drive.
Open the GParted tool and select your drive on the top right (if not already selected)
Shrink the C: partition (usually the largest one on the disk) by the amount you want it to move.
Move it over the amount requested
Click «Apply»
Wait for actions to complete
Restart the computer
2 Method
Where is your «reserved» partition located and what’s the size? In diskpart, list partition and copy past the output here please.
In any case, here is how you slove it, but then you only have windows on that disk:
1. Use true image (or similar) to make an image of your c drive
2. Boot the windows installation disk
3. Select» install now» then «custom» and delete EVERY partition on the disk (especially the «Reserved one»).
3. Then select the «unalocated space» and install
4. Run veracrypt to check if it work. Assuming it does:
5. Boot on a true image (or similar) recovery disk and restore your old C to the current C
6. If you new C is not the size you want, boot on Disk Director (or similar like gparted) disk to resize the partition.
Hey, last time I had problem with this error so I will show you today how to fix this, so you’ll be able to encrypt your partition without any problems. We need to shrink main partition because VeraCrypt require this to store “bootloader” at the begging of the partition, VeraCrypt BootLoader is stored at the beginning of the partition.
We will use free version of “MiniTool Partition Wizard Free 10” which is completely OK to do this task.
After installing MiniTool Partition Wizard we need to select disk which we want to encrypt (windows partition in my case).
Select your partition and choose “Move/Resize Partition“
then just leave some empty space at the beginning of the partition (Unallocated Space Before), leave let say 8 MB 🙂 it should be ok, because VeraCrypt requires only 32 KB for BootLoader, but we will leave more space 😉
Click ok, and Apply Changes.
now you should be ready to encrypt your whole disk with VeraCrypt without problems.
You can download MiniTool Partition Wizard Free Edition from – https://www.partitionwizard.com/download.html
Note:
Partition Magic lets you slide (move the start and end partition locations at least 32k towards the end of the disk) a partition that is smaller than the total disk space then you can’t boot into Windows and then run PM, you’d have to boot into PM directly and then slide the partition. There are other partition apps that can slide partitions if PM can’t, you will have to google, etc., to find them.
Failing that, you’d have to repartition and create a 32k partition first and then create the main partition, etc, but this involves reinstalling Windows.
-
Summary
-
Files
-
Reviews
-
Support
-
Source Code
-
Forums
-
Tickets
-
Documentation
-
FAQ
-
Donate
-
Faire un don
-
Mailing Lists
Menu
▾
▴
Boot Loader requires 32 KB can’t be fixxed?
Created:
2020-12-01
Updated:
2022-02-09
-
Hello,
on my Win 10 system I suddenly get that error, when I want to permanently encrypt the system disk: «The VeraCrypt Boot Loader requires at least 32 KibiBytes of free space at the beginning of the system drive…»
I managed to get unallocated space before the system drive, but the error still pops up after reboot:
Also unallocated space on another position does not fix the problem:
So why shouldn’t that reported as a bug (like the error message says)?
Does anyone know how to fix that problem without re-installing Windows 10?Last edit: Juergen 2020-12-01
-
I have the very same problem. No help???
-
SCHEISS-TEIL. Now I wiped my drive, reset my BIOS and restored with Acronis. And guess what? This «Password» request comes up again!!! How in all the world do I get this out of UEFI??? I can’t install and I can’t get it out
-
Moin Jürgen. Here is how I fixed it:
1.) Used Aomei Partition Assistant (search here: www.getintopc,com)
2.) Told it to «resize» the C-Partition and checked: «I need to move this partition»
3.) Created a small space BEFORE every other partition and moved all three partitions to the right (END). Should say: «Unallocated»
4.) Reinstalled VeraCrypt, got error on installation.
5.) Uninstalled VeraCrypt with «Revo Uninstaller» and let it download an extended uninstaller. See above getintopc for download. Do NOT let it reboot before running all deletions within REVO!
5.) Removed all registry entries with «Registrar Registry Manager» also see getintopc.
6.) Installed VerCrypt — this time without error.I hope it will work for you
If not, maybe I can help?
-
Tried this too but I cannot move all the other partitions to the right or at least boot-partition and Mac-Partition.
I am using Windows 10 on Mac which was installed through Bootcamp.
I am trying this since almost 2 years without success.
Anyway, one day I will buy a normal Notebook (no Mac anymore).Last edit: Jean Dongler 2021-05-13
-
Just saw on your screen shot: You need to have the free partition for VeraCrypt all the way to the left (at the beginning of the HDD/SSD), Secondly, I noticed, your partition says; «Reserved» — must be «Unallocated«.
-
Hello Chinghisskhan , thanks a lot! It worked for me!
I only had to place the unallocated space to the beginning of the disk and it worked!!
Thank you so much!!But now when I want to encrypt the system drive the point «Encryp the whole drive» is grayed out
Do you know why? I wanted to encrypt the whole drive. Or is that generally not possible?
-
Moin Jürgen, at least, I was able to help you a little. Try to ask the developer directly: mounir.idrassi@idrix.fr and tell him that after help in the forum, you are still stuck with this problem. He told me that Acronis may not have wiped the EFI-Partition, but that it indeed an error and he will fix it.
Was your C: drive encrypted before? If so, then I think the rescue stick may help, but I have no idea how.
Did you uninstall VeraCrypt and cleaned the registry with «Registrar Registry Manager» also see getintopc? Did you get an error message when reinstalling?
I was able to encrypt my entire C: drive. I use Acronis to save the unencrypted disk image to an unencrypted drive and use the SHA256 Acronis password.
Gut Glück!
-
Hi,
thanks. I wrote him.
But I did read now, that Win 10 with GPT installed in UEFI mode is not possible to encrypt whole drive. Is that correct and the reason why it’s grayed out?
-
Here is how it looks on my PC.
Can you answer my questions please in order to help you further?
Was your C: drive encrypted before? If so, then I think the rescue stick may help, but I have no idea how.
Did you uninstall VeraCrypt and cleaned the registry with «Registrar Registry Manager» also see getintopc? Did you get an error message when reinstalling?
-
My drive was encrypted, but then I restored a full backup of all partitions using Acroins True Image. Cause the backup was not encrypted, my system was then not encrypted, but Veracrypt password prompt came up at boot, but could be skipped with ESC button.
