Installing Encrypted (TrueCrypt) Windows with Ubuntu Default
Necessary: put Windows and Ubuntu on one machine at the same time so that it was impossible to view the contents of Windows without having a password. CD-ROM is not, USB Only.
Working with a virtual machine from under Ubuntu did not like for many reasons, the main one is significant performance problems.
It was decided: install 2 OSes in parallel (Windows & Ubuntu) in such a way that Ubuntu is loaded by default, and Windows is located on the boot partition.
First you need to prepare. We will need: 2 flash drives of sufficient size.
On one we put Ubuntu:
Instructions how to make USB Ubuntu under Windows
Download universal USB linux installer
Download Ubuntu Image
Press a couple of buttons (specify the path to the ISO and run) and that's it - the flash drive is ready.
On another we put Windows:
Windows Instructions
On the same flash drive, copy all the drivers of our computer (so as not to search later) and the program for encrypting TrueCrypt (FREE! OPEN SOURCE!) Download
Briefly: we will encrypt the Windows partition using the TrueCrypt program. We want to get a scheme in which the linux loader loads first (grub) and, if necessary, captures the TrueCrypt loader, which already in turn loads Windows from the encrypted system partition. In this case, encryption will occur on the fly, that is, at any time the data on the disk will be securely stored.
')
Now we are armed and fully prepared. Now print the instructions below or take a tablet / laptop and go.
Boot from a USB flash drive with Ubuntu (Try Ubuntu mode).
Run the program GParted (in the programs we type its name)
Select the desired disk, create a new partition table ( instructions ) in the style of msdos.
We split the disk like this:
If desired, there may be other sections (especially when installing Ubuntu, you may want to highlight something separately)
What have we done?
also boot in Try Ubuntu mode and use the wizard from the desktop
Select the Ubuntu installation section and set it accordingly to the partition above:
reboot into Ubuntu (installed)
and make the following command:
details here: habrahabr.ru/post/150209
So we will put Grub in the / boot partition
Boot from another flash drive and install Windows in the first partition.
Install TrueCrypt (by the way, there is a localization of www.truecrypt.org/localizations just download and unpack into the program folder)
Encrypt the partition with the system (the process is simple, I will only indicate the important points):
Reboot the required number of times and get an encrypted system.
In principle, at this stage it would be possible to calm down, because you already have:
The following steps are needed only to change the order and make the default, not an encrypted Ubuntu system, but a secondary Windows encrypted system.
Download Ubuntu
Now we need to teach GRUB2 to work with the saved ISO. This is done like this:
Copy the resulting ISO into / boot and rename it to /boot/truecrypt.iso
open the console and go to godmode mode:
then you need to put the memdisk utility in / boot, for this:
configure GRUB2
create the file /etc/grub.d/40_truecrypt with the following content:
here msdos2 is the second partition of the first disk (/ dev / sda2, yes the digit is the same, msdos because we have the type of the table located msdos, this is the syntax here)
Keep track of the spaces - it is important. File, specify the rights to execute the group and the owner:
so we have all the configs made, the executable files are copied, it remains to collect:
and write it to the MBR:
Now reboot and overload.
We have GRUB2 bootloader in MBR which, if necessary, can load the TrueCrypt bootloader from the TrueCrypt recovery disk image
The only thing that you probably won't be able to do when entering a password is to log in - this is because
That GRUB2 installed TrueCrypt keys during installation, but it’s not difficult to restore them:
just in the loader TrueCrypt, press F8 and select the appropriate item.
However, when overwriting the TrueCrypt bootloader, GRUB did not completely erase all flags and traces from it, so when booting via TrueCrypt you will probably see the following message:
inviting to create a hidden system, nothing will happen when Y is pressed, and when N is pressed, everything will load as it should.
To be beaten by this annoying message, you need to clean up all the tracks from TrueCrypt in the MBR manually:
Boot into Ubuntu and do these commands:
If you need to make the menu item hidden (so as not to attract attention at all), here is the instruction
Profit!
Working with a virtual machine from under Ubuntu did not like for many reasons, the main one is significant performance problems.
It was decided: install 2 OSes in parallel (Windows & Ubuntu) in such a way that Ubuntu is loaded by default, and Windows is located on the boot partition.
First you need to prepare. We will need: 2 flash drives of sufficient size.
