I'd like to setup a dual boot Windows 7 and Windows XP laptop/notebook computer where each operation system's partition is fully encrypted. I would like to do this on a SSD – a 128GB Crucial M4.
My research
Dual boot of TrueCrypt encrypted OSs on one drive
(not possible in TrueCrypt 7.x at time of writing)
This cannot be done on a standard TrueCrypt setup – it will only support encrypting one of the operating systems. I have tried this and also read about it here on superuser.com
However, I did see a solution here that uses grub4dos as the initial bootloader to chain to separate TrueCrypt encrypted OSs, in my case Windows 7 and Windows XP: http://yyzyyz.blogspot.co.uk/2010/06/truecrypt-how-to-encrypt-multiple.html
I am not going to consider this solution as it relies upon some custom code for use in the bootloader that is provided by the author. I would prefer a solution that can be fully understood so that I can be sure that there is nothing undesirable occurring (i.e. malware or just simply bugs in the code). I would like to believe such a solution doesn't have those risks but I can't be sure.
BitLocker and TrueCrypt combination – possible solution?
I'm now considering a combination of encryption programs: I now aim to encrypt Windows XP with TrueCrypt and Windows 7 with BitLocker. Assuming TrueCrypt bootloader can boot into non-TrueCrypt OSs (e.g. via hitting Escape to go to another menu), then this solution may be viable.
SSDs and Encryption (use fastest possible spinning hard disk instead (?))
I read on various superuser.com posts and elsewhere that current SSDs are not suited to whole drive encryption for various reasons:
-
impact of performance algorithms that give SSDs advantage over spinning hard disks. Algorithms used in compression of data for example.
-
Wear on the SSD, shortening its life
-
Security issues whereby data is repeated, as indicated in some TrueCrypt documentation
So I am now considering not using SSD. But with the aim to have the fastest drive possible, I am considering using the Western Digital Scorpion black 2.5" 7200rpm hard disk as this appears to be top rated among spinning platter-based hard drives (don't work for Western Digital).
Summary
So to achieve whole drive encrypted dual boot Windows 7 and Windows XP with minimal performance impact I intend to use a combination of Truecrypt and Bitlocker on a top-rated conventional spinning platter-based harddisk.
Questions
Will my summary:
- achieve whole disk encryption of the dual-boot Windows XP, Windows 7? OR an you suggest a simpler solution, including one that only requires only Truecrypt (BitLocker not available on XP). Or another encryption tool, including paid-for?
- provide the highest performance. Am I correct to avoid using SDD with encryption for the reasons I discovered? Are the concerns about SSDs and encryption still very real (some articles I read go back to 2010).
(Windows)+R and typing
Best Answer
The best survey I have seen so far is this one: http://media-addicted.de/ssd-and-truecrypt-durability-and-performance-issues/744/
...which says overall that the impact of encryption on SSD performance is minimal and does not bring it down below spinning hard disk performance. So apparently, encrypted SSD performance is never worse than hard disk performance. However this does depend on the machine hardware, i.e. processor.
I've decided to install just Windows 7 on the machine in question and take up @Brian's suggestion to use the XP Mode.
Though I do have a XP license that I want to make use of still - I will put this on another machine - a MacBookPro, that I own, withing VirtualBox.
About the machine in the original question - it's a Toshiba NB100 netbook Atom N270, 1.6Ghz single core hyperthreaded, 2Gb RAM. I have replaced the internal SATA 5400rpm 120Gb toshiba drive that came with it with a Crucial M4 128Gb SSD. Photos to follow in disassembly.
I had already truecrypted Windows XP on this NB100 machine and was happy with the performance once booted and settled down. So my goal was to improve boot time and update to a newer OS.
I have installed Windows 7 Professional on the SDD now in this NB100 and truecrypted the whole SDD. The boot time takes anecdotally about 3-4 seconds longer than pre-Truecrypt but once booted the responsiveness seems the same pre-Truecrypt. Windows Experience Index shows no impact - screen shots to follow.
Update
The SSD died after 1 week of use, a replacement is being sent. I may or may not choose to encrypt even though there is no evidence that encryption caused the failure. I may consider alternative security measures instead of encryption here: What alternative security measures are there to full drive encryption (for performance reasons)?