Then I clicked on unencrypt system partition in VeraCrypt and the password prompt at boot was gone. Then I had the problems with the needed 32 KB free space, which I could solve thanks to your help.
I uninstalled VeraCrypt normally and did not use the Registry tool. Then I reinstalled VeraCrypt without errors during installation and was able to successfully encrypt — BUT not the whole drive.
-
I guess, you did not delete all partitions with a partitioning tool? Did you delete them with DOS or a Windows Install Stick or just installed the image with Acronis? Acronis does not recreate the EFI-Partition in a way that VeraCrypt can write to it nor does it wipe the VeryCrypt entry. Both of our problems are then related to Acronis. If you didn’t have a problem installing VeryCrypt, then no need for the «Registrar».
I guess, I will try it as follows: Wipe all partitions with Aomei on an encrypted test drive with Win 10 as OS, then restore unencrypted Acronis Image and see if VeraCrypt can be installed normally.
-
Thanks for that information.
In the meanwhile I installed VeraCrypt on another fresh Windows 10 PC where VC has never been installed before. There it is also not possible to select «Encrypt the whole drive».
So are you really sure, that VC can encrypt whole drive of Win 10 with GPT UEFI?
-
@mensa84: it is indeed not possible to encrypt the whole drive in the case of GPT UEFI boot and the reason is that UEFI boot requires that the EFI partition which holds the bootloaders files remain unencrypted. Simply put, If VeraCrypt encrypted the whole drive, the PC would not be able to boot at all. So this is a limitation forced upon us and the best thing users can do is to manually encrypted all other data partitions and then configure them to be mounted as system favorites.
Thank you @chingghiskhan for proving a workaround for this 32KB issue. Actually, VeraCrypt should not check for 32KB unallocated space at the beginning of the drive in UEFI boot mode: this check is needed only for MBR boot where VeraCrypt bootloader is stored in this unallocated space. for UEFI boot, VeraCrypt stores its bootloader in the standard EFI partition.
I will implement a fix in VeraCrypt for this issue.
-
Hi Mounir,
After restoring an image with Acronis, I cannot create a partition at the
beginning of the drive, altough I was able to do so before. Now Aomei just
crashes and also Easus and Niubi can’t move partitions. In VeraCrypt, I am
getting the famous 32kb error message. Any idea what I could try next? Did
you make a fix?Cheers,
RobertLast edit: Mounir IDRASSI 2021-01-02
-
@Mounir IDRASSI: Thanks for getting into the discussion and helping us with this issue. I checked, and my system is installed in UEFI-Mode AND I was able to encrypt the entire C: drive normally! So creating the small partition for VeryCrypt at the beginning of the drive may be a work-around? But why did it work for me and not for @Juergen? What could be the difference? I am puzzled!
Last edit: Chinghisskhan 2020-12-11
-
After restoring an image with Acronis, I cannot create a partition at the beginning of the drive, altough I was able to do so before. Now Aomei just crashes and also Easus and Niubi can’t move partitions. In VeraCrypt, I am getting the famous 32kb error message. Any idea what I could try next?
-
I managed to create a partition by copying the MSR-Partition to a new unallocated space to the right (second Partition). Then, I am only able to encrypt the Windows partition, not the whole drive, just the same as with Juergen. Now, I will try your new built.
-
maybe there is a confusion between whole drive and whole disk.
In UEFI mode, it is technically impossible to encrypt the whole boot disk. This is not a VeraCrypt limitation. But you can still encrypt whole drives individually (e.g. C: , D: …).
-
The build I shared fixes OP issue about missing 32KB space so that there is no need to add unallocated space at the beginning of the drive manually
-
Hi Mounir,
On my Notebook, I have ver. 1.24 Update 7 and it has an option to change the
password dialog — a feature which I like very much.
On my PC, when I had ver. 1,24 Update 7, this feature was gone?Any chance to bring this very nice feature back?
Thanks
Robert
Last edit: Mounir IDRASSI 2021-01-02
-
@chingghiskhan : can you please clarify which change password option is gone? Nothing changed in this functionality for system encryption nor for normal volumes.
-
Hi Mounir,
On my Notebook, I have ver. 1.24 Update 7. It has an option to change the
password message so that on boot, it would not just say; «password» but I was able to change this boot message to anything, let’s say: «No boot device»
On my PC, I also have ver. 1,24 Update 7, here, this option this can’t be found, or do I just overlook it?
Log in to post a comment.
I’m currently trying to encrypt my system partition using VeraCrypt. Unfortunately, I always get the following error: «The VeraCrypt Boot Loader requires at least 32 KBytes of free space at the beginning of the system drive […]»
What I’ve tried so far: I’ve downloaded GParted and shrunk my C: partition by 10 MB and moved the freed up space to the beginning of my system drive.
I’d appreciate any help I can get!
I’ve also tried moving the 10mb unallocated space directly in front of the C: partition.
List disk output:
https://i.stack.imgur.com/WfwZs.png
Use GParted for this: http://gparted.org/livecd.php. Windows doesn’t likes moving its own system partition while it’s running.
Burn to cd or or install to USB drive
Ensure you shut down windows completely. Do this by running shutdown -s -f -t 0 in the command prompt.
Boot from said CD or USB drive.
Open the GParted tool and select your drive on the top right (if not already selected)
Shrink the C: partition (usually the largest one on the disk) by the amount you want it to move.
Move it over the amount requested
Click «Apply»
Wait for actions to complete
Restart the computer
2 Method
Where is your «reserved» partition located and what’s the size? In diskpart, list partition and copy past the output here please.
In any case, here is how you slove it, but then you only have windows on that disk:
1. Use true image (or similar) to make an image of your c drive
2. Boot the windows installation disk
3. Select» install now» then «custom» and delete EVERY partition on the disk (especially the «Reserved one»).
3. Then select the «unalocated space» and install
4. Run veracrypt to check if it work. Assuming it does:
5. Boot on a true image (or similar) recovery disk and restore your old C to the current C
6. If you new C is not the size you want, boot on Disk Director (or similar like gparted) disk to resize the partition.
Hey, last time I had problem with this error so I will show you today how to fix this, so you’ll be able to encrypt your partition without any problems. We need to shrink main partition because VeraCrypt require this to store “bootloader” at the begging of the partition, VeraCrypt BootLoader is stored at the beginning of the partition.