On one we put Ubuntu:
Instructions how to make USB Ubuntu under Windows
Download universal USB linux installer
Download Ubuntu Image
Press a couple of buttons (specify the path to the ISO and run) and that's it - the flash drive is ready.
On another we put Windows:
Windows Instructions
On the same flash drive, copy all the drivers of our computer (so as not to search later) and the program for encrypting TrueCrypt (FREE! OPEN SOURCE!) Download
Briefly: we will encrypt the Windows partition using the TrueCrypt program. We want to get a scheme in which the linux loader loads first (grub) and, if necessary, captures the TrueCrypt loader, which already in turn loads Windows from the encrypted system partition. In this case, encryption will occur on the fly, that is, at any time the data on the disk will be securely stored.
')
Now we are armed and fully prepared. Now print the instructions below or take a tablet / laptop and go.
Step 1. Disk partitioning
Boot from a USB flash drive with Ubuntu (Try Ubuntu mode).
Run the program GParted (in the programs we type its name)
Select the desired disk, create a new partition table ( instructions ) in the style of msdos.
We split the disk like this:
/ dev / sda1 - Windows partition Type: Primary Partiton File system: NTFS Size: at least 30Gb (Windows system partition, I recommend giving 150Gb, because there will also be all Windows programs that should be encrypted) / dev / sda2 Ubuntu boot partition (then we will mount / boot there) Type: Primary Partiton File system: ext2 Size: 512mb / dev / sda3 LBA1 - partition container total Type: logical block addressing Size: your public system will be unlimited. / dev / sda4 SWAP Type: Section inside LBA1 (extended patition) File system: SWAP Size: equal to the size of your RAM (for example, 16Gb) / dev / sda5 Ubuntu main partition (/) Type: Section inside LBA1 (extended patition) File system: ext4 Size: your Ubuntu public system and its root will be unlimited here. / dev / sda6 Optional section for file sharing between two systems - this section will not be encrypted and both systems will be able to access it. Type: Section inside LBA1 (extended patition) File system: NTFS Size: optional.
If desired, there may be other sections (especially when installing Ubuntu, you may want to highlight something separately)
What have we done?
- we selected the first partition for Windows with the first partition - so it will rise without problems and we don’t have to create a stupid partition at 100mb, as if it had split the disk itself.
- we selected the hotel boot partition - this is very important, because that is how it will be convenient for us to get access to the Ubuntu system immediately after encrypting Windows without any dances with a tambourine =)
Step 2. we put Ubuntu
also boot in Try Ubuntu mode and use the wizard from the desktop
Select the Ubuntu installation section and set it accordingly to the partition above:
/ boot (/ dev / sda2) swap (/ dev / sda4) / (/ dev / sda5)
reboot into Ubuntu (installed)
and make the following command:
sudo grub-install /dev/sda2 --force details here: habrahabr.ru/post/150209
So we will put Grub in the / boot partition
Step 3. Install Windows
Boot from another flash drive and install Windows in the first partition.
Install TrueCrypt (by the way, there is a localization of www.truecrypt.org/localizations just download and unpack into the program folder)
Encrypt the partition with the system (the process is simple, I will only indicate the important points):
- Normal encryption, no hidden system
- Encryption scope: "Encrypt Windows system partition"
- Specify that we will have "multi-boot"
- We continue encryption and get a recovery disk (.ISO recovery disk image)
- Save the resulting .ISO to a USB flash drive - it is very important. Without it, many further steps will not be possible!
Reboot the required number of times and get an encrypted system.
In principle, at this stage it would be possible to calm down, because you already have:
- Encrypted system, with the main Truecrypt bootloader, which, when you press Esc, transfers the bootloader to GRUB2
- Ubuntu in the appropriate section.
The following steps are needed only to change the order and make the default, not an encrypted Ubuntu system, but a secondary Windows encrypted system.
