This project has moved and is read-only. For the latest updates, please go here.

Dual Boot encryption

Topics: Technical Issues
Sep 16, 2016 at 9:24 PM
I am attempting to encrypt my dual-boot laptop; however, I am having some difficulty when it comes to encrypting the windows partition with Veracrypt. Currently I have my Linux partitions (home, root, and swap) all successfully encrypted with Luks. However, when I attempt to do a system partition encryption on Windows, I lose the ability to access Grub.

What happens is it boots to the Veracrypt loader, but if I escape past that, it detects my SDA1 which is my computer's system recovery partition and boots straight into that, not detecting Grub. As far as I can tell, if I could just get it to detect Grub next in the bootload sequence, it would work perfectly as nothing is overwritten, and as soon as I decrypt the system partition Grub returns.

Anyone have any suggestions on accomplishing this?

My drive is partitioned as below:
/sda1 - recovery partition
/sda2 - Windows OS
/sda3 Extended partition
/sda5 Grub Bootloader
/sda6 Root
/sda7 swap
/sda8 home
Sep 18, 2016 at 7:12 PM
Sounds like you're encrypting sda5. Do you boot Windows from GRUB? Where is the Windows BCD stored?
Sep 18, 2016 at 8:31 PM
I don't think I'm encrypting sda5, but could be wrong. Yes, I boot Windows from Grub.

My drive is partitioned like this:

/dev/sda1 NTFS SYSTEM_DRV 1.46GB boot flag (this is what boots when I escape past Veracrypt loader. It's the system recovery partition
/dev/sda2 NTFS Windows7_OS 357.81GB
/dev/sda3 extended
  /dev/sda5       ext2               /boot                     400MB
  /dev/sda6       luks
  /dev/sda7       luks
Sep 20, 2016 at 10:34 AM
If /dev/sda1 partition has the boot flag set then how are you booting into /dev/sda5 to run GRUB? Is the disk using GPT or MBR?
Sep 21, 2016 at 6:48 AM
The disk is using MBR. It appears you are correct, GRUB is installed in the MBR, and appears to point to SDA5 for the config file.

This is what I can find about my GRUB install:

"Grub2 (v1.99) is installed in the MBR of /dev/sda and looks at sector 1 of
the same hard drive for core.img. core.img is at this location and looks 
in partition 97 for ."
sda5: __________________________________________________________________________
File system:       ext2
Boot sector type:  -
Boot sector info: 
Operating System:  
Boot files:        /grub/grub.cfg
Sep 21, 2016 at 11:24 AM
This thread seems to relate to your setup and what you're trying to achieve. However, that refers to two disks but you are only using one so you only have one MBR for either GRUB or the VeraCrypt bootloader.

I guess you could install GRUB to /dev/sda5, set the boot flag to that partition and configure GRUB to boot Linux and Windows from their respective partitions. Encrypt Windows so the VeraCrypt bootloader is installed the MBR and then chainload that from GRUB?
Sep 23, 2016 at 8:20 AM
Thanks. I had seen that thread before, and used it to some extent, but it seems just different enough an issue to not work for me (or I'm doing something wrong, equally likely).

I will try installing to SDA5 and post what happens when I get a bit of free time. Can't afford for my laptop to be down at all until the weekend.
Oct 9, 2016 at 1:16 AM
I attempted to move the bootloader, but had to revert as it would not boot at all after moving the bootloader. I did update the .cfg files properly, I believe. If anyone has any suggestions on how to accomplish dual boot Win 7 and Mint 18 I'd really appreciate it. Mint is already encrypted, so really all I need is a way to encrypt the Windows partition, actually.