We will use free version of “MiniTool Partition Wizard Free 10” which is completely OK to do this task.
After installing MiniTool Partition Wizard we need to select disk which we want to encrypt (windows partition in my case).
Select your partition and choose “Move/Resize Partition“
then just leave some empty space at the beginning of the partition (Unallocated Space Before), leave let say 8 MB 🙂 it should be ok, because VeraCrypt requires only 32 KB for BootLoader, but we will leave more space 😉
Click ok, and Apply Changes.
now you should be ready to encrypt your whole disk with VeraCrypt without problems.
You can download MiniTool Partition Wizard Free Edition from – https://www.partitionwizard.com/download.html
Note:
Partition Magic lets you slide (move the start and end partition locations at least 32k towards the end of the disk) a partition that is smaller than the total disk space then you can’t boot into Windows and then run PM, you’d have to boot into PM directly and then slide the partition. There are other partition apps that can slide partitions if PM can’t, you will have to google, etc., to find them.
Failing that, you’d have to repartition and create a 32k partition first and then create the main partition, etc, but this involves reinstalling Windows.
Use GParted for this: http://gparted.org/livecd.php. Windows doesn’t likes moving its own system partition while it’s running.
Burn to cd or or install to USB drive
Ensure you shut down windows completely. Do this by running shutdown -s -f -t 0 in the command prompt.
Boot from said CD or USB drive.
Open the GParted tool and select your drive on the top right (if not already selected)
Shrink the C: partition (usually the largest one on the disk) by the amount you want it to move.
Move it over the amount requested
Click «Apply»
Wait for actions to complete
Restart the computer
2 Method
Where is your «reserved» partition located and what’s the size? In diskpart, list partition and copy past the output here please.
In any case, here is how you slove it, but then you only have windows on that disk:
1. Use true image (or similar) to make an image of your c drive
2. Boot the windows installation disk
3. Select» install now» then «custom» and delete EVERY partition on the disk (especially the «Reserved one»).
3. Then select the «unalocated space» and install
4. Run veracrypt to check if it work. Assuming it does:
5. Boot on a true image (or similar) recovery disk and restore your old C to the current C
6. If you new C is not the size you want, boot on Disk Director (or similar like gparted) disk to resize the partition.
Hey, last time I had problem with this error so I will show you today how to fix this, so you’ll be able to encrypt your partition without any problems. We need to shrink main partition because VeraCrypt require this to store “bootloader” at the begging of the partition, VeraCrypt BootLoader is stored at the beginning of the partition.
We will use free version of “MiniTool Partition Wizard Free 10” which is completely OK to do this task.
After installing MiniTool Partition Wizard we need to select disk which we want to encrypt (windows partition in my case).
Select your partition and choose “Move/Resize Partition“
then just leave some empty space at the beginning of the partition (Unallocated Space Before), leave let say 8 MB 🙂 it should be ok, because VeraCrypt requires only 32 KB for BootLoader, but we will leave more space 😉
Click ok, and Apply Changes.
now you should be ready to encrypt your whole disk with VeraCrypt without problems.
You can download MiniTool Partition Wizard Free Edition from – https://www.partitionwizard.com/download.html
Note:
Partition Magic lets you slide (move the start and end partition locations at least 32k towards the end of the disk) a partition that is smaller than the total disk space then you can’t boot into Windows and then run PM, you’d have to boot into PM directly and then slide the partition. There are other partition apps that can slide partitions if PM can’t, you will have to google, etc., to find them.
Failing that, you’d have to repartition and create a 32k partition first and then create the main partition, etc, but this involves reinstalling Windows.
-
Summary
-
Files
-
Reviews
-
Support
-
Source Code
-
Forums
-
Tickets
-
Documentation
-
FAQ
-
Donate
-
Faire un don
-
Mailing Lists
Menu
▾
▴
Boot Loader requires 32 KB can’t be fixxed?
Created:
2020-12-01
Updated:
2022-02-09
-
Hello,
on my Win 10 system I suddenly get that error, when I want to permanently encrypt the system disk: «The VeraCrypt Boot Loader requires at least 32 KibiBytes of free space at the beginning of the system drive…»
I managed to get unallocated space before the system drive, but the error still pops up after reboot:
Also unallocated space on another position does not fix the problem:
So why shouldn’t that reported as a bug (like the error message says)?
Does anyone know how to fix that problem without re-installing Windows 10?Last edit: Juergen 2020-12-01
-
I have the very same problem. No help???
-
SCHEISS-TEIL. Now I wiped my drive, reset my BIOS and restored with Acronis. And guess what? This «Password» request comes up again!!! How in all the world do I get this out of UEFI??? I can’t install and I can’t get it out
-
Moin Jürgen. Here is how I fixed it:
1.) Used Aomei Partition Assistant (search here: www.getintopc,com)
2.) Told it to «resize» the C-Partition and checked: «I need to move this partition»
3.) Created a small space BEFORE every other partition and moved all three partitions to the right (END). Should say: «Unallocated»
4.) Reinstalled VeraCrypt, got error on installation.
5.) Uninstalled VeraCrypt with «Revo Uninstaller» and let it download an extended uninstaller. See above getintopc for download. Do NOT let it reboot before running all deletions within REVO!
5.) Removed all registry entries with «Registrar Registry Manager» also see getintopc.
6.) Installed VerCrypt — this time without error.I hope it will work for you
If not, maybe I can help?
-
Tried this too but I cannot move all the other partitions to the right or at least boot-partition and Mac-Partition.
I am using Windows 10 on Mac which was installed through Bootcamp.
I am trying this since almost 2 years without success.
Anyway, one day I will buy a normal Notebook (no Mac anymore).Last edit: Jean Dongler 2021-05-13
-
Just saw on your screen shot: You need to have the free partition for VeraCrypt all the way to the left (at the beginning of the HDD/SSD), Secondly, I noticed, your partition says; «Reserved» — must be «Unallocated«.
-
Hello Chinghisskhan , thanks a lot! It worked for me!
I only had to place the unallocated space to the beginning of the disk and it worked!!
