Sep 14, 2012

How To Fully Encrypt Your Dual Boot Windows 7 and Ubuntu 12.04 Hard Drive

Cryptographically secure pseudorandom number g...
 (Photo credit: Wikipedia)
I am a huge proponent of full hard drive encryption. There are lots of stories in the news of major security breaches caused by lost or stolen laptops. Breaches that could have been avoided if the hard drives on those laptops were protected with encryption.

My problem has always been that I like to dual boot my laptop with Windows and Ubuntu Linux. The problem with most full hard drive encryption programs like Truecrypt or Compusec is they don't support encrypting drives with both Windows and Linux on it. The same goes for the standard full hard drive encryption you get with Linux, widely known as LUKS. Therefore, in order to make your dual boot setup secure you need to do a workaround.

Here is what you will need:

First boot up with Bauer-Puntu and run GParted. Create three partitions formatted as follows:

/dev/sda1 NTFS
/dev/sda2 EXT4
/dev/sda3 EXT4

/dev/sda2 only needs to be 1 GB and will be our /boot partition which we will get to later. /dev/sda1 will be our Windows 7 partition and will be half of the remaining space. /dev/sda3 will later be "re-carved" for our encrypted Ubuntu system. The only partition not encrypted will be /dev/sda2, but since it only holds boot files that should be relatively fine security wise.

Next reboot and boot up with the Windows 7 install DVD and when prompted select the pre-formatted NTFS partition and click next to install. The reason we did it this was is so that the install DVD doesn't create the useless 100MB reserved partition. This setup seems to have a problem with that. When Windows is finished installing go ahead and install Truecrypt, but don't encrypt anything yet, just reboot and boot up with the Ubuntu Alternate Install disk.

Go through the install but when you get to the disk partitioner select manual. Set /dev/sda2 as /boot, select to reformat it with EXT4, and mark it as bootable. Delete /dev/sda3 as that was really just a place holder. Now select the Configure encrypted volumes option and select /dev/sda3 as your encrypted volume. Once that is setup, configure the drive inside as a LVM volume, and configure two logical volumes inside the LVM. Create one that is twice the size of RAM and use that as swap. Use the rest for the / partition. Continue with the install as usual, but when you get to the part to install Grub select no, and manually install Grub to /dev/sda2. After you are finished you can reboot and you will see the Grub menu.

Select Windows 7 and boot up to that. Go ahead and open Truecrypt and select to perform a system encryption. Select the option to encrypt the Windows partition and select the single boot option. This will install the Truecrypt boot loader. Now when you reboot you will get the Truecrypt login screen. Now when you put in your Truecrypt password you will get to the Grub menu, you can then select Windows or Ubuntu. Windows will boot up normally, but Ubuntu will still need the LUKS password.

Also, if you boot up to the Truecrypt boot loader and click ESC you will get the Grub menu, but when you try to boot to Windows you will get an error, and if you select Ubuntu you will still need the LUKS password. Still though, your files will be secure.

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam