Howto Dual Boot FullDisk Encryption Truecrypt Luks MBR Grub2

Write tutorials here
There are more tutorials here
Forum rules
Please don't add support questions to tutorials,start your own thread in the appropriate sub-forum instead. Before you post please read this
Level 1
Level 1
Posts: 1
Joined: Sun Apr 17, 2011 12:10 am

Howto Dual Boot FullDisk Encryption Truecrypt Luks MBR Grub2

Postby n00ti » Sun Apr 17, 2011 12:40 am

This, for me has been a nightmare with scant up-to-date information so I wanted to provide the steps I did to get this working. There is probably an easier way but no one has been kind enough to post it yet.

I now have the Windows Vista partition fully encrypted and linux-mint 10 full encrypted with Truecrypt-loader on the MBR and grub2 on a separate boot partition.

This entire installation takes place on one partitioned hard drive. I like to have my OSs on one hard drive and all of my personal files on separate hard drives that way I can whole drive encrypt them and mount them in either windows or linux when needed.

What you will need:

I used linux-mint 10 standard CD edition.

You will need a CDr so you can burn your truecrypt bootloader.

Also, for Vista, you will need Service Pack 1 to full drive encrypt with truecrypt so you may want to burn that to CDr too.

You will also need an internet connection during installation so if your wireless doesn't work off the live CD then you will need make sure you have an ethernet connection.

1. Partition hard drive

You will to create 3 partitions

sda1 for the boot partiton
sda2 for the winders partiton
sda3 for linux mint

boot up linux-mint cd and make partitions with fdisk

sda1 100M
sda2 as big as you want, pick label "7" which is HP/NTFS
sda3 as big as you want for linux

Reboot and install windows on sda2
(Vista needs SP1)

Then do a system encryption with Truecrypt (not entire disk!)
also select "single boot" (you'll know it when you see it)
Make sure you burn the truecrypt-bootloader

you can defer the truecrypt encryption after it is installed so you can get on with installing linux.

linux install with luks and lvm

Just keep it simple and go with only a swap and / volume. Anymore and it gets complicated:

boot up live cd

Code: Select all

sudo su
apt-get install cryptsetup lvm2
modprobe aes_i586
modprobe dm_crypt
cryptsetup -v -c aes-cbc-essiv:sha256 --key-size 256 luksFormat /dev/sda3

enter your password

cryptsetup luksOpen /dev/sda3 cryptdisk
vgcreate crypto /dev/mapper/cryptdisk
lvcreate -n swap -L 2G crypto
lvcreate -n root -l 100%FREE crypto
mkswap /dev/mapper/crypto-swap
swapon -a
mkfs.ext3 -j -O extent /dev/mapper/crypto-root

go through the install and don't encrypt your home folder
mount crypto-root to / with ext3 format
mount crypto-swap to swap
mount /dev/sda1 to /boot with ext2 format

finish install and DON'T REBOOT


Code: Select all

mkdir /mnt/root
mount /dev/mapper/crypto-root /mnt/root
mount /dev/sda1 /mnt/root/boot
mount --bind /dev /mnt/root/dev
mount --bind /dev/pts /mnt/root/dev/pts
mount --bind /proc /mnt/root/proc
chroot /mnt/root
apt-get install lvm2 cryptsetup

Code: Select all

gedit /etc/crypttab

add the following line and save:

Code: Select all

cryptdisk /dev/sda3 none luks

Code: Select all

gedit /etc/initramfs-tools/modules

add the following items and save:

Code: Select all


Code: Select all

update-initramfs -u -k all -c
umount -a

That should nixard the truecrypt-bootloader to boot up with the truecrypt rescue disk:
Are you trying to create a hidden system? no
option 2 should be the "reinstall bootloader to MBR" pick that

Reboot and you should have entry to winders.

Now we need to get grub2 on the boot partition to work.

Reboot with Mint CD.

Code: Select all

sudo su
apt-get install cryptsetup lvm2
cryptsetup luksOpen /dev/sda3 cryptdisk
mkdir /mnt/root
mount /dev/mapper/crypto-root /mnt/root
mount /dev/sda1 /mnt/root/boot
for i in /dev /dev/pts /proc /sys; do sudo mount -B $i /mnt/root$i;  done
chroot /mnt/root
apt-get purge grub grub-pc grub-common

select "yes"

Code: Select all

apt-get install grub-common grub-pc

you will be give a list of partitions:
select "/dev/sda1"

It will tell you that this is a horrible idea.

Do it anyway.

Code: Select all

umount -a

Now when you reboot, truecrypt-bootloader comes first. To boot linux hits "esc" and you'll boot into grub2.


This was hell. HELL!!!

I hope it helps someone else.

Level 1
Level 1
Posts: 30
Joined: Sun May 22, 2011 9:36 pm

Re: Howto Dual Boot FullDisk Encryption Truecrypt Luks MBR G

Postby robertb » Sun Jun 30, 2013 10:47 am

Do you know if this should work on an LMDE (Debian-based) system?

Level 1
Level 1
Posts: 1
Joined: Sun Jan 13, 2013 3:54 pm

Re: Howto Dual Boot FullDisk Encryption Truecrypt Luks MBR G

Postby kdasummer » Mon Jul 22, 2013 2:16 pm

I would NOT have been able to do this setup on my computer without your guide. THANK YOU!

Return to “Tutorials”