Thank you so much!!But now when I want to encrypt the system drive the point «Encryp the whole drive» is grayed out
Do you know why? I wanted to encrypt the whole drive. Or is that generally not possible?
-
Moin Jürgen, at least, I was able to help you a little. Try to ask the developer directly: mounir.idrassi@idrix.fr and tell him that after help in the forum, you are still stuck with this problem. He told me that Acronis may not have wiped the EFI-Partition, but that it indeed an error and he will fix it.
Was your C: drive encrypted before? If so, then I think the rescue stick may help, but I have no idea how.
Did you uninstall VeraCrypt and cleaned the registry with «Registrar Registry Manager» also see getintopc? Did you get an error message when reinstalling?
I was able to encrypt my entire C: drive. I use Acronis to save the unencrypted disk image to an unencrypted drive and use the SHA256 Acronis password.
Gut Glück!
-
Hi,
thanks. I wrote him.
But I did read now, that Win 10 with GPT installed in UEFI mode is not possible to encrypt whole drive. Is that correct and the reason why it’s grayed out?
-
Here is how it looks on my PC.
Can you answer my questions please in order to help you further?
Was your C: drive encrypted before? If so, then I think the rescue stick may help, but I have no idea how.
Did you uninstall VeraCrypt and cleaned the registry with «Registrar Registry Manager» also see getintopc? Did you get an error message when reinstalling?
-
My drive was encrypted, but then I restored a full backup of all partitions using Acroins True Image. Cause the backup was not encrypted, my system was then not encrypted, but Veracrypt password prompt came up at boot, but could be skipped with ESC button.
Then I clicked on unencrypt system partition in VeraCrypt and the password prompt at boot was gone. Then I had the problems with the needed 32 KB free space, which I could solve thanks to your help.
I uninstalled VeraCrypt normally and did not use the Registry tool. Then I reinstalled VeraCrypt without errors during installation and was able to successfully encrypt — BUT not the whole drive.
-
I guess, you did not delete all partitions with a partitioning tool? Did you delete them with DOS or a Windows Install Stick or just installed the image with Acronis? Acronis does not recreate the EFI-Partition in a way that VeraCrypt can write to it nor does it wipe the VeryCrypt entry. Both of our problems are then related to Acronis. If you didn’t have a problem installing VeryCrypt, then no need for the «Registrar».
I guess, I will try it as follows: Wipe all partitions with Aomei on an encrypted test drive with Win 10 as OS, then restore unencrypted Acronis Image and see if VeraCrypt can be installed normally.
-
Thanks for that information.
In the meanwhile I installed VeraCrypt on another fresh Windows 10 PC where VC has never been installed before. There it is also not possible to select «Encrypt the whole drive».
So are you really sure, that VC can encrypt whole drive of Win 10 with GPT UEFI?
-
@mensa84: it is indeed not possible to encrypt the whole drive in the case of GPT UEFI boot and the reason is that UEFI boot requires that the EFI partition which holds the bootloaders files remain unencrypted. Simply put, If VeraCrypt encrypted the whole drive, the PC would not be able to boot at all. So this is a limitation forced upon us and the best thing users can do is to manually encrypted all other data partitions and then configure them to be mounted as system favorites.
Thank you @chingghiskhan for proving a workaround for this 32KB issue. Actually, VeraCrypt should not check for 32KB unallocated space at the beginning of the drive in UEFI boot mode: this check is needed only for MBR boot where VeraCrypt bootloader is stored in this unallocated space. for UEFI boot, VeraCrypt stores its bootloader in the standard EFI partition.
I will implement a fix in VeraCrypt for this issue.
-
Hi Mounir,
After restoring an image with Acronis, I cannot create a partition at the
beginning of the drive, altough I was able to do so before. Now Aomei just
crashes and also Easus and Niubi can’t move partitions. In VeraCrypt, I am
getting the famous 32kb error message. Any idea what I could try next? Did
you make a fix?Cheers,
RobertLast edit: Mounir IDRASSI 2021-01-02
-
@Mounir IDRASSI: Thanks for getting into the discussion and helping us with this issue. I checked, and my system is installed in UEFI-Mode AND I was able to encrypt the entire C: drive normally! So creating the small partition for VeryCrypt at the beginning of the drive may be a work-around? But why did it work for me and not for @Juergen? What could be the difference? I am puzzled!
Last edit: Chinghisskhan 2020-12-11
-
After restoring an image with Acronis, I cannot create a partition at the beginning of the drive, altough I was able to do so before. Now Aomei just crashes and also Easus and Niubi can’t move partitions. In VeraCrypt, I am getting the famous 32kb error message. Any idea what I could try next?
-
I managed to create a partition by copying the MSR-Partition to a new unallocated space to the right (second Partition). Then, I am only able to encrypt the Windows partition, not the whole drive, just the same as with Juergen. Now, I will try your new built.
-
maybe there is a confusion between whole drive and whole disk.
In UEFI mode, it is technically impossible to encrypt the whole boot disk. This is not a VeraCrypt limitation. But you can still encrypt whole drives individually (e.g. C: , D: …).
-
The build I shared fixes OP issue about missing 32KB space so that there is no need to add unallocated space at the beginning of the drive manually
-
Hi Mounir,
On my Notebook, I have ver. 1.24 Update 7 and it has an option to change the
password dialog — a feature which I like very much.
On my PC, when I had ver. 1,24 Update 7, this feature was gone?Any chance to bring this very nice feature back?
Thanks
Robert
Last edit: Mounir IDRASSI 2021-01-02
-
@chingghiskhan : can you please clarify which change password option is gone? Nothing changed in this functionality for system encryption nor for normal volumes.
-
Hi Mounir,
On my Notebook, I have ver. 1.24 Update 7. It has an option to change the
password message so that on boot, it would not just say; «password» but I was able to change this boot message to anything, let’s say: «No boot device»
On my PC, I also have ver. 1,24 Update 7, here, this option this can’t be found, or do I just overlook it?
Log in to post a comment.
Для предотвращения несанкционированного доступа к системе и данным в Windows 7/10 предусмотрена возможность установки пароля, в том числе графического, однако такой способ защиты не может считаться сколь либо надежным. Пароль от локальной учетной записи легко может быть сброшен сторонними утилитами, а самое главное, ничто не мешает получить доступ к файловой системе, загрузившись с любого LiveCD со встроенным файловым менеджером.
