PZolee's blog

Software testing

About me



Name:
Zoltán Pallagi

Bio:
Job title: Senior software tester engineer, Degree: Information Technology Engineer (BMF). More information

Join to syslog-ng community:

Archives

GRUB2 and Truecrypt – Windows-Linux dual-boot system

Thursday, July 22, 2010 @ 03:07 PM Author: Zoltán Pallagi

As I have already mentioned in my previous post, I have a NTFS partition with Windows 7 and another encrypted one with Ubuntu 10.04. For security reasons, I wanted to encrypt the NTFS partition as well. Because of Bitlocker is not available only from Windows 7 Ultimate, I’ve choosed the free Truecrypt (www.truecrypt.org). I found a lot of solution using Google how to create encrypted system partition with Truecrypt and make dual-booted system and I thought it would be easy.

In a few words, the theory was the following: After encrypting partition with Truecrypt, I should copy the first sector of MBR to a file(to make a copy about Truecrypt boot loader), then restore the original GRUB with a live CD and select this file to GRUB chainloader. So I can select both Linux and Windows (Truecrypt loader) from GRUB boot menu.

Well, I was wrong, twice. Firstly, I installed my Ubuntu with default boot loader of 10.04 (wich is GRUB2), secondly I used Ext4 file-system. The problem is that GRUB2 is installed in MBR a little bit different way so that Truecrypt boot loader will detect it as a damaged boot loader and will not work (it cannot load Windows) with GRUB chainloader. In this case, the following error message will be displayed by Truecrypt boot loader:

TrueCrypt Boot Loader Load damaged! Use Rescue Disk: Repair > Options > Restore Truecrypt Boot Loader.

For more details see: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/484102

The second problem is that the above works with GRUB1, but it doesn’t support Ext4 file-system yet.

To solve this situation, we should use a workaround. We will use Truecrypt boot loader to load GRUB and not GRUB to load Truecrypt.

If you have already done the steps of encrypting a system partiton with Truecrypt (for example using the following description:http://www.steve-oh.com/blog/index.php/ubuntu-vista-dual-boot-full-encryption-with-truecrypt/) then you have GRUB boot loader in MBR and you can start Ubuntu, but you cannot start chainloaded truecrypted partition. In this case, you should do the following:

Start Ubuntu and install GRUB into Linux partition and not into MBR.

Let’s see my partitions:

root@thor-t410:/home/pzolee# fdisk -l

/dev/sda lemez: 320.1 GB, 320072933376 bájt
240 fej, 63 szektor, 41345 cilinder
Egység: cilinderek 15120 * 512 = 7741440 bájt
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Lemezazonosító: 0x5cced388

Eszköz Indítás   Eleje         Vége      Blokkok  Az  Rendszer
/dev/sda1   *           1       16808   127066112    7  HPFS/NTFS
/dev/sda2           16808       16873      487424   83  Linux
/dev/sda3           16873       41346   185015297    5  Kiterjesztett
/dev/sda5           16873       41346   185015296   83  Linux

/dev/sda2 is my boot partition, so I will install GRUB to here.

root@thor-t410:/home/pzolee# grub-install –force /dev/sda2
/usr/sbin/grub-setup: warn: Kísérlet a GRUB telepítésére partícióra az MBR helyett. Ez egy ROSSZ ötlet..
/usr/sbin/grub-setup: warn: A beágyazás nem lehetséges. A GRUB csak blokklisták használatával telepíthető erre az eszközre. A blokklisták azonban NEM MEGBÍZHATÓK, és használatuk nem ajánlott..
Installation finished. No error reported.

You should ingore these warnings because installation was success (sorry for Hungarian messages, but I use my Ubuntu with Hungarian language support)

Now, we will use an important method of truecrpyt boot loader:

If you press ESC instead of giving password, truecrypt boot loader will try to find and load the boot loader of the next partitions (like a kind of chainloader) so it will find GRUB in /dev/sda2 and starts it.

After installing GRUB into /dev/sda2, you have to do only one thing, just boot from Truecrypt rescue CD and choose recover Truecrypt boot loader. After you restart the computer, Truecrypt boot loader is going to start and if you give the correct password then Windows will be started, or you can press ESC to load GRUB where you can select Ubuntu.

Installing Truecrypt on Lenovo T410/Core i5 CPU

Just a tip:
Truecrypt doesn’t work on  above combination if “boot from network” and “virtualization support” options are enabled… When truecrpyt pretest reboots the computer it will give MMAP:1 or MMAP:2 error messages and cannot load Windows. To solve it, just disable these options in BIOS (of course, it’s a workaround, but we don’t really have any choice)