Fully encrypting a multiboot-installation with TrueCrypt/VeraCrypt is unfortunately not possible ATM.
Also, chainloading an ISO in GRUB is not working, so it's kind of complicated to get FDE (Full Disk Encryption) working in a multiboot single drive configuration.
Not much to say here. Basic install with all your desired settings. But wait with wireless, passwords, setup & stuff.
Just let it use 50%(?) of your available space and let it create its recovery volume.
TL;DR: 100MB /boot, 50%
I followed the articles from the german Arch wiki here and here (first one is available in english, too).
Basically, set up your system completely following these instructions. If you are using grub, it could be a nice idea to install os-prober, wich will automatically detect the unencrypted Windows install.
After this step you will end up with a fully encrypted Arch Linux with a GRUB-bootloader that also boots the unencrypted Windows installation.
Windows doesn't like UTC - but we can make it to :)
Following the HowToGeek article, disable NTP on Windows, set the registry keys and enable NTP in Linux.
Install TrueCrypt 7.1a and start it with the /n-Parameter to disable media verification.
Encrypt your system partition (not drive!), with a Single Boot configuration (yes, really).
Pick your encryption schemes and Hash algorithms as you desire.
Save the TrueCrypt Rescue Disc iso somewhere safe - you'll need it soon.
In the installation process, TC will reboot and overwrite your MBR - thus overwriting your GRUB install.
Boot into an Arch recovery media (after all, you installed it some minutes ago with that, right?), mount the encrypted and the boot volumes and arch-chroot into your Linux install.
Copy the TrueCrypt Rescue Disk onto the /boot partition (naming it tcrd.iso).
Next, install syslinux: pacman -S syslinux
Copy the syslinux memdisk to /boot: sudo /usr/lib/syslinux/bios/memdisk /boot
Edit /etc/grub.d/40_custom and add at the bottom (note: /boot is /dev/sda3; do a blkid /dev/sda3 to get the UUID) source and
other source:
menuentry "Windows" {
insmod part_msdos
ismod fat
insmod ext2
insmod search_fs_uuid
search --fs-uuid --no-floppy --set=boot [UUID of /boot without quotes]
linux16 ($boot)/memdisk iso raw
initrd16 ($boot)/tcrd.iso
}
Run grub-mkconfig -o /boot/grub/grub.cfg to generate the extended grub.cfg.
It may be a good idea to remove os-prober beforehand, as it would pollute your grub with a not working startup entry for windows.
Quit the chroot, reboot and try to boot your Linux and Windows installation.
Sometimes the TC bootloader tells you that you've entered the wrong password, although it's the right one.
In this case: Enter the Repair Options (F8) and choose (3) Restore key data, entering the password and choosing volume 0.
After this, the encrypted Windows install boots like a charm without breakting any bootloader magic.
What are the differences between this tutorial and this one?