Should I encrypt my entire hard drive, or only a partition?

Both solutions are acceptable but they have different pros and cons.

  1. Full disk encryption:

    Pros: you have no risk of leaking some sensitive data in a non encrypted partition

    Cons: if things go wrong, the full disk become unreadable and you will have to try to recover/reinstall from a removable bootable media: do not forget to build and securely store it

  2. Encrypted partition(s):

    Cons: if you only encrypt a data partition, sensitive data can end in temporary files or swap file in a non encrypted partition

    Pros: if things go wrong, the unencrypted partitions will be easier to recover

Following is my (subjective) advice:

If you have a recovery partition in your disk, this one should not be encrypted, but you should encrypt all windows partition be them system or data if you want to be super safe, or only the sensitive data partition if you can accept that an attacker could find traces in temp or swap files.

Alternatively, you could build a (set of) removable recovery data, and go with full disk encryption.

The initial encryption time does not really matter IMHO. It happens only once. But 10 hours for 150 Gb seems rather weird. SATA disk io throughput should allow around 100Mb/s, so encrypting 150Gb should not exceed a couple of hours.


Encrypt the whole disk. The overhead is negligible, and you don't have to worry about someone stealing your computer and having all your data. And if you have to send your computer to repairs, you don't have to worry about stolen files or compromised applications.

Another benefit is that all data is encrypted by default, so you don't need to keep a mental process of copying sensitive data from the unprotected partition to the protected one. And if you need double protection, create a VeraCrypt volume and use it.


One benefit of encrypting only a partition vs the whole drive is that you can encrypt/decrypt the partition while using the system for other tasks, so you can encrypt it "on demand" so to say, but if you encrypt the whole disk it's decrypted every time you start up and authenticate the system.

In terms of security, as you say, if the machine gets stolen, I would say there isn't much difference between FDE and an encrypted partition in such a scenario. If you use strong encryption on your partition it's highly unlikely that your data will be compromised.

I'd say there is some benefit to using an encrypted partition / folder vs FDE if you only decrypt it when you need to access or store sensitive information and encrypt it again when you're done, so that you don't leave the filesystem in an unencrypted state all the time when you're logged in, as would be the case with only FDE.