Step 4. Configure GRUB2 and install it in the MBR
Download Ubuntu
Now we need to teach GRUB2 to work with the saved ISO. This is done like this:
Copy the resulting ISO into / boot and rename it to /boot/truecrypt.iso
open the console and go to godmode mode:
sudo -i then you need to put the memdisk utility in / boot, for this:
apt-get install syslinux cp /usr/lib/syslinux/memdisk /boot configure GRUB2
nano /etc/grub.d/40_truecrypt create the file /etc/grub.d/40_truecrypt with the following content:
#!/bin/sh exec tail -n +3 $0 # TrueCrypt menuentry "Microsoft Windows" { insmod part_msdos insmod ext2 set root='(hd0,msdos2)' linux16 ($root)/memdisk iso raw initrd16 ($root)/truecrypt.iso } here msdos2 is the second partition of the first disk (/ dev / sda2, yes the digit is the same, msdos because we have the type of the table located msdos, this is the syntax here)
Keep track of the spaces - it is important. File, specify the rights to execute the group and the owner:
chmod og+x /etc/grub.d/40_truecrypt so we have all the configs made, the executable files are copied, it remains to collect:
update-grub and write it to the MBR:
grub-install /dev/sda Now reboot and overload.
We have GRUB2 bootloader in MBR which, if necessary, can load the TrueCrypt bootloader from the TrueCrypt recovery disk image
The only thing that you probably won't be able to do when entering a password is to log in - this is because
That GRUB2 installed TrueCrypt keys during installation, but it’s not difficult to restore them:
just in the loader TrueCrypt, press F8 and select the appropriate item.
However, when overwriting the TrueCrypt bootloader, GRUB did not completely erase all flags and traces from it, so when booting via TrueCrypt you will probably see the following message:
it appears you are creating a hidden os. is this correct (y / n)
inviting to create a hidden system, nothing will happen when Y is pressed, and when N is pressed, everything will load as it should.
To be beaten by this annoying message, you need to clean up all the tracks from TrueCrypt in the MBR manually:
Boot into Ubuntu and do these commands:
- check that there are tails from TrueCrypt
dd if=/dev/sda count=8 bs=1 skip=6
should bring "TrueCryp" - clean the TrueCrypt marker in the MBR:
echo 'grub<3tc' | dd of=/dev/sda count=8 bs=1 seek=6
here we write simply / dev / sda - because we rule the MBR of the disk. Where exactly such displacements come from, I did not find, if anyone knows, I ask in comments.
If you need to make the menu item hidden (so as not to attract attention at all), here is the instruction
Profit!
Possible problems
- If, after encryption, you always want to have guarantees that the Windows system will boot regardless of whether further actions are obtained, you can boot from the Ubuntu flash drive and do this:
Create a backup:dd if=/dev/sda of=~/truecrypt.mbr count=1 bs=512 dd if=/dev/sda of=~/truecrypt.backup count=8 bs=32256
Restore from backup in case of recovery:sudo dd if=~/truecrypt.mbr of=/dev/sda count=1 bs=512 sudo dd if=~/truecrypt.backup of=/dev/sda count=8 bs=32256 - It happens that you did everything right, installed Ubuntu, then Windows, then it was encrypted, but you can't get into Ubuntu (by the way, probably something was wrong), then you need to do the following to restore the Grub2 bootloader:
- Boot from USB flash drive with Ubuntu (Try Ubuntu mode)
- in the console, type the following:
sudo -i mount /dev/sda5 /mnt mount /dev/sda2 /mnt/boot
If you put the bootloader in the MBR (only step 4 below)grub-install --root-directory=/mnt /dev/sda
or if you still want to have Ubuntu as a second system, thengrub-install --root-directory=/mnt /dev/sda2 --force
Details: Grub2 Recovery Manual
- The Grub2 loader is installed in / dev / sda2, the main partition itself, but for some reason we cannot get to it after pressing Esc in the TrueCrypt loader. There is information that the TrueCrypt bootloader sees only partitions with the Boot flag. So, you need to give this flag to the / dev / sda2 partition. We open Gparted, we find the necessary section in it, right-click on it, there are flags and select the Boot flag, after which we don’t even need to save - we’ll do it ourselves and reboot, check.
Primary sources of information
- Inspired by this article.
habrahabr.ru/post/150209
in fact, it would have been enough if it were not for the fact that following this article I couldn’t manage to do everything 3 times in a row if interested - see comments there. - here it is told how to start ISO from TrueCrypt
ubuntuforums.org/showthread.php?s=944676ea513800587c6f7a2dbc09c623&t=1229541&page=3#23
This, in fact, is the salt of the post for which it was necessary to hunt. - read about GRUB2 here
ru.wikibooks.org/wiki/Grub_2 - About GParted
gparted.sourceforge.net/display-doc.php?name=help-manual
Source: https://habr.com/ru/post/160945/
All Articles