Skip to main content

Dualboot with WDE (Whole Disk Encryption) Windows 7 and Linux Kubuntu 11.10


See the great reference http://www.iceflatline.com/2009/09/how-to-dual-boot-Windows-7-and-linux-using-bcdedit/

Introduction

I have PGP-WDE on a Windows 7 laptop, but I want to have a Linux dual boot partition and also with whole disk encryption. This is how it was done.

Detailed situation
Usually,
  • A virtual machine is convenient.
  • Home directory encryption is enough.
  • Just use PGP-WDE is possible.
But, sometimes life is not so easy. If you are in the following situation, you have the same problem with me.
Then, we need another solution.

Suggested solution
  • Windows 7 partition is encrypted by PGP-WDE.
  • Linux (Kubuntu 11.10) partition is encrypted by dm-crypt.
  • (My machine is Lenovo W520 with 500GB HD.)


How to do it?

1. Decrypt PGP disk

Use PGP Disk tool to decrypt your disk. Because you can not install Linux on a decrypted disk.  It took 8 hours for 500GB disk on Lenovo W520.

2. Partition the disk
  • Use Windows Disk Management or any other tool to shrink the Windows 7 partition.
  • Note: Windows 7 has a small extra partition (around 300MB size). This is necessary and do not delete it.
3. Install Linux (Kubuntu 11.10)

Push ThinkVantage button, and push F12 to boot other drive. I use Kbuntu 11.10 and boot via USB key.

Install Kubuntu
  • The alternate CD contains whole disk encryption menu. Kubuntu Desktop only offers home directory encryption option. (You also need a Desktop CD later)
Partition disk

  • We will have "/boot", "/", and swap partition. swap may not needed. 
  • Note: /boot should not be encripted. 
  • Choose Manual. I made following partitions 
  • primary 200MB ext4 /boot, /dev/sda4 (You should remember /boot partition's device name) 
  • logical 241GB K lvm 
  • logical 8G swap
  • I choose the / partition for lvm 
Configure encrypted volumes
  • Create encrypted volumes 
  • Choose /dev/sda6 (lvm), /dev/sda5 (swap) 
  • Encryption method: Device mapper (dm-crypt) 
  • Encryption: aes 
  • Finished encryption 
  • Input pass phrase 
Now it starts to install, but without asking where the boot loader is installed. (I was scared since I have already break Windows 7 when PGP-WDE encryption is active and master boot record is overwritten. I try to recover MBR, but, I could not fix it and need to re-install Windows 7.)

After install the base system, the installer asked us where the GRUB boot loader should be installed.
  • Say 'No' to: Install the GRUB boot loader to the master boot record? 
  • Install the GRUB boot loader in the /boot linux partition (my case, /dev/sda4) 
  • Reboot the Linux (from USB key or Live CD, not Alternate CD)4.


Dual boot set up from Windows 7 partition
  • After the reboot from Desktop CD/USB key, we will set up the dual boot.
  • Copy the relevant info to a USB key (mounted on /media/myusbkey in this example) or similar:
 sudo dd if=/dev/sda4 of=/media/myusbkey/linux.bin bs=512 count=1
  • This makes only 512 byte file.
  • Boot Windows 7.
  • Copy linux.bin from the USB key to some place on the Windows partition, e.g. C:\linux.bin
  • Run the command line tool as administrator (right click the icon for that).
  • Run the following commands:
bcdedit /create /d "Linux" /application BOOTSECTOR
  • "Linux" can of course be something else. The command outputs a long ID, use that instead of {ID} in the following commands.
bcdedit /set {ID} device partition=c:
bcdedit /set {ID} path \linux.bin
bcdedit /displayorder {ID} /addlast
bcdedit /timeout 10
5. Linux boot set up
  • I failed boot in normal mode, but I can boot recovery mode.
  • It seems normal mode make the encryption passphrase input prompt invisible. It looks like a hung up. But this seems Linux is asking disk's pass phrase.  Just we can not see the prompt.
  • I changed the grub settings. Don't do quiet mode and graphical mode. I could not find /boot/grub/menu.lst file in Kubuntu 11.10. There is a /etc/default/grub file.
  1. boot with recovery mode (You will be asked the passphrase.)
  2. sudo vi /etc/default/grub
  3. Edit the line: GRUB_CMDLINE_LINUX_DEFAULT="splash nomodeset pci=noacpi" from "quiet splash"
  4. run sudo update-grub (I think this changes /boot/grub/grub.cfg)