Чтобы защитить свои данные по-настоящему, необходимо использовать шифрование. Для этого сгодится и встроенная функция BitLocker, но лучше воспользоваться сторонними программами. Долгое время наиболее предпочтительным приложением для шифрования данных был TrueCrypt, однако в 2014 году его разработчики свернули проект, заявив, что программа не является более безопасной. Вскоре, однако, работа над ним была возобновлена, но уже новой командой, да и сам проект получил новое имя. Так на свет появился VeraCrypt.
По сути, VeraCrypt это усовершенствованная версия TrueCrypt и именно эту программу мы предлагаем использовать для защиты вашей информации. В приведенном примере мы задействуем VeraCrypt «по максимуму», зашифровав с ее помощью весь жесткий диск с системным и пользовательским разделами. Такой способ шифрования имеет определенные риски – есть доля вероятности, пусть и очень небольшая, что система не сможет загрузиться, поэтому прибегать к нему советуем только тогда, когда это действительно вам нужно.
Процедура установки VeraCrypt ничем не отличается от инсталляции других программ, за одним лишь исключением. В самом начале вам будет предложено выбрать между режимами установки Install или Extract.
В первом случае программа будет внедрена в ОС, что позволит вам подключать зашифрованные контейнеры и шифровать сам системный раздел. Режим Extract просто распаковывает исполняемые файлы VeraCrypt, позволяя использовать его как портативное приложение. Часть функций, в том числе шифрование диска с Windows 7/10, при этом становится недоступной.
Сразу после запуска зайдите в меню Settings – Language, так как по умолчанию программа устанавливается на английском языке.
Шифрование диска
Несмотря на кажущуюся сложность задачи, все очень просто. Выберите в меню «Система» опцию «Зашифровать системный раздел/диск».
В открывшемся окне мастера в качестве метода выберите «Обычный» (этого достаточно), область шифрования – весь диск.
Далее вам нужно будет указать, нужно ли шифровать защищенные области диска. Если ваша система не OEM, можно выбрать «Да».
По завершении поиска скрытых секторов (процедура может занять продолжительное время), укажите число операционных систем и…
алгоритм шифрования (здесь все лучше оставить по умолчанию).
Примечание: если во время поиска скрытых секторов Windows перестанет отвечать, перезагрузите ПК принудительно и в следующий раз пропустите этот этап, выбрав «Нет».
Придумайте и введите в поля пароль.
Хаотично перемещая мышь, сгенерируйте ключ и нажмите «Далее».
На этом этапе программа предложит создать VRD – диск восстановления и записать его на флеш- или оптический носитель.
Далее внимательно следуем указаниям мастера. Режим очистки оставьте «Нет» – сэкономите несколько часов.
Когда на экране появится запрос на выполнение пре-теста шифрования системы, нажмите «Тест».
Потребуется перезагрузка компьютера. После включения ПК появится экран загрузчика VeraCrypt. Здесь вам нужно будет ввести придуманный пароль и PIM – количество итераций шифрования. Если вы раньше нигде не вводили PIM, просто нажмите ввод, значение опции будет установлено по умолчанию.
Спустя несколько минут Windows загрузится в обычном режиме, но при этом на рабочем столе появится окошко Pretest Completed – предварительное тестирование выполнено. Это означает, что можно приступать к шифрованию. Нажмите кнопку «Encrypt» и подтвердите действие.
Процедура шифрования будет запущена. Она может занять длительное время, все зависит от размера диска и его заполненности данными, так что наберитесь терпения и ждите.
Примечание: если на диске имеется шифрованный раздел EFI, что характерно для последних версий ПК, в начале шифрования вы можете получить уведомление «Похоже, Windows не установлена на диске…». Это означает, что зашифровать такой диск с помощью VeraCrypt не получится.
После того как все содержимое диска будет зашифровано, окно загрузчика VeraCrypt станет появляться каждый раз при включении компьютера и каждый раз вам нужно будет вводить пароль, другим способом получить доступ к зашифрованным данным нельзя. С расшифровкой диска все намного проще. Все, что вам нужно будет сделать, это запустить программу, выбрать в меню «Система» опцию «Перманентно расшифровать системный раздел/диск» и проследовать указаниям мастера.
Use GParted for this: http://gparted.org/livecd.php. Windows doesn’t likes moving its own system partition while it’s running.
Burn to cd or or install to USB drive
Ensure you shut down windows completely. Do this by running shutdown -s -f -t 0 in the command prompt.
Boot from said CD or USB drive.
Open the GParted tool and select your drive on the top right (if not already selected)
Shrink the C: partition (usually the largest one on the disk) by the amount you want it to move.
Move it over the amount requested
Click «Apply»
Wait for actions to complete
Restart the computer
2 Method
Where is your «reserved» partition located and what’s the size? In diskpart, list partition and copy past the output here please.
In any case, here is how you slove it, but then you only have windows on that disk:
1. Use true image (or similar) to make an image of your c drive
2. Boot the windows installation disk
3. Select» install now» then «custom» and delete EVERY partition on the disk (especially the «Reserved one»).
3. Then select the «unalocated space» and install
4. Run veracrypt to check if it work. Assuming it does:
5. Boot on a true image (or similar) recovery disk and restore your old C to the current C
6. If you new C is not the size you want, boot on Disk Director (or similar like gparted) disk to resize the partition.
Hey, last time I had problem with this error so I will show you today how to fix this, so you’ll be able to encrypt your partition without any problems. We need to shrink main partition because VeraCrypt require this to store “bootloader” at the begging of the partition, VeraCrypt BootLoader is stored at the beginning of the partition.
We will use free version of “MiniTool Partition Wizard Free 10” which is completely OK to do this task.
After installing MiniTool Partition Wizard we need to select disk which we want to encrypt (windows partition in my case).
Select your partition and choose “Move/Resize Partition“
then just leave some empty space at the beginning of the partition (Unallocated Space Before), leave let say 8 MB 🙂 it should be ok, because VeraCrypt requires only 32 KB for BootLoader, but we will leave more space 😉
Click ok, and Apply Changes.
now you should be ready to encrypt your whole disk with VeraCrypt without problems.
