Comments on: Dual boot and full encryption

By: sven

sven — Tue, 22 Jul 2008 07:01:24 +0000

@leetlover:
PGP WDE has no driver for Linux yet (as most other competitors, with CompuSec being only half – if that – useful to Linux users). So Linux only sees the encrypted data on your partitions and doesn’t have a way of decrypting that.

By: leetlover

leetlover — Mon, 21 Jul 2008 18:25:20 +0000

You could use TrueCrypt, which is cross-platform.
I have a similar problem now.
In fact, I have both sides encrypted separately, Windows XP and Ubuntu, but I haven’t figured out yet how to use the Windows volumes from Linux without formatting them and making them TrueCrypt volumes.

PGP WDE can encrypt your Windows partition and it plays along nicely.
Here’s my issue on their forums:
http://forum.pgp.com/pgp/board/message?board.id=54&thread.id=3889

By: Marco GruÃŸ

Marco GruÃŸ — Wed, 25 Apr 2007 15:25:04 +0000

CompuSec only ships with precompiled kernels for some SuSE and RedHat versions. Its driver will be useless for any other kernel since sources are not available.

However, the following worked for me:

- Install Windows
- Create the partitions intended for use with Linux before encrypting. CompuSec seems to change the partition type of partitions created after encryption to 0×07 (NTFS) at every reboot. It doesn’t do this if the partitions were there before encryption.
- Install CompuSec and encrypt the entire hard disk
- Install/copy your installed Linux to the partitions you created earlier, using dm-crypt at your convenience
- Follow the steps in Jari Eskelinen’s HOWTO, using GRUB to launch the CompuSec MBR

You’re done.

Careful: If you ever decide to decrypt your hard disk using CompuSec, CompuSec will use your Linux partitions as the cipher text and turn them into gibberish, so do backup your data!

By: sven

sven — Wed, 04 Apr 2007 14:36:15 +0000

mlabonte:
I didn’t try CompuSec because I didn’t want all the bundled Windows software. Apart from that, the method at http://keitin.net/jarpatus/articles/dcpp_grub/index_eng.shtml works for me though. A very similar approach should work for PGP Whole Disk Encryption.

By: mlabonte

mlabonte — Wed, 04 Apr 2007 13:51:43 +0000

CompuSec says right in their datasheet that “Multiple Operating systems are supported on a single computer”. And I believe that supports a mixed-environment. However, I had trouble getting their Windows software to run, and it seems to bundle in a bunch of junk I didn’t want or need, (identity management etc.). However this is your best bet, despite the fact it isn’t a standard linux mechanism.

By: Odette

Odette — Wed, 14 Mar 2007 10:13:42 +0000

Good site! I found in google.com +

By: sven

sven — Wed, 21 Feb 2007 17:03:36 +0000

You are probably talking about the CompuSec software from CE-Infosys. However though I looked closely at their site (including data sheet and FAQ), I found no hint that they would support dual boot options.
Also, I'm expecting that they would only support this option if their software is installed in both Linux and Windows. I would prefer to use standard Linux mechanisms for encryption on that side though.

Regards,
Sven

By: Anonymous

Anonymous — Wed, 21 Feb 2007 15:47:11 +0000

CompuSec has a free program to do full disk encryption (AES 128bit), and will support linux/winxp dual boot.

How’s that for better late than never?

By: Anonymous

Anonymous — Thu, 15 Feb 2007 17:00:05 +0000

Using DriveCrypt Plus Pack with Linux / GRUB HOWTO:
http://keitin.net/jarpatus/articles/dcpp_grub/index_eng.shtml
better late than never

By: Benjamin Seidenberg

Benjamin Seidenberg — Sat, 25 Nov 2006 04:26:36 +0000

Ah, got you. Hmm – does grub have a way to forge the response to the request for the mbr? Anyway, let me know what you find out, as I’d love to lock down window’s disk. (Though I think I may have a bios way to do it through the TPM chip)

By: sven

sven — Sat, 25 Nov 2006 04:23:24 +0000

I’m sorry, but neither PGP Whole Disk Encryption nor Drive Crypt Plus Pack (the two whole disk encryption tools for Windows I tried) allowed Grub to be in the MBR, loading the saved MBR with their code from somewhere else. They check the MBR to verify that their code wasn’t tempered with, it seems.
I posted a feature request for PGP WDE to allow putting it into the Windows partition boot sector so that it would allow another boot manager to be in the MBR but didn’t get a feedback on that yet.

By: Benjamin Seidenberg

Benjamin Seidenberg — Sat, 25 Nov 2006 03:27:53 +0000

Hmm – I’d look into what textshell said. It may be possible to do the reverse of what Segras and and boot ed were talking about – Have grub launch NTLDR to launch windows. This saves the nastiness since there aren’t usually options for NTLDR so you don’t have redundancy in your boot loaders.

By: sven

sven — Tue, 14 Nov 2006 13:20:37 +0000

Thanks for the suggestions about using the ntloader as the primary boot loader/chooser. This has one minor problem though:
I would have two boot loaders where I would need to make a choice: The ntloader to choose between windows and linux followed by grub to choose between different kernels or kernel options. Thats quite inconvenient, but a possibility I will surely try out. Currently, I like the option of using an externel storage for grub and linux’s /boot better though. We will probably see how it works out.
The optimal solution would still be some disk encryption software for windows which doesn’t require to be put into the MBR.

And special thanks to boot ed for the link to bootpart. That tool is really useful.

By: Seegras

Seegras — Tue, 14 Nov 2006 10:59:38 +0000

Using lilo, dd if=/dev/hda4 of=bootsect count=1 bs=512 and putting that sector onto the windows-harddisk and include it into the windows boot-menu won’t work?

By: Anonymous

Anonymous — Tue, 14 Nov 2006 02:22:30 +0000

At my working place, we try to use IP-video-conferencing, and we were so far unable to get VMware (and as far as I know, qemu wasnâ€™t better) to allow the Windows guest to use the USB webcam on a Linux host OS.

qemu definitely supports granting the guest access to USB devices; you might give it a try.