1
00:00:00,090 --> 00:00:02,310
Welcome to part two of this module.

2
00:00:02,310 --> 00:00:07,830
In this video we're going to be seeing how to fully encrypt an entire Windows operating system using

3
00:00:07,830 --> 00:00:08,910
barrack crypt.

4
00:00:08,910 --> 00:00:14,450
This will be full disk encryption meaning the entire system partition is going to be encrypted.

5
00:00:14,490 --> 00:00:18,990
And if your system only has one partition that means your entire system.

6
00:00:18,990 --> 00:00:22,970
There are a couple of things to go over before we begin however.

7
00:00:22,980 --> 00:00:29,220
The first thing to say is that this video and the next one are going to be very similar.

8
00:00:29,280 --> 00:00:31,360
And there may be some repeat.

9
00:00:31,410 --> 00:00:37,860
Here we are going to see how to encrypt a single Windows operating system from XP onward to Windows

10
00:00:37,860 --> 00:00:39,810
10 in the second video.

11
00:00:39,810 --> 00:00:44,850
We're going to see how to create a hidden operating system with many of the steps you're about to see

12
00:00:44,850 --> 00:00:45,740
repeated.

13
00:00:45,930 --> 00:00:50,700
If you're more interested in the hidden system you could skip this video.

14
00:00:50,760 --> 00:00:56,250
Although I do recommend that you practice doing this in virtual box before attempting it on your own

15
00:00:56,250 --> 00:00:56,920
system.

16
00:00:56,940 --> 00:01:00,390
This is because there is an element of risk involved here.

17
00:01:00,420 --> 00:01:07,890
It is possible to mess up your system if you do this incorrectly so if you do decide you want to employ

18
00:01:07,890 --> 00:01:13,770
full disk encryption please be aware that you do so at your own risk before you begin.

19
00:01:13,800 --> 00:01:20,430
I strongly recommend that you have your real Windows product key written down somewhere and some form

20
00:01:20,430 --> 00:01:24,150
of installation media for the Windows version that you are using.

21
00:01:24,210 --> 00:01:29,370
If anything goes seriously wrong it may become necessary to reinstall windows.

22
00:01:29,370 --> 00:01:35,070
Be sure to backup all of your important files to some form of external media storage.

23
00:01:35,070 --> 00:01:39,830
It is possible to unencrypted system after it has been encrypted.

24
00:01:39,840 --> 00:01:43,050
This is easier with a single encrypted system.

25
00:01:43,050 --> 00:01:47,550
It gets very complicated and messy when you have multiple operating systems.

26
00:01:47,550 --> 00:01:49,730
So that is something to consider as well.

27
00:01:49,740 --> 00:01:56,040
In addition to your windows installation media I recommend having some form of boot repair and media

28
00:01:56,130 --> 00:02:00,150
also prepared just in case you need to fix a broken bootloader.

29
00:02:00,150 --> 00:02:06,850
The process here is actually very simple despite how intimidating I've made it sound stated briefly.

30
00:02:06,870 --> 00:02:12,330
We boot up Windows install very script which you've kind of already seen how to do in the prior video

31
00:02:12,360 --> 00:02:18,840
we just download it and install it then use it to fully encrypt the system partition which is going

32
00:02:18,840 --> 00:02:23,960
to install a bootloader which will prompt you for your password when you turn on the computer.

33
00:02:24,030 --> 00:02:29,150
If you press the escape key at this prompt you may select other mutable partitions.

34
00:02:29,190 --> 00:02:35,370
However we'll be looking at dual booting in the next video so please keep in mind this current presentation

35
00:02:35,430 --> 00:02:39,450
assumes you only have windows installed and nothing else.

36
00:02:39,480 --> 00:02:43,620
If you have multiple operating systems installed skip this video.

37
00:02:43,620 --> 00:02:50,070
One more thing I suggest making sure your windows is fully up to date before you encrypt your system

38
00:02:50,190 --> 00:02:52,440
particularly Windows 10.

39
00:02:52,440 --> 00:02:57,650
The reason is Windows 10 really likes to download updates at odd moments.