You can download MiniTool Partition Wizard Free Edition from – https://www.partitionwizard.com/download.html
Note:
Partition Magic lets you slide (move the start and end partition locations at least 32k towards the end of the disk) a partition that is smaller than the total disk space then you can’t boot into Windows and then run PM, you’d have to boot into PM directly and then slide the partition. There are other partition apps that can slide partitions if PM can’t, you will have to google, etc., to find them.
Failing that, you’d have to repartition and create a 32k partition first and then create the main partition, etc, but this involves reinstalling Windows.
Use GParted for this: http://gparted.org/livecd.php. Windows doesn’t likes moving its own system partition while it’s running.
Burn to cd or or install to USB drive
Ensure you shut down windows completely. Do this by running shutdown -s -f -t 0 in the command prompt.
Boot from said CD or USB drive.
Open the GParted tool and select your drive on the top right (if not already selected)
Shrink the C: partition (usually the largest one on the disk) by the amount you want it to move.
Move it over the amount requested
Click «Apply»
Wait for actions to complete
Restart the computer
2 Method
Where is your «reserved» partition located and what’s the size? In diskpart, list partition and copy past the output here please.
In any case, here is how you slove it, but then you only have windows on that disk:
1. Use true image (or similar) to make an image of your c drive
2. Boot the windows installation disk
3. Select» install now» then «custom» and delete EVERY partition on the disk (especially the «Reserved one»).
3. Then select the «unalocated space» and install
4. Run veracrypt to check if it work. Assuming it does:
5. Boot on a true image (or similar) recovery disk and restore your old C to the current C
6. If you new C is not the size you want, boot on Disk Director (or similar like gparted) disk to resize the partition.
Hey, last time I had problem with this error so I will show you today how to fix this, so you’ll be able to encrypt your partition without any problems. We need to shrink main partition because VeraCrypt require this to store “bootloader” at the begging of the partition, VeraCrypt BootLoader is stored at the beginning of the partition.
We will use free version of “MiniTool Partition Wizard Free 10” which is completely OK to do this task.
After installing MiniTool Partition Wizard we need to select disk which we want to encrypt (windows partition in my case).
Select your partition and choose “Move/Resize Partition“
then just leave some empty space at the beginning of the partition (Unallocated Space Before), leave let say 8 MB 🙂 it should be ok, because VeraCrypt requires only 32 KB for BootLoader, but we will leave more space 😉
Click ok, and Apply Changes.
now you should be ready to encrypt your whole disk with VeraCrypt without problems.
You can download MiniTool Partition Wizard Free Edition from – https://www.partitionwizard.com/download.html
Note:
Partition Magic lets you slide (move the start and end partition locations at least 32k towards the end of the disk) a partition that is smaller than the total disk space then you can’t boot into Windows and then run PM, you’d have to boot into PM directly and then slide the partition. There are other partition apps that can slide partitions if PM can’t, you will have to google, etc., to find them.
Failing that, you’d have to repartition and create a 32k partition first and then create the main partition, etc, but this involves reinstalling Windows.
-
Summary
-
Files
-
Reviews
-
Support
-
Source Code
-
Forums
-
Tickets
-
Documentation
-
FAQ
-
Donate
-
Faire un don
-
Mailing Lists
Menu
▾
▴
Boot Loader requires 32 KB can’t be fixxed?
Created:
2020-12-01
Updated:
2022-02-09
-
Hello,
on my Win 10 system I suddenly get that error, when I want to permanently encrypt the system disk: «The VeraCrypt Boot Loader requires at least 32 KibiBytes of free space at the beginning of the system drive…»
I managed to get unallocated space before the system drive, but the error still pops up after reboot:
Also unallocated space on another position does not fix the problem:
So why shouldn’t that reported as a bug (like the error message says)?
Does anyone know how to fix that problem without re-installing Windows 10?Last edit: Juergen 2020-12-01
-
I have the very same problem. No help???
-
SCHEISS-TEIL. Now I wiped my drive, reset my BIOS and restored with Acronis. And guess what? This «Password» request comes up again!!! How in all the world do I get this out of UEFI??? I can’t install and I can’t get it out
-
Moin Jürgen. Here is how I fixed it:
1.) Used Aomei Partition Assistant (search here: www.getintopc,com)
2.) Told it to «resize» the C-Partition and checked: «I need to move this partition»
3.) Created a small space BEFORE every other partition and moved all three partitions to the right (END). Should say: «Unallocated»
4.) Reinstalled VeraCrypt, got error on installation.
5.) Uninstalled VeraCrypt with «Revo Uninstaller» and let it download an extended uninstaller. See above getintopc for download. Do NOT let it reboot before running all deletions within REVO!
5.) Removed all registry entries with «Registrar Registry Manager» also see getintopc.
6.) Installed VerCrypt — this time without error.I hope it will work for you If not, maybe I can help?
-
Tried this too but I cannot move all the other partitions to the right or at least boot-partition and Mac-Partition.
I am using Windows 10 on Mac which was installed through Bootcamp.
I am trying this since almost 2 years without success.
Anyway, one day I will buy a normal Notebook (no Mac anymore).Last edit: Jean Dongler 2021-05-13
-
Just saw on your screen shot: You need to have the free partition for VeraCrypt all the way to the left (at the beginning of the HDD/SSD), Secondly, I noticed, your partition says; «Reserved» — must be «Unallocated«.
-
Hello Chinghisskhan , thanks a lot! It worked for me!
I only had to place the unallocated space to the beginning of the disk and it worked!!
Thank you so much!!But now when I want to encrypt the system drive the point «Encryp the whole drive» is grayed out
Do you know why? I wanted to encrypt the whole drive. Or is that generally not possible?
-
Moin Jürgen, at least, I was able to help you a little. Try to ask the developer directly: mounir.idrassi@idrix.fr and tell him that after help in the forum, you are still stuck with this problem. He told me that Acronis may not have wiped the EFI-Partition, but that it indeed an error and he will fix it.
Was your C: drive encrypted before? If so, then I think the rescue stick may help, but I have no idea how.
