I am looking for multi-platform on-the-fly encryption tool, both truecrypt and luks /dmcrypt/ can provide, but I cant have dual boot /Linux&windows/ in this case, because TC does not support multi boot with other than Windows OS and luks is not supported on Windows or am I wrong?
I was thinking about this option:
Have a initram which will mount luks device with encrypted Windows and than start another grub which will chain windows' boot loader is this possible?
Or have you got any better solution?
To be clear I would like to encrypt whole disk, not just part.
Also no readable headers /information about encryption/ in plain text /as luks has/ seems to be like nice to have feature
Answer
This is what I did on an XP system:
- Install Windows, leaving plenty of room for an encrypted Linux partition.
- Do the Truecrypt full disk encryption in Windows and wait until it completes.
- Install Ubuntu on a new partition in free space. Install to LUKS encrypted partition and remember passphrase. Do not overwrite your Windows partition. Do not install GRUB.
- Return to Windows, snag a copy of
grldr
and put thegrldr
file in your C:\ root. - Add this line near the bottom of your
c:\boot.ini
:
c:\grldr="GRLDR"
- Also a good idea to add
Timeout=10
or similar near the top. - You'll need to make an old GRUB 0.9-style
menu.lst
in "c:\" that points to your Ubuntu installation. I put Linux on my second partition and mymenu.lst
looks like this:
timeout 0
default 0
title grub2
find --set-root /grub/core.img
kernel /grub/core.img
boot
The end result is this:
- You turn on your system and get Truecrypt bootloader. Enter passphrase.
- You are then taken to Windows bootloader, where you can select Windows or GRLDR. Windows will boot encrypted Windows. GRLDR will boot Linux.
- Linux will ask you for passphrase if you select it. So you have to enter two passphrases to boot Linux. This is not something I minded.
With Vista/7 the process is the same except instead of editing boot.ini
you need to use bcdedit.exe
, or another BCD editor, to create BCD entries. I've not tried this on a Vista/7 system yet.
No comments:
Post a Comment