TrueCrypt Full System Encryption on a Netbook

For the uninitiated, TrueCrypt is a Free, Open Source, on-the-fly disk encryption software.  You can do many things with it, from Encrypting flash drive, to creating Encrypted file containers, to Full System Encryption.  I had done all except the latter and I have been wanting to try it out.  For various reasons though I had never really bothered with it, until now.

Over the holidays I picked up an Asus EeePC 1005HA Netbook

asus-1005ha

I have a 14 inch laptop with all the bells and whistles of a normal laptop, but after a while, lugging the beastly heavy thing around got to be quite old, and it got to a point where I just didn’t even bother bringing it with me any more because it was just a hassle.  I picked up the Netbook to hopefully remedy this issue.  Their small and incredibly light build will hopefully not become such a burden down the road.  While you can definitely feel the slowness of the Atom processor, you only really notice it if you’re doing a bunch of stuff at once.  If you’re just surfing the net, IM’ing, doing office stuff, you don’t really notice at all.

So now that I have my new little buddy I started thinking about security for it.  Since it’s so small and will be going with me every where, it’s also prone to growing a set of legs and walking off.  Should this occur, I want all of my personal and work related files stored on it to be completely secure.  I have used TrueCrypt for many years so I have come to trust it, and I figured this would be en excellent solution.

However, installing TrueCrypt on a Netbook presents a few hurdles, primarily due to the lack of a CD drive.  Sure, you could pick up a USB external CD drive, but what fun would that be?  I have already re-partitioned it using a USB bootable G-Parted, and used the Microsoft ISO USB DVD download utility to make a USB bootable Windows 7 flash drive, so it was my mission to go about this the same way.  When you use TrueCrypt to encrypt a system volume, it requires you to burn a TrueCrypt Emergency Boot CD, which is really a good idea because if something goes wrong you really need it.  Of course on a Netbook this isn’t an option.  So basically what happens is TrueCrypt gives you an .iso image and makes you burn it, then it verifies the disc you burned to.  At this step I got around the verify requirement by simply mounting the .iso in a Damon Tools virtual drive.  This tricked TrueCrypt in to thinking that I had burned the image.  But, this still left me with a nagging issue.  Should something go wrong, or happen to my system, I would NEED to be able to boot this image to recover my system, or face 100% data loss.  Off to Google I went, and came upon a very informative blog post at Florian Freundt’s site that outlines how to make a multi-utility USB boot drive!  What a wonderful blog entry, as I followed it’s directions and was able to successfully create a USB drive that will let me boot my TrueCrypt Rescue Image!  Not only that, but I also put my Acronis Recovery Image on it, along with Parted Magic (contains G-Parted and other useful utilities), and Ultimate Boot CD.  Plus, in the future it will be very simple to upgrade these utilities to new versions because all I’ll have to do is replace the .iso on my flash drive.  Very nice!

Once I knew I would be able to boot the TrueCrypt Rescue Image, I proceeded with the system encryption.  This went of with out a hitch, and took about 5 hours to complete the encryption.  I was a bit worried about system performance since the Atom isn’t exactly a beast, but to be honest I don’t see any real performance hit other then coming out of hibernation seems a bit slower.  I can still pop open a 3gb 720p HD Xvid encoded video file and play it full screen with no hiccups.  Firefox fires up in the same amount of time and I don’t really notice any lag.

I can now rest soundly with the knowledge that my ultra portable data is safe and secure, and should I ever need it, I can recover my partition with the TrueCrypt Utility.

truecrypt