Did you uninstall VeraCrypt and cleaned the registry with «Registrar Registry Manager» also see getintopc? Did you get an error message when reinstalling?
I was able to encrypt my entire C: drive. I use Acronis to save the unencrypted disk image to an unencrypted drive and use the SHA256 Acronis password.
Gut Glück!
-
Hi,
thanks. I wrote him.
But I did read now, that Win 10 with GPT installed in UEFI mode is not possible to encrypt whole drive. Is that correct and the reason why it’s grayed out?
-
Here is how it looks on my PC.
Can you answer my questions please in order to help you further?
Was your C: drive encrypted before? If so, then I think the rescue stick may help, but I have no idea how.
Did you uninstall VeraCrypt and cleaned the registry with «Registrar Registry Manager» also see getintopc? Did you get an error message when reinstalling?
-
My drive was encrypted, but then I restored a full backup of all partitions using Acroins True Image. Cause the backup was not encrypted, my system was then not encrypted, but Veracrypt password prompt came up at boot, but could be skipped with ESC button.
Then I clicked on unencrypt system partition in VeraCrypt and the password prompt at boot was gone. Then I had the problems with the needed 32 KB free space, which I could solve thanks to your help.
I uninstalled VeraCrypt normally and did not use the Registry tool. Then I reinstalled VeraCrypt without errors during installation and was able to successfully encrypt — BUT not the whole drive.
-
I guess, you did not delete all partitions with a partitioning tool? Did you delete them with DOS or a Windows Install Stick or just installed the image with Acronis? Acronis does not recreate the EFI-Partition in a way that VeraCrypt can write to it nor does it wipe the VeryCrypt entry. Both of our problems are then related to Acronis. If you didn’t have a problem installing VeryCrypt, then no need for the «Registrar».
I guess, I will try it as follows: Wipe all partitions with Aomei on an encrypted test drive with Win 10 as OS, then restore unencrypted Acronis Image and see if VeraCrypt can be installed normally.
-
Thanks for that information.
In the meanwhile I installed VeraCrypt on another fresh Windows 10 PC where VC has never been installed before. There it is also not possible to select «Encrypt the whole drive».
So are you really sure, that VC can encrypt whole drive of Win 10 with GPT UEFI?
-
@mensa84: it is indeed not possible to encrypt the whole drive in the case of GPT UEFI boot and the reason is that UEFI boot requires that the EFI partition which holds the bootloaders files remain unencrypted. Simply put, If VeraCrypt encrypted the whole drive, the PC would not be able to boot at all. So this is a limitation forced upon us and the best thing users can do is to manually encrypted all other data partitions and then configure them to be mounted as system favorites.
Thank you @chingghiskhan for proving a workaround for this 32KB issue. Actually, VeraCrypt should not check for 32KB unallocated space at the beginning of the drive in UEFI boot mode: this check is needed only for MBR boot where VeraCrypt bootloader is stored in this unallocated space. for UEFI boot, VeraCrypt stores its bootloader in the standard EFI partition.
I will implement a fix in VeraCrypt for this issue.
-
Hi Mounir,
After restoring an image with Acronis, I cannot create a partition at the
beginning of the drive, altough I was able to do so before. Now Aomei just
crashes and also Easus and Niubi can’t move partitions. In VeraCrypt, I am
getting the famous 32kb error message. Any idea what I could try next? Did
you make a fix?Cheers,
RobertLast edit: Mounir IDRASSI 2021-01-02
-
@Mounir IDRASSI: Thanks for getting into the discussion and helping us with this issue. I checked, and my system is installed in UEFI-Mode AND I was able to encrypt the entire C: drive normally! So creating the small partition for VeryCrypt at the beginning of the drive may be a work-around? But why did it work for me and not for @Juergen? What could be the difference? I am puzzled!
Last edit: Chinghisskhan 2020-12-11
-
After restoring an image with Acronis, I cannot create a partition at the beginning of the drive, altough I was able to do so before. Now Aomei just crashes and also Easus and Niubi can’t move partitions. In VeraCrypt, I am getting the famous 32kb error message. Any idea what I could try next?
-
I managed to create a partition by copying the MSR-Partition to a new unallocated space to the right (second Partition). Then, I am only able to encrypt the Windows partition, not the whole drive, just the same as with Juergen. Now, I will try your new built.
-
maybe there is a confusion between whole drive and whole disk.
In UEFI mode, it is technically impossible to encrypt the whole boot disk. This is not a VeraCrypt limitation. But you can still encrypt whole drives individually (e.g. C: , D: …).
-
The build I shared fixes OP issue about missing 32KB space so that there is no need to add unallocated space at the beginning of the drive manually
-
Hi Mounir,
On my Notebook, I have ver. 1.24 Update 7 and it has an option to change the
password dialog — a feature which I like very much.
On my PC, when I had ver. 1,24 Update 7, this feature was gone?Any chance to bring this very nice feature back?
Thanks
Robert
Last edit: Mounir IDRASSI 2021-01-02
-
@chingghiskhan : can you please clarify which change password option is gone? Nothing changed in this functionality for system encryption nor for normal volumes.
-
Hi Mounir,
On my Notebook, I have ver. 1.24 Update 7. It has an option to change the
password message so that on boot, it would not just say; «password» but I was able to change this boot message to anything, let’s say: «No boot device»
On my PC, I also have ver. 1,24 Update 7, here, this option this can’t be found, or do I just overlook it?
Log in to post a comment.
Для предотвращения несанкционированного доступа к системе и данным в Windows 7/10 предусмотрена возможность установки пароля, в том числе графического, однако такой способ защиты не может считаться сколь либо надежным. Пароль от локальной учетной записи легко может быть сброшен сторонними утилитами, а самое главное, ничто не мешает получить доступ к файловой системе, загрузившись с любого LiveCD со встроенным файловым менеджером.
Чтобы защитить свои данные по-настоящему, необходимо использовать шифрование. Для этого сгодится и встроенная функция BitLocker, но лучше воспользоваться сторонними программами. Долгое время наиболее предпочтительным приложением для шифрования данных был TrueCrypt, однако в 2014 году его разработчики свернули проект, заявив, что программа не является более безопасной. Вскоре, однако, работа над ним была возобновлена, но уже новой командой, да и сам проект получил новое имя. Так на свет появился VeraCrypt.