40
00:02:57,750 --> 00:03:04,470
Even when you tell it not to and if one of those updates happens to massively reconfigure your system

41
00:03:04,470 --> 00:03:10,650
right in the middle of a critical reboot you might run into some trouble for reasons of security both

42
00:03:10,650 --> 00:03:17,910
very script and true crypto manuals suggest that you authenticate your copy of Windows prior to encrypting

43
00:03:17,940 --> 00:03:20,040
to avoid any errors later on.

44
00:03:20,040 --> 00:03:28,020
Finally I must remind you that very crypto has you EFI support True Crypt does not if you wish to use

45
00:03:28,020 --> 00:03:34,260
True Crypt instead you'll have to go into your bios and switch to a legacy bootloader you do this at

46
00:03:34,260 --> 00:03:40,140
your own risk and this may not be possible on all versions of bios on the other hand if you have an

47
00:03:40,200 --> 00:03:47,340
older computer using MPR instead of you EFI and you don't have any weird protected boot settings in

48
00:03:47,340 --> 00:03:54,060
your BIOS True Crypt maybe a better choice from a performance point of view if your system bios has

49
00:03:54,060 --> 00:04:00,840
secure boot enabled it may be necessary to disable it users who prefer True Crypt will need to change

50
00:04:00,840 --> 00:04:07,800
their bootloader in bios strum you EFI to legacy and this may require a full re installation of Windows

51
00:04:07,830 --> 00:04:11,920
in some cases both of these actions are taken at your own risk.

52
00:04:11,940 --> 00:04:14,400
In any case let's begin to get started.

53
00:04:14,400 --> 00:04:16,640
Let's go ahead and open up Vera crypt.

54
00:04:16,710 --> 00:04:22,710
And please keep in mind that for this full disk encryption that we're about to employ you can't do this

55
00:04:22,710 --> 00:04:23,510
in portable mode.

56
00:04:23,520 --> 00:04:27,120
You absolutely have to install Vera crypt to your system.

57
00:04:27,120 --> 00:04:29,220
The same is true for True Crypt.

58
00:04:29,220 --> 00:04:37,880
So we open up Vera crypt and there are two ways we could do this we could click the create volume button

59
00:04:38,210 --> 00:04:44,120
or we could go to system and click encrypt system partition drive.

60
00:04:44,120 --> 00:04:49,640
Remember that this first video will be for full disk encryption of Windows with no hidden operating

61
00:04:49,640 --> 00:04:50,330
systems.

62
00:04:50,330 --> 00:04:53,680
We're gonna be looking at hidden systems in the next presentation.

63
00:04:53,690 --> 00:04:59,470
So for right now make sure that the normal radial button is selected and click next.

64
00:04:59,480 --> 00:05:03,380
The screen is asking us which areas we want to encrypt.

65
00:05:03,410 --> 00:05:10,220
If you have non sys partitions you may wish to select the second option encrypt the whole drive.

66
00:05:10,220 --> 00:05:15,390
You might do this if you have extra partitions that you use for storage.

67
00:05:15,410 --> 00:05:16,630
Do not do this.

68
00:05:16,670 --> 00:05:22,820
If those partitions contain different operating systems as this will render them totally unusable the

69
00:05:22,820 --> 00:05:29,970
assumption of this presentation is that you only have windows installed with no extra partitions.

70
00:05:29,990 --> 00:05:36,410
So we'll be going with the first option when you've made your choice click next this next screen is

71
00:05:36,470 --> 00:05:42,950
fiendishly deceptive but I'll refrain from explaining it until we are ready to look at dual booting

72
00:05:42,980 --> 00:05:43,970
for right now.

73
00:05:43,970 --> 00:05:51,340
We're going to select the single boot radial button and we're going to click next.

74
00:05:51,350 --> 00:05:55,290
We are now presented with our encryption options.

75
00:05:55,280 --> 00:05:59,870
This will be the encryption and hash algorithms that very crypto will be using

76
00:06:03,190 --> 00:06:09,910
as before we have the option of using a single algorithm or a cascade of algorithms.

