Howto Dual Boot FullDisk Encryption Truecrypt Luks MBR Grub2

Write tutorials and howtos in here
There are more tutorials here http://community.linuxmint.com/tutorial/welcome
Forum rules
Do not start a support topic here please. Before you post please read this

Howto Dual Boot FullDisk Encryption Truecrypt Luks MBR Grub2

Postby n00ti on Sun Apr 17, 2011 12:40 am

This, for me has been a nightmare with scant up-to-date information so I wanted to provide the steps I did to get this working. There is probably an easier way but no one has been kind enough to post it yet.

I now have the Windows Vista partition fully encrypted and linux-mint 10 full encrypted with Truecrypt-loader on the MBR and grub2 on a separate boot partition.

This entire installation takes place on one partitioned hard drive. I like to have my OSs on one hard drive and all of my personal files on separate hard drives that way I can whole drive encrypt them and mount them in either windows or linux when needed.

What you will need:

I used linux-mint 10 standard CD edition.

You will need a CDr so you can burn your truecrypt bootloader.

Also, for Vista, you will need Service Pack 1 to full drive encrypt with truecrypt so you may want to burn that to CDr too.

You will also need an internet connection during installation so if your wireless doesn't work off the live CD then you will need make sure you have an ethernet connection.

1. Partition hard drive

You will to create 3 partitions

sda1 for the boot partiton
sda2 for the winders partiton
sda3 for linux mint

boot up linux-mint cd and make partitions with fdisk

sda1 100M
sda2 as big as you want, pick label "7" which is HP/NTFS
sda3 as big as you want for linux

Reboot and install windows on sda2
(Vista needs SP1)

Then do a system encryption with Truecrypt (not entire disk!)
also select "single boot" (you'll know it when you see it)
Make sure you burn the truecrypt-bootloader

you can defer the truecrypt encryption after it is installed so you can get on with installing linux.

linux install with luks and lvm

Just keep it simple and go with only a swap and / volume. Anymore and it gets complicated:

boot up live cd

Code: Select all
sudo su
apt-get install cryptsetup lvm2
modprobe aes_i586
modprobe dm_crypt
cryptsetup -v -c aes-cbc-essiv:sha256 --key-size 256 luksFormat /dev/sda3

enter your password

cryptsetup luksOpen /dev/sda3 cryptdisk
vgcreate crypto /dev/mapper/cryptdisk
lvcreate -n swap -L 2G crypto
lvcreate -n root -l 100%FREE crypto
mkswap /dev/mapper/crypto-swap
swapon -a
mkfs.ext3 -j -O extent /dev/mapper/crypto-root
ubiquity


go through the install and don't encrypt your home folder
mount crypto-root to / with ext3 format
mount crypto-swap to swap
mount /dev/sda1 to /boot with ext2 format

finish install and DON'T REBOOT

continue

Code: Select all
mkdir /mnt/root
mount /dev/mapper/crypto-root /mnt/root
mount /dev/sda1 /mnt/root/boot
mount --bind /dev /mnt/root/dev
mount --bind /dev/pts /mnt/root/dev/pts
mount --bind /proc /mnt/root/proc
chroot /mnt/root
apt-get install lvm2 cryptsetup


Code: Select all
gedit /etc/crypttab

add the following line and save:
Code: Select all
cryptdisk /dev/sda3 none luks


Code: Select all
gedit /etc/initramfs-tools/modules

add the following items and save:
Code: Select all
aes_i586
sha256
dm_mod
dm_crypt


Code: Select all
update-initramfs -u -k all -c
umount -a
reboot


That should nixard the truecrypt-bootloader to boot up with the truecrypt rescue disk:
Are you trying to create a hidden system? no
option 2 should be the "reinstall bootloader to MBR" pick that

Reboot and you should have entry to winders.

Now we need to get grub2 on the boot partition to work.

Reboot with Mint CD.


Code: Select all
sudo su
apt-get install cryptsetup lvm2
cryptsetup luksOpen /dev/sda3 cryptdisk
mkdir /mnt/root
mount /dev/mapper/crypto-root /mnt/root
mount /dev/sda1 /mnt/root/boot
for i in /dev /dev/pts /proc /sys; do sudo mount -B $i /mnt/root$i;  done
chroot /mnt/root
apt-get purge grub grub-pc grub-common

select "yes"
Code: Select all
apt-get install grub-common grub-pc

"ok"
you will be give a list of partitions:
select "/dev/sda1"

It will tell you that this is a horrible idea.

Do it anyway.

Code: Select all
update-grub
exit
umount -a
reboot


Now when you reboot, truecrypt-bootloader comes first. To boot linux hits "esc" and you'll boot into grub2.

done.

This was hell. HELL!!!

I hope it helps someone else.
n00ti
Level 1
Level 1
 
Posts: 1
Joined: Sun Apr 17, 2011 12:10 am

Linux Mint is funded by ads and donations.
 

Re: Howto Dual Boot FullDisk Encryption Truecrypt Luks MBR G

Postby robertb on Sun Jun 30, 2013 10:47 am

Do you know if this should work on an LMDE (Debian-based) system?
robertb
Level 1
Level 1
 
Posts: 31
Joined: Sun May 22, 2011 9:36 pm

Re: Howto Dual Boot FullDisk Encryption Truecrypt Luks MBR G

Postby kdasummer on Mon Jul 22, 2013 2:16 pm

I would NOT have been able to do this setup on my computer without your guide. THANK YOU!
kdasummer
Level 1
Level 1
 
Posts: 2
Joined: Sun Jan 13, 2013 3:54 pm


Return to Tutorials / Howtos

Who is online

Users browsing this forum: No registered users and 5 guests