Encrypting a Linux/Windows dual-boot systemΒΆ

WARNING: This process requires a reinstallation of Linux. You should back up all of your data (In both Windows and Linux) before attempting this process

  • Install Windows (if it is not already installed)
  • Boot from Ubuntu Alternate Install CD (Or, if you’re installing another Linux distribution, be sure that the installer supports LUKS)
  • Choose to manually partition the disk
  • Resize your Windows partition
  • Create one partition about 50MB in size and set it as /boot
  • Create another encrypted partition as large as you want
  • Set up a Logical Volume Manager inside of the encrypted partition
  • Inside the LVM, create two volumes: One for your root filesystem and one for swap
  • Complete the installation as normal
  • Restart and boot into Windows
  • Install TrueCrypt (http://truecrypt.org) and do single-OS, system encryption
  • At a point in the process, you will have to make a rescue CD and save the rescue ISO somewhere. Save the ISO to a USB drive
  • Once installation and encryption are complete, boot from the Ubuntu Alternate Install CD again
  • Choose “repair broken system”
  • Choose to execute a shell in your previously installed Ubuntu system
  • Reinstall Grub (Should be a menu option. If not, run grub-install /dev/sda)
  • Reboot into your local Ubuntu installation
  • Copy memdisk into your /boot partition(sudo cp /usr/lib/syslinux/memdisk /boot)
  • Copy the TrueCrypt ISO into the /boot partition
  • Edit/Create /etc/grub.d/40_Custom to look like this:
#!/bin/sh
exec tail -n +3 $0
# Windows with TrueCrypt
menuentry "Windows" {
insmod part_msdos
insmod #### (Where #### is the filesystem for your /boot)
set root='(hd0,msdos# (Where # is the partition number for /boot))'
linux16 ($root)/memdisk iso raw
initrd16 ($root)/truecrypt.iso (Or whatever you named the TrueCrypt ISO)
}
  • Run sudo update-grub
  • Reboot

Your system should now have both the Windows and Ubuntu partitions encrypted. You will need to enter your encryption password for both of these. When you boot into Windows you will hear a brief system beep, but that is normal.

If you have any questions about this process, please contact Sysnet at rt@ices.utexas.edu

Previous topic

Can I encrypt my laptop myself?

Next topic

Effect of Encryption

This Page