77
00:06:09,910 --> 00:06:11,050
The choice is yours.

78
00:06:11,050 --> 00:06:15,760
However I strongly recommend you to select a single algorithm.

79
00:06:15,760 --> 00:06:21,930
The reason is that using multiple algorithms is going to slow your system performance down considerably.

80
00:06:21,940 --> 00:06:28,270
If system performance is not a concern and you want maximum security by all means do as you like but

81
00:06:28,270 --> 00:06:31,440
realize that all of these are solid choices.

82
00:06:31,450 --> 00:06:39,040
The United States military itself uses advanced encryption standard or AP s to encrypt top secret data

83
00:06:39,460 --> 00:06:42,790
and that will be good enough for this demonstration.

84
00:06:42,790 --> 00:06:45,340
We also need to select our hash.

85
00:06:45,340 --> 00:06:46,140
Interesting.

86
00:06:46,150 --> 00:06:51,990
I said in the last video that very crypto removed our IP BMD dash 160.

87
00:06:52,000 --> 00:06:53,700
Apparently I was mistaken.

88
00:06:53,710 --> 00:07:00,590
You may select either our IP MMD dash 160 or SHA 256.

89
00:07:00,610 --> 00:07:05,260
I will be selecting SHA 256 when you've made your selection click next.

90
00:07:05,260 --> 00:07:11,280
Now we set our password since this is a single operating system with no hidden system.

91
00:07:11,290 --> 00:07:14,460
There won't be any second password or hidden password.

92
00:07:14,470 --> 00:07:20,070
Using this method whatever password you set here is the one and only key.

93
00:07:20,230 --> 00:07:24,020
Do not lose this password let me say that again.

94
00:07:24,160 --> 00:07:26,470
Do not lose this password.

95
00:07:26,650 --> 00:07:31,990
There is no way to recover a lost password and you may find yourself locked out of your own system.

96
00:07:31,990 --> 00:07:35,490
It is important that you set a strong password here.

97
00:07:35,500 --> 00:07:40,660
Anything less than 20 characters and you might as well not even bother with encryption at all.

98
00:07:40,660 --> 00:07:44,970
Pick a password that would take millions of years to brute force.

99
00:07:44,980 --> 00:07:51,010
I explained about key files and Pym in the last video so I won't be going into great detail about them

100
00:07:51,010 --> 00:07:58,480
here except to say that key files add an extra layer of security by requiring certain files to be present

101
00:07:58,510 --> 00:08:00,160
when the password is entered.

102
00:08:00,160 --> 00:08:07,040
If these files are lost or become corrupted by even a few kilobytes they will no longer function.

103
00:08:07,150 --> 00:08:09,920
So do use them at your own risk.

104
00:08:10,000 --> 00:08:17,360
Once you've selected your password click next and because this is a demonstration I will be ignoring

105
00:08:17,360 --> 00:08:17,990
this warning.

106
00:08:17,990 --> 00:08:20,950
Obviously my password is a very weak.

107
00:08:21,100 --> 00:08:28,630
This is our random pool and as we move the mouse around within the very crypto or True Crypt window

108
00:08:28,960 --> 00:08:31,690
the complexity of this pool will grow.

109
00:08:31,690 --> 00:08:40,780
This is one of the safety precautions these pieces of software use so that you are not 100 percent dependent

110
00:08:40,840 --> 00:08:43,340
upon windows cryptographic functions.

111
00:08:43,360 --> 00:08:51,040
These functions can fail and they can also be potentially compromised by nation state actors to produce

112
00:08:51,100 --> 00:08:53,860
a weak or predictable random pool.

113
00:08:53,860 --> 00:09:00,130
This would make it trivially easy to obtain the master key and access the operating system for that

114
00:09:00,130 --> 00:09:00,970
reason.

115
00:09:00,970 --> 00:09:06,700
It is recommended that you waive your mouse cursor around inside this window like a crazy person for

116
00:09:06,700 --> 00:09:13,060
as long as you can stand it in order to increase the cryptographic strength and randomness of the encrypted

117
00:09:13,060 --> 00:09:15,030
container file or partitions.

