Unlike MBR, it is possible to have multiple EFI system partitions on a GPT disk (nothing in the specification states that it's limited to only one)
It is possible to encrypt the Windows ESP together with the Windows system partition and have only the DiskCryptor bootloader in an unencrypted ESP. Here's an example layout:
1
2
3
4
DiskCryptor ESP (unencrypted)
MSR (unencrypted)
Windows ESP* (encrypted)
Windows System Partition (encrypted)
* The partition type needs to be EFI system partition just like the very first (unencrypted) ESP for it to boot.
It is possible to have multiple pairs of encrypted Windows ESP and Windows System Partitions. Then, with the "boot from first partition with appropriate password" method of the DiskCryptor bootloader, one can choose which Windows installation to boot by entering the corresponding password. I've confirmed this setup works under VMware with two separate Windows 10 LTSC 2021 installations.
I'm not sure if it is related to my layout with multiple ESPs: sometimes when I click on the "configure bootloader" button, the "Bootloader config" window crashes.
Unlike MBR, it is possible to have multiple EFI system partitions on a GPT disk (nothing in the specification states that it's limited to only one)
It is possible to encrypt the Windows ESP together with the Windows system partition and have only the DiskCryptor bootloader in an unencrypted ESP. Here's an example layout:
* The partition type needs to be EFI system partition just like the very first (unencrypted) ESP for it to boot.
It is possible to have multiple pairs of encrypted Windows ESP and Windows System Partitions. Then, with the "boot from first partition with appropriate password" method of the DiskCryptor bootloader, one can choose which Windows installation to boot by entering the corresponding password. I've confirmed this setup works under VMware with two separate Windows 10 LTSC 2021 installations.
I'm not sure if it is related to my layout with multiple ESPs: sometimes when I click on the "configure bootloader" button, the "Bootloader config" window crashes.