How do I get Grub2 to boot a Truecrypt-encrypted MBR?
Solution 1
@stefan.at.wpf's solution is the one recommended all over the Internet. It would not work for me. At all. But I found another solution, which did work for me.
Essentially, you chain-load GRUB2 to load SYSLINUX, which in turn boots the TrueCrypt Rescue ISO image, which allows you to boot into Windows.
I have documented the full details here. The summary version, though, would be:
-
Install syslinux:
sudo aptitude install syslinux
-
Copy files into place:
sudo cp /usr/lib/syslinux/memdisk /boot/ sudo cp TrueCrypt\ Rescue\ Disk.iso /boot/truecrypt-rescue-disk.iso
-
Determine the UUID of your boot partition:
sudo blkid /dev/sda2
Output should look something like this:
/dev/sda3: UUID="12345678-1234-1234-1234567890"
-
Configure GRUB2:
Add the following to
/etc/grub.d/40_custom
:menuentry "TrueCrypt ISO boot" { insmod part_msdos insmod fat insmod ext2 insmod search_fs_uuid search --fs-uuid --no-floppy --set=boot [UUID without quotes] linux16 ($boot)/memdisk iso raw initrd16 ($boot)/truecrypt-rescue-disk.iso }
-
Re-load GRUB2 configuration
sudo update-grub
Note that this will show you the [F8] Repair options every time you boot into Windows, as we're fooling the system booting the TrueCrypt Rescue CD image from the hard drive, rather than the "normal" TrueCrypt boot method. But it seems like a small drawback to me (and might even be considered an added feature!)
Solution 2
Solution: Before encrypting windows, install GRUB2 to /boot using
grub-install /dev/sda2 --force
Ignore the warning. Then install Truecrypt, make Windows partition active (e.g. using diskpart on windows 7 setup cd). ESC in TC bootloader now leads to grub - all fine :-) Mounting the encrypted root using luks from a live cd and instal grub2 using chroot should also be possible, I forgot this simple solution.
stefan.at.wpf
Updated on September 18, 2022Comments
-
stefan.at.wpf over 1 year
Given the following system:
/dev/sda1 Windows, encrypted using TrueCrypt /dev/sda2 /boot /dev/sda3 /, encrypted (LUKS or how it is called)
I now need GRUB2 to boot my truecrypt mbr ): Any hint on this? I found some guides for GRUB2 and TrueCrypt, but they all assume that the linux root partition is not encrypted, which is the case in my situation ):
-
ish almost 12 yearsWhat is your current bootloader? How are you booting Linux/Windows now?
-
stefan.at.wpf almost 12 yearsLinux not at all as time of writing, but see my answer below for more details ;-)
-
-
James Draper over 6 yearshas this method given you any problems since then? have you tried this with veracrypt?
-
James Draper over 6 yearsThis method worked for me! I'm running linux mint cinnamon 18.2 as my first boot disk with my veracrypt-ed Win7 up second.
-
ZAB over 6 yearsYou forget to add
Restore key data (volume header)
on first recovery run after GRUB reinstall procedure. Grub overwrites sector 62 where the volume header is stored. So far grubs core.img is smaller than that and it is safe to overwrite sector 62, it may be changed in future. Although the procedure needs to be repeated after every grub reinstallation i.e. after every major linux update -
ZAB over 6 yearsThe two disk setup is the standard usecase for grub, there is nothing to fix here already. The question was about two linux/windows partitions on the same drive, which is tricky.
-
Flimzy over 6 years@ZAB: No, I did not forget anything. The answer I provided worked, as described. Although that was over 4 years ago. There's an excellent chance those instructions are no longer precise. But I assure you, I did not forget.
-
ZAB over 6 yearsIt may be not always the case but many other commenters noted this missed step under your blog entry. Also the grub2tc where you found the solution described this step as well. Why not just add it here too in the end with asterisk mark to help others in troubleshooting