118
00:09:15,040 --> 00:09:16,890
Do this for as long as you can.

119
00:09:16,900 --> 00:09:21,380
The little bar here at the bottom of the screen is really just a suggestion.

120
00:09:21,400 --> 00:09:27,160
If you click the display pool button the obscuring symbols will be changed to hexadecimal when you are

121
00:09:27,160 --> 00:09:32,000
satisfied with the strength of your pool click next click.

122
00:09:32,010 --> 00:09:35,460
Yes to this prompt are keys are now generated.

123
00:09:35,460 --> 00:09:41,220
You can display them or hide them by checking in on checking this little box.

124
00:09:41,220 --> 00:09:43,860
Once you're ready click next.

125
00:09:43,860 --> 00:09:50,560
Now comes the tricky bit both True Crypt and very crypt require you to create a rescue disk.

126
00:09:50,640 --> 00:09:56,970
If you encounter a situation where windows will not start or if the very crypt bootloader itself gets

127
00:09:56,970 --> 00:10:03,500
messed up or otherwise corrupted somehow the disk will allow you to repair the damage.

128
00:10:03,540 --> 00:10:11,160
Keep one very important detail in mind however the rescue disk is not a substitute for the password

129
00:10:11,190 --> 00:10:12,650
and or key files.

130
00:10:12,720 --> 00:10:16,880
If you forget your password or lose your key files you're just out of luck.

131
00:10:16,890 --> 00:10:27,870
We can use the browse button to select where we want to save the iso file this file will then be placed

132
00:10:27,870 --> 00:10:34,650
on some form of external media such as a USP or you would burn it onto a C.D. before proceeding.

133
00:10:34,710 --> 00:10:41,640
Very crypt gives you the option of skipping the rescue disk verification which is handy if your system

134
00:10:41,640 --> 00:10:43,410
doesn't have any way to mount it.

135
00:10:43,410 --> 00:10:45,910
True Crypt does not have this option.

136
00:10:46,140 --> 00:10:53,460
If you're using True Crypt you will need to melt the iso file somehow after it is created either by

137
00:10:53,460 --> 00:10:59,880
right clicking it and selecting mount option in certain versions of Windows or by using third party

138
00:10:59,880 --> 00:11:05,390
software and Windows 7 to melt the iso file as if it were a drive for this tutorial.

139
00:11:05,400 --> 00:11:12,020
I will be clicking the skip verification box when you're ready click next.

140
00:11:12,040 --> 00:11:16,960
Now we're being told essentially what I just said that the ISO for the rescue desk has been created

141
00:11:16,960 --> 00:11:23,620
in the directory that we specified and that it should at this time be moved to external media or burned

142
00:11:23,620 --> 00:11:24,850
to a disk.

143
00:11:24,850 --> 00:11:25,930
I won't be doing this.

144
00:11:25,930 --> 00:11:31,190
This is just a demonstration but I do recommend that you follow this step when you're ready.

145
00:11:31,240 --> 00:11:37,910
Click Next the prompt we now receive is warning us that all of our script rescue disks are unique to

146
00:11:37,910 --> 00:11:40,200
the system that they were created for.

147
00:11:40,250 --> 00:11:44,940
In other words you cannot use someone else's rescue disk on this system.

148
00:11:44,990 --> 00:11:47,900
If you lose your rescue disk you're simply out of luck.

149
00:11:47,930 --> 00:11:51,290
Much like if you lose your password click OK.

150
00:11:51,320 --> 00:11:58,970
Finally we need to select the WIP mode as you know when you simply delete something off a computer.

151
00:11:58,970 --> 00:12:04,310
The information remains on the hard disk and can be recovered by certain tools.

152
00:12:04,310 --> 00:12:09,980
There are many forensic techniques that can recover data even after it has been overwritten by other

153
00:12:09,980 --> 00:12:10,440
data.

154
00:12:10,460 --> 00:12:17,330
For that reason it is recommended that you allow Vera crypt to overwrite deleted data with pseudo random

155
00:12:17,660 --> 00:12:19,490
and certain non-random data.

