I now have the Windows Vista partition fully encrypted and linux-mint 10 full encrypted with Truecrypt-loader on the MBR and grub2 on a separate boot partition.
This entire installation takes place on one partitioned hard drive. I like to have my OSs on one hard drive and all of my personal files on separate hard drives that way I can whole drive encrypt them and mount them in either windows or linux when needed.
What you will need:
I used linux-mint 10 standard CD edition.
You will need a CDr so you can burn your truecrypt bootloader.
Also, for Vista, you will need Service Pack 1 to full drive encrypt with truecrypt so you may want to burn that to CDr too.
You will also need an internet connection during installation so if your wireless doesn't work off the live CD then you will need make sure you have an ethernet connection.
1. Partition hard drive
You will to create 3 partitions
sda1 for the boot partiton
sda2 for the Windows partiton
sda3 for linux mint
boot up linux-mint cd and make partitions with fdisk
sda1 100M
sda2 as big as you want, pick label "7" which is HP/NTFS
sda3 as big as you want for linux
Reboot and install windows on sda2
(Vista needs SP1)
Then do a system encryption with Truecrypt (not entire disk!)
also select "single boot" (you'll know it when you see it)
Make sure you burn the truecrypt-bootloader
you can defer the truecrypt encryption after it is installed so you can get on with installing linux.
linux install with luks and lvm
Just keep it simple and go with only a swap and / volume. Anymore and it gets complicated:
boot up live cd
Code: Select all
sudo su
apt-get install cryptsetup lvm2
modprobe aes_i586
modprobe dm_crypt
cryptsetup -v -c aes-cbc-essiv:sha256 --key-size 256 luksFormat /dev/sda3
enter your password
cryptsetup luksOpen /dev/sda3 cryptdisk
vgcreate crypto /dev/mapper/cryptdisk
lvcreate -n swap -L 2G crypto
lvcreate -n root -l 100%FREE crypto
mkswap /dev/mapper/crypto-swap
swapon -a
mkfs.ext3 -j -O extent /dev/mapper/crypto-root
ubiquitymount crypto-root to / with ext3 format
mount crypto-swap to swap
mount /dev/sda1 to /boot with ext2 format
finish install and DON'T REBOOT
continue
Code: Select all
mkdir /mnt/root
mount /dev/mapper/crypto-root /mnt/root
mount /dev/sda1 /mnt/root/boot
mount --bind /dev /mnt/root/dev
mount --bind /dev/pts /mnt/root/dev/pts
mount --bind /proc /mnt/root/proc
chroot /mnt/root
apt-get install lvm2 cryptsetupCode: Select all
gedit /etc/crypttabCode: Select all
cryptdisk /dev/sda3 none luksCode: Select all
gedit /etc/initramfs-tools/modulesCode: Select all
aes_i586
sha256
dm_mod
dm_cryptCode: Select all
update-initramfs -u -k all -c
umount -a
rebootAre you trying to create a hidden system? no
option 2 should be the "reinstall bootloader to MBR" pick that
Reboot and you should have entry to Windows.
Now we need to get grub2 on the boot partition to work.
Reboot with Mint CD.
Code: Select all
sudo su
apt-get install cryptsetup lvm2
cryptsetup luksOpen /dev/sda3 cryptdisk
mkdir /mnt/root
mount /dev/mapper/crypto-root /mnt/root
mount /dev/sda1 /mnt/root/boot
for i in /dev /dev/pts /proc /sys; do sudo mount -B $i /mnt/root$i; done
chroot /mnt/root
apt-get purge grub grub-pc grub-common
Code: Select all
apt-get install grub-common grub-pcyou will be give a list of partitions:
select "/dev/sda1"
It will tell you that this is a horrible idea.
Do it anyway.
Code: Select all
update-grub
exit
umount -a
rebootdone.
This was hell. HELL!!!
I hope it helps someone else.