Comments on: Perfect dual boot crypted hard disk setup with Truecrypt and LUKS http://blog.mfabrik.com/2008/07/15/perfect-dual-boot-crypted-hard-disk-setup-with-truecrypt-and-luks/ Freedom delivered. Fri, 10 Sep 2010 07:04:24 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: jova3078 http://blog.mfabrik.com/2008/07/15/perfect-dual-boot-crypted-hard-disk-setup-with-truecrypt-and-luks/comment-page-1/#comment-848 jova3078 Thu, 23 Jul 2009 13:34:51 +0000 http://blog.redinnovation.com/?p=55#comment-848 The correct address for the instructions on ubuntuforums would be: http://ubuntuforums.org/showthread.php?p=a35bb947b3593e4557135380109a40d7&p=4786419&postcount=10 The correct address for the instructions on ubuntuforums would be: http://ubuntuforums.org/showthread.php?p=a35bb947b3593e4557135380109a40d7&p=4786419&postcount=10

]]> By: Fritzl http://blog.mfabrik.com/2008/07/15/perfect-dual-boot-crypted-hard-disk-setup-with-truecrypt-and-luks/comment-page-1/#comment-811 Fritzl Wed, 07 Jan 2009 13:24:13 +0000 http://blog.redinnovation.com/?p=55#comment-811 can anyone provide me with the working link? step 4 looks very complicated. can anyone provide me with the working link?
step 4 looks very complicated.

]]> By: atx http://blog.mfabrik.com/2008/07/15/perfect-dual-boot-crypted-hard-disk-setup-with-truecrypt-and-luks/comment-page-1/#comment-805 atx Fri, 02 Jan 2009 19:17:06 +0000 http://blog.redinnovation.com/?p=55#comment-805 I have just tested another interesting solution for multibooting with TrueCrypt. This one is using GRUB4DOS and ISO image of Truecrypt Rescue Disk. I wanted to have Grub showing first, and not see the Truecrypt loader until really needed (when I choose to start the TCrypted OS). The second advantage is that GRUB is used here in stage1.5 mode (des not load stage2 directly from MBR as in your example) hence it is not prone to changes to stage2 file location (e.g. during defragmentation). The idea is to boot the "TrueCrypt Rescue CD" ISO image from hard disk using Grub4DOS' ability to map iso file as harddrive, when access to encrypted OS is requested. The Rescue CD behaves like a normal TC loader - when correct password is entered, it starts the encrypted OS exactly as if it was started from normal TC loader stored in MBR. I found the idea here: http://grub4dos.sourceforge.net/wiki/index.php/Mr My current setup looks like this: - partition 1: 128MB, "BOOT", GRUB4DOS files - partition 2: 32GB, "WIN1-TC", encrypted OS - partition 3: 32GB, "WIN2", second OS GRUB4DOS is installed in MBR. It also takes a few sectors of track 1 (normally needed by TrueCrypt loader), so the trick with chainloading TC MBR from file cannot be used (chainloaded TC MBR would load rest of track 1, but it's now GRUB's data there and TC would hang). But we can use unique feature of GRUB4DOS - chainloading from ISO image: 1. ISO of TrueCrypt Rescue Disk (the file generated during system encryption) should be copied to GRUB subfolder on BOOT partition 2. In MENU.LST on boot partition, I have following entries: title 1st map --mem (hd0,0)/GRUB/TCRescueDisk.iso (hd32) map --hook unhide (hd0,1) hide (hd0,2) rootnoverify (hd0,1) makeactive chainloader (hd32) title 2nd hide (hd0,1) unhide (hd0,2) rootnoverify (hd0,2) makeactive chainloader +1 It works without problems. When I power up the computer, GRUB is loaded, then if I choose option 2 the 2nd OS is loaded, and if I choose option 1 I get the TrueCrypt prompt, after which the 1st OS is loaded. I haven't tested it, but this idea could potentially also allow having more than 1 TrueCrypt-encrypted Windows installations (normally this is not possible, as TC stores system-unique key data in track 1 of hdd, hence encrypting 2nd OS would overwrite data for 1st one): one could put more Recovery ISO images in BOOT partition (for each encrypted OS 1 ISO of it's recovery CD) and add a similar "boot from ISO" entry to Grub's MENU.LST file. I have just tested another interesting solution for multibooting with TrueCrypt. This one is using GRUB4DOS and ISO image of Truecrypt Rescue Disk. I wanted to have Grub showing first, and not see the Truecrypt loader until really needed (when I choose to start the TCrypted OS). The second advantage is that GRUB is used here in stage1.5 mode (des not load stage2 directly from MBR as in your example) hence it is not prone to changes to stage2 file location (e.g. during defragmentation).

The idea is to boot the “TrueCrypt Rescue CD” ISO image from hard disk using Grub4DOS’ ability to map iso file as harddrive, when access to encrypted OS is requested. The Rescue CD behaves like a normal TC loader – when correct password is entered, it starts the encrypted OS exactly as if it was started from normal TC loader stored in MBR.