156
00:12:19,550 --> 00:12:26,440
If you select three passes then all deleted data and empty space will be overwritten three times.

157
00:12:26,450 --> 00:12:33,770
This will be your one and only chance to overwrite this data and if you do not do so it may be possible

158
00:12:33,770 --> 00:12:38,230
for a determined adversary to recover things like your encryption key.

159
00:12:38,250 --> 00:12:43,720
There are two things you must consider though before making or selection.

160
00:12:43,730 --> 00:12:50,080
First if you're using a solid state hard drive remember that such drives have a limited number of read

161
00:12:50,080 --> 00:12:52,130
rights before they start to fail.

162
00:12:52,130 --> 00:12:56,060
Selecting 7 or more passes is going to be very hard on them.

163
00:12:56,060 --> 00:13:03,500
Second consider how much time you want this to take relative to to your security needs a 500 gigabyte

164
00:13:03,500 --> 00:13:08,210
hard drive might take as long as several days to fully encrypt.

165
00:13:08,540 --> 00:13:12,370
Adding in a lot of random passes is going to increase that time.

166
00:13:12,380 --> 00:13:20,030
I would also suggest that you not use the Gutman wipe as this is extremely hard on even traditional

167
00:13:20,030 --> 00:13:30,530
drives Guttman is really only used on drives you plan to ultimately destroy 7 passes is very high security

168
00:13:30,980 --> 00:13:37,520
but will tack on a lot of time to an already lengthy process three passes is considered adequate by

169
00:13:37,520 --> 00:13:40,140
the Department of Defense of the United States.

170
00:13:40,190 --> 00:13:48,920
One is a very light wipe but may be good enough if you simply wish to secure a laptop against common

171
00:13:48,920 --> 00:13:50,270
thieves.

172
00:13:50,270 --> 00:13:56,700
With all that being said I'm going to select none because this is only a demonstration when you've made

173
00:13:56,700 --> 00:13:58,940
your selection click next.

174
00:13:59,010 --> 00:14:04,710
The last step is going to be the system encryption pretest when we click the test button.

175
00:14:04,710 --> 00:14:10,730
Windows is going to reboot and we will be presented with the very script password screen.

176
00:14:10,770 --> 00:14:17,580
If we fail to enter our password or if something gets broken along the way the test will fail and no

177
00:14:17,580 --> 00:14:18,560
harm will be done.

178
00:14:18,690 --> 00:14:25,350
If the password works and everything functions correctly will be prompted to proceed with the encryption

179
00:14:25,350 --> 00:14:26,490
process.

180
00:14:26,490 --> 00:14:31,490
Here we are on the very script bootloader screen cosmetically.

181
00:14:31,500 --> 00:14:37,950
This is almost identical to the true crypt bootloader screen except we have the option to show our password

182
00:14:38,040 --> 00:14:42,450
and P I am and also to skip authentication with the escape key.

183
00:14:42,450 --> 00:14:44,940
Remember this is only the pre-test.

184
00:14:44,940 --> 00:14:47,250
Our system is not yet being encrypted.

185
00:14:47,250 --> 00:14:49,050
Enter the password that you selected

186
00:14:53,160 --> 00:14:54,330
and under Pym.

187
00:14:54,390 --> 00:15:01,320
Just press enter unless you entered a specific value in which case you would type in that value now.

188
00:15:01,410 --> 00:15:04,050
True Crypt has no Pym option.

189
00:15:04,050 --> 00:15:07,650
It will now verify our password and this may take a minute or two.

190
00:15:07,650 --> 00:15:12,100
Once done windows should boot normally.

191
00:15:12,250 --> 00:15:12,940
There we go.

192
00:15:12,940 --> 00:15:16,540
Windows is now booting Great.

193
00:15:16,580 --> 00:15:18,590
Our protest was successful.

194
00:15:18,590 --> 00:15:24,530
We could click the defer button if we don't wish to begin encrypting right now.

195
00:15:24,800 --> 00:15:33,050
Or if we're ready we click encrypt read through this pop up and print it if you wish.

