How to get Linux LVM and dm-crypt to play nice with Truecrypt?
April 13, 2010 11:53 AM Subscribe
Linux LVM + dm-crypt filter: how to get my LVM to work with my Truecrypt-protected Win7 partition, from an MBR perspective?
I have one hard drive in my computer, /dev/sda. I partitioned it as follows:
/dev/sda1 ~180GB ntfs
/dev/sda2 ~50MB /boot
/dev/sda3 ~2GB swap
/dev/sda4 ~the rest /
I installed Windows 7 on /dev/sda1, and encrypted the entire partition with Truecrypt. I overwrote the MBR with the Truecrypt boot loader. It worked great.
I then installed Debian squeeze (amd64). /dev/sda2 is a 50MB unencrypted partition mounted as /boot. /dev/sda3 (swap) and /dev/sda4 (/) are physical volumes for LVM, using dm-crypt. Partitioning and setup goes well until it's time to install GRUB2. GRUB won't install on my /dev/sda2 partition, /boot. It will only install to the MBR. (I have installed GRUB to non-MBR areas before, so I suspect this has to to with LVM). I installed GRUB to the MBR, but that wiped the Truecrypt boot loader. (I have a recovery disc and backup: as a side note, dd if=/dev/sda of=/mbrbackup.bin bs=512 count=1 makes a lovely backup of the Truecrypt boot loader, but apparently doesn't work for LVM).
So, at this point, my encrypted Windows partition on /dev/sda1 is intact, but I can't get to it. I can restore the Truecrypt boot loader to the MBR, and I can then access Windows, but that destroys my access to my Debian install, because GRUB refuses to install to /dev/sda2. Currently, my data on /dev/sda1 is intact, but inaccessible. My Debian install with LVM is working great.
I've searched for more information, and tried a variety of solutions, but I've exhausted my talents in this area, so I reach out to you, O hive mind. My questions are:
Is there any way to install GRUB outside of the MBR and still have it work with my LVM/dm-crypt setup? If so, I can just restore the Truecrypt boot loader to the MBR and have it chainload GRUB.
Failing that, is there any way I can chainload the Truecrypt boot loader to boot /dev/sda1 while GRUB is on the MBR?
I'm open to other suggestions as well.
I have one hard drive in my computer, /dev/sda. I partitioned it as follows:
/dev/sda1 ~180GB ntfs
/dev/sda2 ~50MB /boot
/dev/sda3 ~2GB swap
/dev/sda4 ~the rest /
I installed Windows 7 on /dev/sda1, and encrypted the entire partition with Truecrypt. I overwrote the MBR with the Truecrypt boot loader. It worked great.
I then installed Debian squeeze (amd64). /dev/sda2 is a 50MB unencrypted partition mounted as /boot. /dev/sda3 (swap) and /dev/sda4 (/) are physical volumes for LVM, using dm-crypt. Partitioning and setup goes well until it's time to install GRUB2. GRUB won't install on my /dev/sda2 partition, /boot. It will only install to the MBR. (I have installed GRUB to non-MBR areas before, so I suspect this has to to with LVM). I installed GRUB to the MBR, but that wiped the Truecrypt boot loader. (I have a recovery disc and backup: as a side note, dd if=/dev/sda of=/mbrbackup.bin bs=512 count=1 makes a lovely backup of the Truecrypt boot loader, but apparently doesn't work for LVM).
So, at this point, my encrypted Windows partition on /dev/sda1 is intact, but I can't get to it. I can restore the Truecrypt boot loader to the MBR, and I can then access Windows, but that destroys my access to my Debian install, because GRUB refuses to install to /dev/sda2. Currently, my data on /dev/sda1 is intact, but inaccessible. My Debian install with LVM is working great.
I've searched for more information, and tried a variety of solutions, but I've exhausted my talents in this area, so I reach out to you, O hive mind. My questions are:
Is there any way to install GRUB outside of the MBR and still have it work with my LVM/dm-crypt setup? If so, I can just restore the Truecrypt boot loader to the MBR and have it chainload GRUB.
Failing that, is there any way I can chainload the Truecrypt boot loader to boot /dev/sda1 while GRUB is on the MBR?
I'm open to other suggestions as well.
Best answer: I have roughly the same configuration as you do, and chainloading the Truecrypt boot loader works fine. The Truecrypt boot loader doesn't really care where you put it, so I just dd'ed the 32K Truecrypt MBR into an ordinary file on my /boot partition, and created a grub menu option to chainload that file.
posted by Dimpy at 3:43 PM on April 13, 2010
posted by Dimpy at 3:43 PM on April 13, 2010
Best answer: I've never played with TrueCrypt, but if its boot loader really is 32K big, by the way, the dd command you've given won't back it all up, just its first 512 bytes.
I also haven't played with GRUB 2 much. But I know for sure that GRUB 1's "stage 1.5" boot loader lives in the "spare" sectors typically left unused between the MBR (LBA 0) and the start of the first partition, which is usually at LBA 63 on hard disks or LBA 32 on USB sticks. If that space is also normally used by TrueCrypt, I'd want a backup of the first 63 blocks, not just the MBR.
posted by flabdablet at 9:08 PM on April 13, 2010
I also haven't played with GRUB 2 much. But I know for sure that GRUB 1's "stage 1.5" boot loader lives in the "spare" sectors typically left unused between the MBR (LBA 0) and the start of the first partition, which is usually at LBA 63 on hard disks or LBA 32 on USB sticks. If that space is also normally used by TrueCrypt, I'd want a backup of the first 63 blocks, not just the MBR.
posted by flabdablet at 9:08 PM on April 13, 2010
Response by poster: idiopath: That's a great link, thanks. Somehow all of my searching didn't turn up that one. I was heartened to see that he had done it in the order I had, Windows first then Linux. Most of the guides I've seen make some assumptions based on doing it the other way around.
Dimpy: Uh oh. 32k? Well, I dd'ed the first 512B before installing GRUB on the MBR, so my too-short truecrypt.bin might be the reason I've been unable to get it to chainload.
flabdablet: I think you're on to something there re: backing up the first 63 blocks.
Thanks for the answers, folks.
posted by jingzuo at 9:59 AM on April 14, 2010
Dimpy: Uh oh. 32k? Well, I dd'ed the first 512B before installing GRUB on the MBR, so my too-short truecrypt.bin might be the reason I've been unable to get it to chainload.
flabdablet: I think you're on to something there re: backing up the first 63 blocks.
Thanks for the answers, folks.
posted by jingzuo at 9:59 AM on April 14, 2010
This thread is closed to new comments.
truecrypt with lvm
posted by idiopath at 12:51 PM on April 13, 2010