SteveOH

Ubuntu / Vista Dual Boot – Full Encryption with TrueCrypt

by on Mar.12, 2009, under Technology

sda1: encrypted with
sda2: Hardy Heron /boot partition (not encrypted)
sda3: Ubuntu Hardy Heron encrypted volume with LVM inside and / and swap partions within LVM (to save partitions used overall incase it gets over 5 partitions)
sda4: Working on installing OSX Leopard on this partition currently.

The steps I used are as follows, in brief:
1) Installed Vista first (actually pre-installed on laptop)

2) Installed Ubuntu second using encrypted physical volume with LVM inside it and 2 partions / and swap inside the LVM(at this point, was in the MBR)

3) Ran full windows (not full disk ) through TrueCrypt and let it write its bootloader to the MBR. (obviously overwriting Grub in the MBR)

4) Booted with a live cd and copied the truecrypt bootloader from the MBR to a file in the /boot partition (sda2)
use these commands to do so:
dd if=/dev/sda of=/mnt/boot/truecrypt.mbr count=1 bs=512
dd if=/dev/sda of=/mnt/boot/truecrypt.backup count=8 bs=32256

5)Reinstalled grub to the MBR using these commands:
sudo grub
install (hd0,1)/grub/stage1 (hd0) (hd0,1)/grub/stage2 0×8000 p

6) Added a chainloader to the menu.lst Vista entry to point to the truecrypt bootloader within the /boot partition like so:

title Windows Vista/Longhorn
rootnoverify (hd0,0)
makeactive
chainloader (hd0,1)/truecrypt.mbr
boot

The only partition not encrypted in the /boot partition so far, which is fine. After grub loads, no matter which OS I choose, I enter a passphrase and that OS starts.

For more detailed instructions which I pulled from but which are for instead of Vista, use this link:

http://ubuntuforums.org/showthread.php?t=761530

:, , , , , , , , , , , ,

5 Comments for this entry

  • Jason Abate

    Thanks for the great instructions, just wanted to let you know that these work perfectly with Windows 7 as well (only needed minor changes to reflect different hard drive partitions on my system.) It’s great to now have both OSs fully encrypted!

  • Dennis

    Worked like a charm, thanks!

    WindowsXP
    Fedora Core 9

    Didn’t have my FC9 install disk handy, so used Disk1 from CentOS 5 in rescue mode. Mounts were slightly different and don’t need sudo to run grub, but otherwise the commands worked exactly as presented.

    Thanks again!

    -Dennis

  • Björn Wetterbom

    Ubuntu 9.10 Karmic Koala

    I read both your instructions and the ones referred to on ubuntuforums.org but could not get it working. Pressing ESC on the Truecrypt prompt did not work either. My problem was that /boot/grub/stage1 and stage2 were missing. But after doing “grub-install /dev/sda3″ followed by “update-grub” they appeared where expected (sda3 is my /boot partition). After that both your method and ESC on Truecrypt prompt started working. It seems that a vanilla install does not put /boot/grub/stage1 and stage2 in the expected place.

    Note also that it is not necessary to boot from a live CD. I used Grub on a CD (actually “Super Grub Disk”, which can be downloaded as a .iso) to boot the system I already had. All Grub commands can then be run from there.

    Thanks for simplifying the ubuntuforums.org instructions. They’re pretty messy.

  • Jitesh Gajjar

    This was great. I have followed and managed to encrypt the win xp side as well linux (ubuntu 10.04.3), and my dual booting works. I have one question.
    after booting into linux, how can I access my win xp files from linux. Is it possible. On the windows side I used truecrypt to do a ‘system encryption’.
    Jitesh Gajjar

  • pz

    how can I have the same result having window7 partition encripted (with truecrypt) already?

    I have now 3 primary partitions: OEM partition (39GB), Recovery partition (15 GB) and system partition (Windows7, 220GB). And no free space already.

    it’s posible to downsize encrypted partition?

6 Trackbacks / Pingbacks for this entry

Leave a Reply

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!