196
00:15:33,050 --> 00:15:37,520
It is simply telling you how to use the rescue disk if you need to.

197
00:15:37,880 --> 00:15:45,650
When you're ready click OK click yes to authorize very crypt.

198
00:15:45,650 --> 00:15:52,820
Now we can see the encryption progress it would begin with the wiping of free space.

199
00:15:52,820 --> 00:16:00,230
If I had selected a white mode other than none I really can't stress enough just how long this takes.

200
00:16:00,230 --> 00:16:06,530
You're seeing this performed on a very small amount of disk space but for a real system this process

201
00:16:06,530 --> 00:16:08,280
can take days.

202
00:16:08,350 --> 00:16:12,450
A four terabyte hard drive might take up to a week or more.

203
00:16:12,530 --> 00:16:16,060
Of course it depends on many factors.

204
00:16:16,070 --> 00:16:22,490
I therefore suggest that you place your system somewhere cool and keep all potentially flammable objects

205
00:16:22,490 --> 00:16:23,490
away from it.

206
00:16:23,660 --> 00:16:29,630
As you may need to leave it on for an extended period of time unattended in the heavy drive usage may

207
00:16:29,630 --> 00:16:31,550
cause it to heat up considerably.

208
00:16:31,550 --> 00:16:36,860
Please also keep in mind the laws of your region of the world concerning encryption.

209
00:16:36,860 --> 00:16:40,810
As I mentioned in the last video I am not an international lawyer.

210
00:16:40,820 --> 00:16:48,290
Depending on where you are in the world encryption may not be legal or you may be under a legal obligation

211
00:16:48,290 --> 00:16:53,720
to surrender your password and keys if requested to do so by certain authorities.

212
00:16:53,900 --> 00:16:57,170
Even if they do not have a warrant as such.

213
00:16:57,170 --> 00:17:01,360
If you fail to comply with these laws you may end up in hot water.

214
00:17:01,370 --> 00:17:04,970
This is very important to remember when traveling abroad.

215
00:17:04,970 --> 00:17:11,990
It might be 100 percent legal to encrypt your laptop in the United States but you might be in for a

216
00:17:11,990 --> 00:17:18,080
nasty shock when you travel to certain parts of the world and airport authorities demand that you decrypted

217
00:17:18,140 --> 00:17:23,960
or worse you must do your due diligence and make certain that you are employing these techniques in

218
00:17:23,960 --> 00:17:29,440
a way consistent with the laws of wherever you happen to be to avoid getting into legal trouble.

219
00:17:29,450 --> 00:17:37,130
Now you can defer this process even after it has begun but be aware that if you choose to do so the

220
00:17:37,130 --> 00:17:41,350
entire process will begin again from the start when you resume it.

221
00:17:41,390 --> 00:17:44,110
If you wanted to do that you would just click this defer button.

222
00:17:44,210 --> 00:17:49,780
At this point I'm going to make an edit the video to skip to the end of this process and there we go

223
00:17:50,920 --> 00:17:55,110
our system has been successfully encrypted.

224
00:17:55,210 --> 00:17:58,960
Now we're gonna go ahead and we're going to reboot our system

225
00:18:06,970 --> 00:18:11,210
and here were once again presented with the very script bootloader screen.

226
00:18:11,440 --> 00:18:20,880
If we enter an incorrect password the verification will fail and we won't be able to boot the system

227
00:18:21,720 --> 00:18:24,540
so we'll go ahead and enter our real password

228
00:18:29,010 --> 00:18:36,240
remembering to just press enter when it says p.m. unless you specified a value password verification

229
00:18:36,240 --> 00:18:44,500
successful and rebooting normally and there we go encrypting a computer such as a laptop is generally

230
00:18:44,500 --> 00:18:47,180
a very strong security precaution.

231
00:18:47,350 --> 00:18:52,270
After all if the device is ever stolen your whole life might be on that thing.

232
00:18:52,410 --> 00:19:00,190
Cash eight passwords important files customer personal information compromising pictures from your college

233
00:19:00,190 --> 00:19:00,810
days.

