BudoBaka

Extraordinary Member
I have an issue that I hope the experts on the board can help me solve.

The short version is that I have a Win 10 Laptop that I wanted to use as a dual-boot Win10/Linux box. I used a Linux LiveUSB to attempt the install. Now I can not boot into, repair, or rescue the Win 10 partition. I am trying to recover the Win partition and install Gentoo.

The long version:

I shrunk the Win 10 partition from full disk to appx. 300GB. This is a 1TB SSD disk. The remaining 700 GB I left unallocated and un-formatted. I did this from the Win 10 partition manager and had no issues after this step. I was using the box for about 3 months in this state with no issues.

Later, I booted from a Linux LiveUSB to partition, format, and allocate the remaining disk space in preparation for the Linux install. I did this in GParted and let the distro install wizard auto-allocate. It split the unallocated space into 300GB/300GB. I planned to chunk up one of the 300GB partitions and install Linux on it. After partitioning, when rebooting Win 10 is available and selectable but I am taken to the Win10 Auto-repair dialogue. Which fails. In the Rescue menu items, I can't reset, recover, or rescue either. All fail.

I created a Recovery Disk from Win 10 but it does not give me an option to "repair" an installation just to reinstall.

A couple of things that may or may not be involved...

1) The laptop is using Optane. There is a small 27GB SSD that I assume accommodates this. When I check in the BIOS...

[Intel (R) RST 17.5.5.4401 RAID Driver

Optane Volume :
Incomplete Optane Volume

Non-RAID PhysicaI Disks :
TG 4 .O , INTEL HBRPEKNX0203AH TE917405KV1POC-1 , 953 . 8GB


OPTANE VOLUME INFO
TG 5.0, INTEL HBRPEKNX0203AHO TE917405KV1POC-2, 27.2GB
Unallocated


Reset to non-Octane

"WARNING! This disk is detected as 1 of the 2 disks paired in an Optane volume.

Before proceeding it is recommended that you recombine this disk with its partner disk if possible. Only proceed if you intend to delete all the data on BOTH disks. If you continue to reset this disk to non-Optane without recommended recombination, you will not only delete all the data on this disk but you must also reset its optane parter disk which will delete all the data on that dick too. Are you sure you want to continue?" "Yes or No"]

So it appears that Intel implements Optane as some kind of RAID disk set-up between the two SSD disks and that association was broken somehow when I partitioned the unallocated space.

I don't know if this is what is creating the issue with Win10 but at the very least it is an issue that was created and I assume it is one that I will have to deal with regardless.

2) The Win10 Partition is encrypted. Or as best I can tell some part of it is because I can mount and back up almost everything in that partition. I say "almost everything" because I just don't see any of the User directories/files. However, when I look in the partition manager I see the entire 200+ GB intact. My Google-Fu indicates that Win10 is using Bitlocker for encryption but when I check the Windows login account it has no key for that account. So maybe I am incorrect about the encryption. I am out of my depth on this one.

3) I was using my YubiKey to log in to my account but all of the research I have done on the Yubico site and forums indicates that the key is NOT being used for the disk encryption in any way.


So my hope is that...

I can rescue/find a way to boot back into the Win 10 part.
I did back up the Windows stuff by mounting in Linux and copying to an external media...but I don't know if it grabbed everything. I guess that it didn't because if I check it I get


nvme0n1p3 91G 19G 73G 21% /media/spectre360/Windows

which is a lot less than what it is and what disk manager is showing 289 GB — 77 GB free (73.2% full). This is the full Windows partition including the parts I can't see now.

I also have no obvious way to decrypt it because I don't know how Win 10 was doing it. It came that way when I purchased the laptop.

I can't imagine that the data is gone but if it really is unrecoverable then I would like to install Gentoo on the entire disk but need to understand how to use Optane and its separate SSD?

My apologies if the post is a little confusing but it is because I am confused.

On another forum it was suggested I use a Boot Repair utility to generate a report, I've attached that as well. It does not see a Win 10 OS...if I am reading it correctly.

Boot Repair Utility Report - Pastebin.com

Some other data that may or may not be relevant:

The laptop uses Optane, which I previously pointed out.

The disk(s) are SSD.

It is a UEFI Bios.

And it uses "Secure Boot".

I've also had some returns when searching Google that TPM can sometimes not play nice with dual boot boxes?

I am really out of my depth here. Before I go too far down the rabbit hole, all I had done up to the point of encountering the problem was partition the disk.

That and the fact that now Optane is showing as unpaired leads me to believe that this is the root cause. Somehow/Someway Win 10 was dependent on Optane and that is borked so it can't boot or recover. Or somehow some part of the disk was partitioned that was pointing to the encrypted data on that partition. I am grabbing at straws.

At this point, if I can just recover my data...either by being able to successfully boot into the Windows partition...or by finding a way to capture the entire partition when mounting and backing up...then figuring out how to decrypt it.

If it turns out that the data on that partition is 100 percent unrecoverable it would suck but I would stop spinning my wheels and just do a clean install of Win 10.

Sorry for the long post. I really hope that someone here can help fix this...the Win10 side of course.
 

Neemobeer

Cyber Security Engineer
Staff member
If the disk is GPT formatted Windows would should as a boot option in the firmware. What does the computer currently do when booting? Errors, nothing, etc. As for the fact you can see data on the Windows partition but not the users would suggest you have EFS enabled for your user account which would mean only the user data is encrypted.
 

BudoBaka

Extraordinary Member
If the disk is GPT formatted Windows would should as a boot option in the firmware. What does the computer currently do when booting? Errors, nothing, etc. As for the fact you can see data on the Windows partition but not the users would suggest you have EFS enabled for your user account which would mean only the user data is encrypted.
Thank you for the reply and assistance. Much appreciated.

The computer boots with no issue into the bootloader (Grub2). Both OS's (Win10 and Linux Kernel) are given as options to boot. The problem occurs when I select Win10 to boot into. When Win 10 boots...it starts the Diagnostic auto-repair which fails and then brings up the Rescue dialogue/Options. I am not sure if that is the proper name for that dialogue but it is the screen that gives you options to Reset, Recover, Restore, etc. Also, advanced menu options and an option to bring up the cmd terminal.

This leads me to believe it is an issue on the Win 10 side of things? Caused of course by the attempt to configure a dual boot box.
 

BudoBaka

Extraordinary Member
...As for the fact you can see data on the Windows partition but not the users would suggest you have EFS enabled for your user account which would mean only the user data is encrypted.
If I understand "EFS enabled" correctly, that isn't what was used on this device. It was Device Encryption in the Update & Security menu. Under normal circumstances how would one recover the encrypted user data in such a situation? As best I can tell Win 10 Home doesn't use BitLocker so there is no "key" stored in any place obvious that I can discern. Of course, there has to be one though. Could it be TPM chip-driven? I am really out of my depth here so sorry for so many questions.
 

BudoBaka

Extraordinary Member
Depends on the errors
It boots me into this menu after failing an "Auto-Repair"


troubleshoot-advancedstartup.jpg
 

Neemobeer

Cyber Security Engineer
Staff member
If it's using Bitlocker you can create a Windows-To-Go flash drive and boot to that. From there, provided you have the recovery key, you can decrypt the drive. If you don't have the key your out of luck.
 

BudoBaka

Extraordinary Member
If it's using Bitlocker you can create a Windows-To-Go flash drive and boot to that. From there, provided you have the recovery key, you can decrypt the drive. If you don't have the key your out of luck.
I'm sorry this is where I am confused. According to the Microsoft website, my version of Win 10 (Home Edition) does not use Bitlocker.

Also, it indicates that a Windows Recovery Key is stored in the same Microsoft account, if disk encryption (Non-Bitlocker) is used, that was used to set up the laptop. There is no Key in that account. So this leads me to believe one of two things...encryption was not used and somehow only User data got borked...or disk encryption was used and it was encrypted in some mysterious Microsoft way not using a "key" in the sense most of us understand. I did find a page that indicates that TPM is doing the encryption but I can't find anything indicating how one would recover such an encrypted volume, Thoughts? I really appreciate the feedback.


Device encryption requirements​


These are the hardware requirements for device encryption on Windows 10:


  • Trusted Platform Module (TPM) version 2 with support for Modern Standby.
  • TPM must be enabled.
  • Unified Extensible Firmware Interface (UEFI) firmware style.
 
Top