По сути, VeraCrypt это усовершенствованная версия TrueCrypt и именно эту программу мы предлагаем использовать для защиты вашей информации. В приведенном примере мы задействуем VeraCrypt «по максимуму», зашифровав с ее помощью весь жесткий диск с системным и пользовательским разделами. Такой способ шифрования имеет определенные риски – есть доля вероятности, пусть и очень небольшая, что система не сможет загрузиться, поэтому прибегать к нему советуем только тогда, когда это действительно вам нужно.
Процедура установки VeraCrypt ничем не отличается от инсталляции других программ, за одним лишь исключением. В самом начале вам будет предложено выбрать между режимами установки Install или Extract.
В первом случае программа будет внедрена в ОС, что позволит вам подключать зашифрованные контейнеры и шифровать сам системный раздел. Режим Extract просто распаковывает исполняемые файлы VeraCrypt, позволяя использовать его как портативное приложение. Часть функций, в том числе шифрование диска с Windows 7/10, при этом становится недоступной.
Сразу после запуска зайдите в меню Settings – Language, так как по умолчанию программа устанавливается на английском языке.
Шифрование диска
Несмотря на кажущуюся сложность задачи, все очень просто. Выберите в меню «Система» опцию «Зашифровать системный раздел/диск».
В открывшемся окне мастера в качестве метода выберите «Обычный» (этого достаточно), область шифрования – весь диск.
Далее вам нужно будет указать, нужно ли шифровать защищенные области диска. Если ваша система не OEM, можно выбрать «Да».
По завершении поиска скрытых секторов (процедура может занять продолжительное время), укажите число операционных систем и…
алгоритм шифрования (здесь все лучше оставить по умолчанию).
Примечание: если во время поиска скрытых секторов Windows перестанет отвечать, перезагрузите ПК принудительно и в следующий раз пропустите этот этап, выбрав «Нет».
Придумайте и введите в поля пароль.
Хаотично перемещая мышь, сгенерируйте ключ и нажмите «Далее».
На этом этапе программа предложит создать VRD – диск восстановления и записать его на флеш- или оптический носитель.
Далее внимательно следуем указаниям мастера. Режим очистки оставьте «Нет» – сэкономите несколько часов.
Когда на экране появится запрос на выполнение пре-теста шифрования системы, нажмите «Тест».
Потребуется перезагрузка компьютера. После включения ПК появится экран загрузчика VeraCrypt. Здесь вам нужно будет ввести придуманный пароль и PIM – количество итераций шифрования. Если вы раньше нигде не вводили PIM, просто нажмите ввод, значение опции будет установлено по умолчанию.
Спустя несколько минут Windows загрузится в обычном режиме, но при этом на рабочем столе появится окошко Pretest Completed – предварительное тестирование выполнено. Это означает, что можно приступать к шифрованию. Нажмите кнопку «Encrypt» и подтвердите действие.
Процедура шифрования будет запущена. Она может занять длительное время, все зависит от размера диска и его заполненности данными, так что наберитесь терпения и ждите.
Примечание: если на диске имеется шифрованный раздел EFI, что характерно для последних версий ПК, в начале шифрования вы можете получить уведомление «Похоже, Windows не установлена на диске…». Это означает, что зашифровать такой диск с помощью VeraCrypt не получится.
После того как все содержимое диска будет зашифровано, окно загрузчика VeraCrypt станет появляться каждый раз при включении компьютера и каждый раз вам нужно будет вводить пароль, другим способом получить доступ к зашифрованным данным нельзя. С расшифровкой диска все намного проще. Все, что вам нужно будет сделать, это запустить программу, выбрать в меню «Система» опцию «Перманентно расшифровать системный раздел/диск» и проследовать указаниям мастера.
Время на прочтение
2 мин
Количество просмотров 34K
Известное ПО для шифрования с открытым исходным кодом VeraCrypt было обновлено до версии 1.19. Обновленную версию продукта можно скачать здесь. В новом релизе были закрыты существенные уязвимости, выявленные в результате проведенного аудита исходного кода VeraCrypt, который был осуществлен специалистами Quarkslab. Специалистами было обнаружено 8 критических уязвимостей, 3 уязвимости среднего уровня опасности и еще 15 уязвимостей низкого уровня опасности.
Quarkslab made a security assessment of VeraCrypt 1.18. The audit was funded by OSTIF and was performed by two Quarkslab engineers between Aug. 16 and Sep. 14, 2016 for a total of 32 man-days of study. A critical vulnerability, related to cryptography, has been identified. It has been introduced in version 1.18, and will be fixed in version 1.19.
VeraCrypt представляет из себя ПО для шифрования файлов на лету и является ответвлением (форком) от другого известного ПО для шифрования под названием TrueCrypt, поддержка которого была прекращена еще в 2014 г. Поддержка VeraCrypt осуществляется французским программистом Mounir Idrassi.
Исправлению подверглось как само ПО, так и та его часть, которая относится к загрузчику ОС (bootloader). Следующие уязвимости были исправлены в версии 1.19.
— Полностью удалена настройка шифрования по стандарту GOST 28147-89.
— Удалена поддержка библиотек XZip и XUnzip, вместо них VeraCrypt использует более безопасные библиотеки libzip.
— Исправлена уязвимость в загрузчике (bootloader), которая позволяла атакующему вычислять длину пароля.
— Исправлена уязвимость в коде загрузчика, которая позволяла оставлять в памяти BIOS Data Area введенный пользователем пароль, что могло быть использовано атакующими.
— Исправлена аналогичная уязвимость, которая позволяла оставлять конфиденциальные данные загрузчика в памяти, не удаляя их должным образом. Уязвимость может позволить атакующим получить доступ к новому паролю пользователя при его изменении со старого.
— Исправлена уязвимость в загрузчике, которая относится к типу memory-corruption и присутствует в коде библиотеки XUnzip при обработке архивов VeraCrypt Recovery Disk. Уязвимость устранена путем прекращения поддержки XUnzip и переходом на libzip.
— Исправлена уязвимость в загрузчике, которая приводила к разыменованию нулевого указателя,
С полной версией отчета о проделанном аудите можно ознакомиться здесь.
be secure.