234
00:19:00,850 --> 00:19:07,690
Who knows even if someone live boots the computer let's say with like a Linux distribution or something

235
00:19:07,690 --> 00:19:12,830
of that nature they won't be able to access the files on the encrypted disk.

236
00:19:12,850 --> 00:19:18,790
I already spoke at length in the last video about the differences between open source and commercial

237
00:19:18,790 --> 00:19:20,160
offerings.

238
00:19:20,200 --> 00:19:26,950
You can of course use any encryption software that you desire including things like bit locker if you

239
00:19:26,950 --> 00:19:29,920
personally feel they are a better choice.

240
00:19:29,950 --> 00:19:37,180
Just remember that right now only very crypt and its precursor True Crypt are capable of creating a

241
00:19:37,180 --> 00:19:39,500
hidden Windows operating system.

242
00:19:39,520 --> 00:19:42,520
We'll be looking at doing that in the next video.

243
00:19:42,520 --> 00:19:47,230
But what if you decide that you want to remove the encryption.

244
00:19:47,320 --> 00:19:48,680
I hear you ask.

245
00:19:48,730 --> 00:19:55,030
It is possible to restore the disk to an unencrypted state so once again we're going to open up very

246
00:19:55,030 --> 00:19:55,920
crypt.

247
00:19:55,930 --> 00:20:01,130
We will select our encrypted partition which in my case is going to be C..

248
00:20:01,150 --> 00:20:05,210
Yours may vary once that's highlighted.

249
00:20:05,210 --> 00:20:15,250
We're going to go up to system and click the permanently decrypt system partition slash drive confirm

250
00:20:15,250 --> 00:20:19,040
administrator privileges click.

251
00:20:19,050 --> 00:20:19,900
Yes again.

252
00:20:19,920 --> 00:20:28,530
You really do want to decrypt authorize yet again and then just wait the decryption process should take

253
00:20:28,560 --> 00:20:33,150
exactly as long as it did to encrypt the drive originally.

254
00:20:33,240 --> 00:20:35,220
It is really that simple.

255
00:20:35,220 --> 00:20:41,430
Just remember that the very script bootloader will be uninstalled at the end of the procedure.

256
00:20:41,610 --> 00:20:47,430
So having a boot repair disk handy may be wise in some cases.

257
00:20:47,430 --> 00:20:51,020
Alternatively you could always just install grub.

258
00:20:51,120 --> 00:20:55,760
If your BIOS is using MDR and there we go.

259
00:20:55,760 --> 00:21:03,830
The system is now decrypted and you could reboot it normally and the bootloader will have been removed

260
00:21:04,640 --> 00:21:07,880
and you will have to restart to make this official.

261
00:21:07,880 --> 00:21:12,220
I'm not going to.

262
00:21:12,300 --> 00:21:13,230
There we go.

263
00:21:13,260 --> 00:21:15,300
And that's really about it.

264
00:21:15,300 --> 00:21:21,240
As scary as I probably made it sound encrypting your Windows operating system really isn't all that

265
00:21:21,240 --> 00:21:28,740
difficult unless of course your BIOS has the aforementioned Secure Boot enabled in that event.

266
00:21:28,770 --> 00:21:35,280
You may need to disable it in the settings and the process for this will vary from bios version to bios

267
00:21:35,280 --> 00:21:39,150
version but it's usually just a selection that you toggle.

268
00:21:39,150 --> 00:21:46,080
Please read up on your unique version of bios to make sure how to do it and whether or not it is advisable

269
00:21:46,080 --> 00:21:52,560
for your computer in the next video we'll be covering how to create a hidden operating system as well

270
00:21:52,560 --> 00:21:54,710
as a decoy system.

271
00:21:54,720 --> 00:22:00,840
This will work exactly like the outer and hidden containers seen in the first video.

272
00:22:00,870 --> 00:22:07,400
After that we'll examine how to dual boot windows and linux when both systems are encrypted.

273
00:22:07,410 --> 00:22:10,590
I hope you found this video helpful and I'll see you next time.