This is my disk layout:

500 GB Linux - BTRFS

100 GB Windows - NTFS

400 GB Storage - NTFS (shared between linux and windows)

I want to encrypt everything. For Linux I can use luks2 but what I’m supposed to do for Windows ? (No bitlocker please)

Will veracrypt replace refind boot manager?

Note: I am talking about the one that asks password before boot (full encryption)

  • @[email protected]English
    210 hours ago

    What type of encryption do you need? NTFS can natively provide encryption, but it’s going to be file level. LUKS2 is block device level, so the whole filesystem looks like one encrypted blob.

    EDIT: And I don’t know if Linux can do encrypted NTFS. If not, that wouldn’t work for the shared storage.

    kagis

    Nope. Looks like there’s a utility, ntfsdecrypt, to do decryption on a file-by-file basis, though. Probably not what you want, though.

    https://superuser.com/questions/1554798/access-files-encrypted-with-windows-efs-encrypting-file-system-on-linux

    EDIT2: This guy is recommending VeraCrypt, as it works with both. I’ve never used it, though, and the post is eight years old, so I suppose the situation could have changed.

    https://unix.stackexchange.com/questions/306398/does-linux-work-well-with-encrypted-ntfs-drives

    Linux doesn’t support NTFS file-level encryption. Bitlocker using the recovery key sorta works but is still very new(look here for more info). Windows in turn can’t read LUKS-encrypted devices. If you need to share your encrypted drive between Windows and Linux, I’d recommend VeraCrypt or one of the other TrueCrypt forks.