I found the idea here:
http://grub4dos.sourceforge.net/wiki/index.php/Mr

My current setup looks like this:
- partition 1: 128MB, “BOOT”, GRUB4DOS files
- partition 2: 32GB, “WIN1-TC”, encrypted OS
- partition 3: 32GB, “WIN2″, second OS

GRUB4DOS is installed in MBR. It also takes a few sectors of track 1 (normally needed by TrueCrypt loader), so the trick with chainloading TC MBR from file cannot be used (chainloaded TC MBR would load rest of track 1, but it’s now GRUB’s data there and TC would hang). But we can use unique feature of GRUB4DOS – chainloading from ISO image:

1. ISO of TrueCrypt Rescue Disk (the file generated during system encryption) should be copied to GRUB subfolder on BOOT partition

2. In MENU.LST on boot partition, I have following entries:

title 1st
map –mem (hd0,0)/GRUB/TCRescueDisk.iso (hd32)
map –hook
unhide (hd0,1)
hide (hd0,2)
rootnoverify (hd0,1)
makeactive
chainloader (hd32)

title 2nd
hide (hd0,1)
unhide (hd0,2)
rootnoverify (hd0,2)
makeactive
chainloader +1

It works without problems. When I power up the computer, GRUB is loaded, then if I choose option 2 the 2nd OS is loaded, and if I choose option 1 I get the TrueCrypt prompt, after which the 1st OS is loaded.

I haven’t tested it, but this idea could potentially also allow having more than 1 TrueCrypt-encrypted Windows installations (normally this is not possible, as TC stores system-unique key data in track 1 of hdd, hence encrypting 2nd OS would overwrite data for 1st one): one could put more Recovery ISO images in BOOT partition (for each encrypted OS 1 ISO of it’s recovery CD) and add a similar “boot from ISO” entry to Grub’s MENU.LST file.

]]> By: Ajzimm3rman http://blog.mfabrik.com/2008/07/15/perfect-dual-boot-crypted-hard-disk-setup-with-truecrypt-and-luks/comment-page-1/#comment-804 Ajzimm3rman Fri, 02 Jan 2009 19:13:42 +0000 http://blog.redinnovation.com/?p=55#comment-804 LOL... he said foreigners.. LOL… he said foreigners..

]]> By: atx http://blog.mfabrik.com/2008/07/15/perfect-dual-boot-crypted-hard-disk-setup-with-truecrypt-and-luks/comment-page-1/#comment-802 atx Fri, 02 Jan 2009 03:57:54 +0000 http://blog.redinnovation.com/?p=55#comment-802 regarding the "magic needed" link, it should be ubuntuforums.org and not ubuntuforums.com (the former gives a 'host not found' error). regarding the “magic needed” link, it should be ubuntuforums.org and not ubuntuforums.com (the former gives a ‘host not found’ error).

]]> By: Mikko Ohtamaa http://blog.mfabrik.com/2008/07/15/perfect-dual-boot-crypted-hard-disk-setup-with-truecrypt-and-luks/comment-page-1/#comment-676 Mikko Ohtamaa Sun, 12 Oct 2008 20:32:53 +0000 http://blog.redinnovation.com/?p=55#comment-676 Those steps can be found from Ubuntu forums linked in this post. Those steps can be found from Ubuntu forums linked in this post.

]]> By: jon http://blog.mfabrik.com/2008/07/15/perfect-dual-boot-crypted-hard-disk-setup-with-truecrypt-and-luks/comment-page-1/#comment-674 jon Sat, 11 Oct 2008 22:13:26 +0000 http://blog.redinnovation.com/?p=55#comment-674 Could you give (step by step) details on these parts: 4.3 Back-up Truecrypt’s MBR to a file on /boot partition using dd 4.4 Add Truecrypt’s MBR as a chain boot loader in Grub 4.5 Rewrite MBR using Grub Could you give (step by step) details on these parts:

4.3 Back-up Truecrypt’s MBR to a file on /boot partition using dd
4.4 Add Truecrypt’s MBR as a chain boot loader in Grub
4.5 Rewrite MBR using Grub

]]> By: Bruce http://blog.mfabrik.com/2008/07/15/perfect-dual-boot-crypted-hard-disk-setup-with-truecrypt-and-luks/comment-page-1/#comment-410 Bruce Sat, 19 Jul 2008 15:53:50 +0000 http://blog.redinnovation.com/?p=55#comment-410 Well I tried it and it works! I also discovered something interesting; if you put GRUB on the MBR and on the PBR of the second partition you can go back to GRUB from the TrueCrypt loader via the ESC key (assuming when you installed TrueCrypt you told it there was another boot loader.) Well I tried it and it works! I also discovered something interesting; if you put GRUB on the MBR and on the PBR of the second partition you can go back to GRUB from the TrueCrypt loader via the ESC key (assuming when you installed TrueCrypt you told it there was another boot loader.)

]]> By: Bruce http://blog.mfabrik.com/2008/07/15/perfect-dual-boot-crypted-hard-disk-setup-with-truecrypt-and-luks/comment-page-1/#comment-409 Bruce Sat, 19 Jul 2008 06:22:13 +0000 http://blog.redinnovation.com/?p=55#comment-409 I use TrueCrypt for Windows and dm-crypt with lvm for Ubuntu and press ESC at the TrueCrypt boot loader on the MBR to get to GRUB on the second partition. However, I never thought about getting GRUB to chainload TrueCrypt! So GRUB is installed on the MBR but the TrueCrypt boot loader is actually on installed on the second partition? I use TrueCrypt for Windows and dm-crypt with lvm for Ubuntu and press ESC at the TrueCrypt boot loader on the MBR to get to GRUB on the second partition. However, I never thought about getting GRUB to chainload TrueCrypt!

So GRUB is installed on the MBR but the TrueCrypt boot loader is actually on installed on the second partition?

]]>