mirrors/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2026-05-28 15:30:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Document system favorite VHD startup limitation

Browse Source 
Clarify that Windows startup-managed VHD/VHDX files, including Dev Drive backing images, cannot live on system favorite volumes because they are accessed before those volumes are mounted.

Document that native-boot VHD/VHDX files also cannot live on system favorite volumes and remain subject to the existing VeraCrypt pre-boot authentication limitation for operating systems installed within VHD/VHDX files.

Mention a delayed/retrying attach workaround for non-boot-critical VHD/VHDX files after VeraCryptSystemFavorites mounts the host volume.

Closes #1605.
This commit is contained in:
Mounir IDRASSI
2026-05-25 15:41:49 +09:00
parent 5bd9277970
commit 0d86b9b3e6
4 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
doc/chm/VeraCrypt User Guide.chm
View File

Binary file not shown.

2
doc/html/en/FAQ.html
View File

@@ -304,6 +304,8 @@ The System Favorites Organizer window should appear now. In this window, enable
For more information, see the chapter <a href="System%20Favorite%20Volumes.html" target="_blank" style="text-align:left; color:#0080c0; text-decoration:none">
System Favorite Volumes</a>.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
Note: System favorite volumes are not available during the earlier Windows boot and storage initialization phases. Therefore, Windows-managed startup dependencies such as automatically attached VHD/VHDX files, Dev Drive backing VHDX files, and native-boot VHD/VHDX files must not be stored on system favorite volumes. For VHD/VHDX files that are not required during boot or early startup, use a delayed/retrying task or a service that depends on <em>VeraCryptSystemFavorites</em> to attach them after the system favorite volume has been mounted. This workaround is not suitable for native-boot VHD/VHDX files or any other file that Windows must access before services can run.</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<br style="text-align:left">
<strong style="text-align:left">Can a volume be automatically mounted whenever I log on to Windows?</strong></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">

3
doc/html/en/Issues and Limitations.html
View File

@@ -62,7 +62,8 @@ In such situations, the issue can be solved by disabling VeraCrypt waiting dialo
by selecting <em>System</em> &gt; <em>Mount Without Pre-Boot Authentication,</em> is limited to primary partitions (extended/logical partitions cannot be mounted this way).
</li><li>Due to a Windows 2000 issue, VeraCrypt does not support the Windows Mount Manager under Windows 2000. Therefore, some Windows 2000 built-in tools, such as Disk Defragmenter, do not work on VeraCrypt volumes. Furthermore, it is not possible to use the Mount
Manager services under Windows 2000, e.g., assign a mount point to a VeraCrypt volume (i.e., attach a VeraCrypt volume to a folder).
</li><li>VeraCrypt does not support pre-boot authentication for operating systems installed within VHD files, except when booted using appropriate virtual-machine software such as Microsoft Virtual PC.
</li><li>VeraCrypt does not support pre-boot authentication for operating systems installed within VHD/VHDX files, except when booted using appropriate virtual-machine software such as Microsoft Virtual PC.
</li><li>VHD/VHDX files that Windows must attach automatically during startup, including Dev Drive backing VHDX files, cannot be stored on system favorite volumes because these volumes are mounted only after the earlier Windows boot and storage initialization phases have already started. Store such non-boot VHD/VHDX files on the encrypted system partition/drive or on another partition within the key scope of system encryption. Native-boot VHD/VHDX files also cannot be stored on system favorite volumes; they remain subject to the preceding limitation on pre-boot authentication for operating systems installed within VHD/VHDX files. For VHD/VHDX files that are not required for boot or early Windows startup, disable Windows automatic attachment and attach them later using a delayed/retrying startup task or a service that depends on the <em>VeraCryptSystemFavorites</em> service. This workaround is not suitable for native-boot VHD/VHDX files or any other file that Windows must access before services can run.
</li><li>The Windows Volume Shadow Copy Service is currently supported only for partitions within the key scope of system encryption (e.g. a system partition encrypted by VeraCrypt, or a non- system partition located on a system drive encrypted by VeraCrypt, mounted
when the encrypted operating system is running). Note: For other types of volumes, the Volume Shadow Copy Service is not supported because the documentation for the necessary API is not available.
</li><li>Windows boot settings cannot be changed from within a hidden operating system if the system does not boot from the partition on which it is installed. This is due to the fact that, for security reasons, the boot partition is mounted as read-only when the

4
doc/html/en/System Favorite Volumes.html
View File

@@ -74,8 +74,8 @@ System favorite volumes <strong>can be configured to be available within VeraCry
<br>
Warning: When the drive letter assigned to a system favorite volume (saved in the configuration file) is not free, the volume is not mounted and no error message is displayed.<br>
<br>
Note that Windows needs to use some files (e.g. paging files, Active Directory files, etc.) before system favorite volumes are mounted. Therefore, such files cannot be stored on system favorite volumes. Note, however, that they
<em>can </em>be stored on any partition that is within the key scope of system encryption (e.g. on the system partition or on any partition of a system drive that is entirely encrypted by VeraCrypt).<br>
Note that Windows needs to use some files (e.g. paging files, Active Directory files, VHD/VHDX files configured for automatic attachment at startup, Dev Drive backing VHDX files, native-boot VHD/VHDX files, etc.) before system favorite volumes are mounted. Therefore, such files cannot be stored on system favorite volumes. Note, however, that files supported by VeraCrypt system encryption
<em>can </em>be stored on any partition that is within the key scope of system encryption (e.g. on the system partition or on any partition of a system drive that is entirely encrypted by VeraCrypt). Native-boot VHD/VHDX files remain subject to the limitation that VeraCrypt does not support pre-boot authentication for operating systems installed within VHD/VHDX files. For VHD/VHDX files that are not required for boot or early Windows startup, a possible workaround is to disable Windows automatic attachment and attach them only after the corresponding system favorite volume has been mounted, for example by using a delayed/retrying startup task or a service that depends on the <em>VeraCryptSystemFavorites</em> service and runs <code>Mount-DiskImage</code> or <code>diskpart attach vdisk</code>. This workaround is not suitable for paging files, Active Directory files, native-boot VHD/VHDX files, or any other file that Windows must access before services can run.<br>
<br>
<strong>To remove a volume from the list of system favorite volumes</strong>, select
<em>Favorites </em>&gt; <em>Organize System Favorite Volumes</em>, select the volume, click