  • Note: If you don't have pci=noacpi here, Lenovo W520 with Linux kernel 3.0.0.15 hung up when using NVIDIA card. If you have still problem, try acpi=off. (Intel integrated graphics card has no problem.)

6. Windows 7 PGP partition encryption
  • Use the PGP tool to re-encrypt the Windows partition (not the whole disk). 240GB encripytion took 6 and half hours in my case.
  • When you want to encrypt Windows partition, you must choose: Encrypt Whole Disk, then, the PGP Desktop asked you to create new user. I choose Windows password and default settings.
7. Finished
Now your whole harddisk is encrypted except linux /boot partition. But, there is no secret here.


Thanks to Daniel, Joachim, and Joerg for many hints.

Labels:

Comments

niriven said…
Thank you so much for this info. I have not been able to run linux for months on my w520 do to the boot process hanging at udev waiting for uevents hanging forever in nvidia discrete mode. Integrated and optimus modes worked but not ideal. I've seens others on the net with the same issue but your solution pci=nopci is the the only thing that solved my problem!
April 7, 2012 at 11:02 PM
Post a Comment

Popular posts from this blog

Why A^{T}A is invertible? (2) Linear Algebra

Why A^{T}A has the inverse Let me explain why A^{T}A has the inverse, if the columns of A are independent. First, if a matrix is n by n, and all the columns are independent, then this is a square full rank matrix. Therefore, there is the inverse. So, the problem is when A is a m by n, rectangle matrix.  Strang's explanation is based on null space. Null space and column space are the fundamental of the linear algebra. This explanation is simple and clear. However, when I was a University student, I did not recall the explanation of the null space in my linear algebra class. Maybe I was careless. I regret that... Explanation based on null space This explanation is based on Strang's book. Column space and null space are the main characters. Let's start with this explanation. Assume  x  where x is in the null space of A .  The matrices ( A^{T} A ) and A share the null space as the following: This means, if x is in the null space of A , x is also in the null spa
Post a Comment
Read more

Gauss's quote for positive, negative, and imaginary number

Recently I watched the following great videos about imaginary numbers by Welch Labs. https://youtu.be/T647CGsuOVU?list=PLiaHhY2iBX9g6KIvZ_703G3KJXapKkNaF I like this article about naming of math by Kalid Azad. https://betterexplained.com/articles/learning-tip-idea-name/ Both articles mentioned about Gauss, who suggested to use other names of positive, negative, and imaginary numbers. Gauss wrote these names are wrong and that is one of the reason people didn't get why negative times negative is positive, or, pure positive imaginary times pure positive imaginary is negative real number. I made a few videos about explaining why -1 * -1 = +1, too. Explanation: why -1 * -1 = +1 by pattern https://youtu.be/uD7JRdAzKP8 Explanation: why -1 * -1 = +1 by climbing a mountain https://youtu.be/uD7JRdAzKP8 But actually Gauss's insight is much powerful. The original is in the Gauß, Werke, Bd. 2, S. 178 . Hätte man +1, -1, √-1) nicht positiv, negative, imaginäre (oder gar um
Post a Comment
Read more

Why parallelogram area is |ad-bc|?

Here is my question. The area of parallelogram is the difference of these two rectangles (red rectangle - blue rectangle). This is not intuitive for me. If you also think it is not so intuitive, you might interested in my slides. I try to explain this for hight school students. Slides:  A bit intuitive (for me) explanation of area of parallelogram  (to my site, external link) . 
Post a Comment
Read more