System and Boot Volumes

BestCrypt Volume Encryption allows encrypting System and Boot volumes. The software uses terms System and Boot for volumes as they are defined by Microsoft:

System and Boot volumes can be different volumes, for example, computer boots from volume C:\ and then loads Windows system files from volume D:\ (i.e. path to Windows system folder is D:\WINDOWS). System and Boot volume can also be a single volume, as it is often happens for notebook computers: C:\ is the volume where from computer boots and Windows system folder is C:\WINDOWS.

If you encrypt System/Boot volume, BestCrypt Volume Encryption must start transparently decrypt the volume at very early stage of booting operating system. In fact, the first code your computer runs after hardware diagnostics is the code of BestCrypt Volume Encryption passphrase request procedure.

What we get is a natural and completely impossible for patching Pre-Boot Authentication Procedure: if someone does not know a proper password, BestCrypt Volume Encryption will not be able to get encryption key for System/Boot volume. If so, System/Boot volume(s) cannot be decrypted and of course, Windows cannot be loaded from volumes containing garbage data.

BestCrypt Volume Encryption asks to enter password by displaying message that BestCrypt software requires password and showing Enter password > prompt. Any graphics and pictures are avoided to make computer not advertising its boot protection. Even more, boot time password-prompt text can be completely customized so that even if someone watches furtively how you run your computer, it will be difficult to guess that the computer is protected. Read more about customizing the password-prompt text in Editing Boot-time Prompt for Password article.


If System and Boot data are on different volumes

For the case when single volume is Boot and System, it is obvious that after entering password for the volume both Boot and System data becomes opened for access.

To provide the same functionality for the case when System and Boot volumes are different, BestCrypt Volume Encryption requires using the same password for System volume as the one used for Boot volume if Boot volume is already encrypted (and vice versa). If you change password for System volume, it will be changed for Boot volume too. Such a way of managing passwords for System and Boot volumes avoids a number of contradicting moments in intuitive understanding the software behaviour and just reflects the fact that using computer is impossible if some of the volumes - Boot or System - is not opened for access.


See also: