Hi colonelpanic, and welcome to the forum! Before doing anything else I would advise that you post on the vera crypt forum at sourceforge:
Having just done a brief look at veracrypt searches,
a. it is cross-platform - can be used on any OS
b. cannot encrypt entire drives/volumes
One suggestion for Linux (and I am not validating this) is to use dm-crypt at point of install:
Why dm-crypt? From Arch Wiki site: [Start of extract]:
Securing a root filesystem is where dm-crypt excels, feature and performance-wise. Unlike selectively encrypting non-root filesystems, an encrypted root filesystem can conceal information such as which programs are installed, the usernames of all user accounts, and common data-leakage vectors such as mlocate and
/var/log/ . Furthermore, an encrypted root filesystem makes tampering with the system far more difficult, as everything except the boot loader and (usually) the kernel is encrypted.
All scenarios illustrated in the following share these advantages, other pros and cons differentiating them are summarized below: [end of transcript]
Your first task should be to backcup your Windows 7 machine - post on the Veracrypt forum on how to do this without loss of data should you need to do a restore. At this point it might be worth checking what make and model of hard drive you have and what controller is installed for the hard drive - there is a way of checking this somehow but can’t remember as any difference in hardware could render restoration useless if you have a copy of a spare drive for disaster recovery.
Other options might be for you to decrypt your data temporarily and backup to an external drive in readiness for deploying for Linux or you just might want to migrate to an external drive that is placed in a secure strong-box when not in use or build a well-ventilated steel box around it with access to connections.
Rather than mess with your existing hard drive, purchase a new one - if you intend using the same PC, install the new hard drive and setup Linux on that drive first but make sure the Windows 7 drive is disconnected. The crucial element will be what software you use and whether there is an equivalent in Linux to begin with. Assuming you won’t need any specialist software you would be good to go. One thing before you do anything else is if your PC’s CoA has been removed or deteriorated overtime is to find out the CoA key by using a vbs script to extract the key using Notepad and saving as a .vbs file then run it to find the key and store it in case you want to reinstall as a VM at some later date on your Linux install.
For future reference, run a VB script to find what your CoA code is for your install.
Open up Notepad and enter the following:
Set WshShell = CreateObject(“WScript.Shell”)
MsgBox ConvertToKey(WshShell.RegRead(“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId”))
Const KeyOffset = 52
i = 28
Chars = “BCDFGHJKMPQRTVWXY2346789”
Cur = 0
x = 14
Cur = Cur * 256
Cur = Key(x + KeyOffset) + Cur
Key(x + KeyOffset) = (Cur \ 24) And 255
Cur = Cur Mod 24
x = x -1
Loop While x >= 0
i = i -1
KeyOutput = Mid(Chars, Cur + 1, 1) & KeyOutput
If (((29 - i) Mod 6) = 0) And (i <> -1) Then
i = i -1
KeyOutput = “-” & KeyOutput
Loop While i >= 0
ConvertToKey = KeyOutput
Save the file as WindowsKeyCode.vbs NOT .txt
Double click on the saved file to get the results and print it out and keep in a safe place - then should you need to download the official .iso for your version - in System Properties see if you have Windows 7 Home or Pro - as you need to ensure you download the correct iso, also whether 32-bit or 64-bit - it should state that in System Properties.
[From my post here: https://forum.zorin.com/u/swarfendor437]
The rest is down to you - only you can make the right decision for your business model.
If you want to take security to the next level, Linux Magazine had an excellent article many years ago how to make your Linux pc secure by creating a USB key that was needed to boot the machine, make a copy of it and secure the initial key in a safe place. Make copies for the people going to use it - that way the machine would never boot without the USB key.