Ubuntu / Vista Dual Boot – Full Encryption with TrueCrypt

by on Mar.12, 2009, under Technology

sda1: encrypted with
sda2: Hardy Heron /boot partition (not encrypted)
sda3: Ubuntu Hardy Heron encrypted volume with LVM inside and / and swap partions within LVM (to save partitions used overall incase it gets over 5 partitions)
sda4: Working on installing OSX Leopard on this partition currently.

The steps I used are as follows, in brief:
1) Installed Vista first (actually pre-installed on laptop)

2) Installed Ubuntu second using encrypted physical volume with LVM inside it and 2 partions / and swap inside the LVM(at this point, was in the MBR)

3) Ran full windows (not full disk ) through TrueCrypt and let it write its bootloader to the MBR. (obviously overwriting Grub in the MBR)

4) Booted with a live cd and copied the truecrypt bootloader from the MBR to a file in the /boot partition (sda2)
use these commands to do so:
dd if=/dev/sda of=/mnt/boot/truecrypt.mbr count=1 bs=512
dd if=/dev/sda of=/mnt/boot/truecrypt.backup count=8 bs=32256

5)Reinstalled grub to the MBR using these commands:
sudo grub
install (hd0,1)/grub/stage1 (hd0) (hd0,1)/grub/stage2 0×8000 p

6) Added a chainloader to the menu.lst Vista entry to point to the truecrypt bootloader within the /boot partition like so:

title Windows Vista/Longhorn
rootnoverify (hd0,0)
chainloader (hd0,1)/truecrypt.mbr

The only partition not encrypted in the /boot partition so far, which is fine. After grub loads, no matter which OS I choose, I enter a passphrase and that OS starts.

For more detailed instructions which I pulled from but which are for instead of Vista, use this link:

:, , , , , , , , , , , ,

5 Comments for this entry

  • Jason Abate

    Thanks for the great instructions, just wanted to let you know that these work perfectly with Windows 7 as well (only needed minor changes to reflect different hard drive partitions on my system.) It’s great to now have both OSs fully encrypted!

  • Dennis

    Worked like a charm, thanks!

    Fedora Core 9

    Didn’t have my FC9 install disk handy, so used Disk1 from CentOS 5 in rescue mode. Mounts were slightly different and don’t need sudo to run grub, but otherwise the commands worked exactly as presented.

    Thanks again!


  • Björn Wetterbom

    Ubuntu 9.10 Karmic Koala

    I read both your instructions and the ones referred to on but could not get it working. Pressing ESC on the Truecrypt prompt did not work either. My problem was that /boot/grub/stage1 and stage2 were missing. But after doing “grub-install /dev/sda3″ followed by “update-grub” they appeared where expected (sda3 is my /boot partition). After that both your method and ESC on Truecrypt prompt started working. It seems that a vanilla install does not put /boot/grub/stage1 and stage2 in the expected place.

    Note also that it is not necessary to boot from a live CD. I used Grub on a CD (actually “Super Grub Disk”, which can be downloaded as a .iso) to boot the system I already had. All Grub commands can then be run from there.

    Thanks for simplifying the instructions. They’re pretty messy.

  • Jitesh Gajjar

    This was great. I have followed and managed to encrypt the win xp side as well linux (ubuntu 10.04.3), and my dual booting works. I have one question.
    after booting into linux, how can I access my win xp files from linux. Is it possible. On the windows side I used truecrypt to do a ‘system encryption’.
    Jitesh Gajjar

  • pz

    how can I have the same result having window7 partition encripted (with truecrypt) already?

    I have now 3 primary partitions: OEM partition (39GB), Recovery partition (15 GB) and system partition (Windows7, 220GB). And no free space already.

    it’s posible to downsize encrypted partition?

6 Trackbacks / Pingbacks for this entry

Leave a Reply

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!