6

I want to upgrade to Windows 10 but I don't want to decrypt my system partition because it takes 21 hours..

Is it possible to upgrade without decrypting?

DavidPostill
  • 153,128
  • 77
  • 353
  • 394
Niklas Büsing
  • 69
  • 1
  • 2

4 Answers4

9

Is it possible to upgrade without decrypting?

No.

If the system partition/drive is encrypted and you want to reinstall or upgrade Windows, you need to decrypt it first (select System > Permanently Decrypt System Partition/Drive).

Source VeraCrypt FAQ

chrki
  • 474
  • 2
  • 14
DavidPostill
  • 153,128
  • 77
  • 353
  • 394
3

The situation has changed since 2016 from DavidPostill's original answer, the VeraCrypt FAQ has a note added to it (emphasis mine):

Note: If the system partition/drive is encrypted and you want to reinstall or upgrade Windows, you need to decrypt it first (select System > Permanently Decrypt System Partition/Drive). However, a running operating system can be updated (security patches, service packs, etc.) without any problems even when the system partition/drive is encrypted.

This change was likely introduced with VeraCrypt 1.23, released in 2018. From the changelog:

Add compatibility of system encryption with Windows 10 upgrade using ReflectDrivers mechanism

From personal experience: I have successfully upgraded Windows 10 from 1809 to 1909, and most recently from 1909 to 20H2 using Windows Update, without having to decrypt my system volumes or hard drives.

chrki
  • 474
  • 2
  • 14
2

I and many others had success using Windows 10 media patcher for upgrading VeraCrypt-encrypted systems, you should try it.

damd
  • 279
  • 3
  • 15
  • 1
    This method worked for me - Windows 10 Home 1909 -> 2004. Read the README carefully, on first attempt I didn't add any setup options manually and it failed. Second attempt went flawlessly. – gronostaj Jun 10 '20 at 20:29
  • 1
    +1, but as of 2020 this method is updated, and Windows updates have gone through on encrypted disks without any need for patching. – Martin Argerami May 20 '21 at 18:13
-2

You need to decrypt first. I am currently decrypting 1 TB and it takes only 85 minutes. So if you still thinks it takes a long time then you need a faster SSD.

Some people here thinks that updating from 1909 to 2004 is an upgrade. It is not. That is only a regular update of the existing windows version. When uprading to a new Windows, like windows 10 to windows 11, you absolutly need to decrypt, or you will have a computer that can not be used.

gronostaj
  • 55,965
  • 20
  • 120
  • 179
Victor Svensson
  • 1
  • 3
    "Upgrade" is a common term for version updates, like your 1909→2004 example. It may not be what Microsoft calls it, but that's not relevant. As long as everybody knows what is meant under that term, it's fine. As already noted in other answers, updating ("upgrading") VC-encrypted systems is possible using the ReflectDrivers mechanism. I myself did that a couple times and it worked every time. – gronostaj Apr 17 '22 at 15:11
  • 1
    Also, people use FDE because they don't want unencrypted data being stored on the disk. Decrypting for an upgrade may not be an option then. It's particularly problematic on SSDs, where writes during re-encryption will go to completely different addresses in the underlying storage (due to wear leveling) and potentially sensitive, unencrypted data may still be recoverable by bypassing the SSD controller (although highly specialized tools would be required). Full re-encryption will also burn quite a lot of erase cycles. – gronostaj Apr 17 '22 at 15:16