Ubuntu – How to dual-boot a TrueCrypt-encrypted Windows 7 and Ubuntu 11.10 when both are installed separately on different physical drives

dual-bootgrub2truecryptwindows 7

How can I dual-boot a TrueCrypt-encrypted Windows 7 and Ubuntu 11.10 when both are installed separately on different physical drives?

I have two hard drives. hd0 has a TrueCrypt-encrypted Windows 7 installation with the TrueCrypt bootloader. hd1 has an Ubuntu 11.10 installation with the grub2 bootloader.

The output of fdisk -l is as follows:

  Device Boot      Start         End      Blocks   Id  System   
/dev/sda1   *        2048      206847      102400    7  HPFS/NTFS/exFAT
/dev/sda2          206848   976771071   488282112    7  HPFS/NTFS/exFAT

  Device Boot      Start         End      Blocks   Id  System
/dev/sdb1   *        2048   968517631   484257792   83  Linux
/dev/sdb2       968519678   976771071     4125697    5  Extended
/dev/sdb5       968519680   976771071     4125696   82  Linux swap / Solaris

I can successfully boot into either OS by changing the boot order in the BIOS but do not want to have to repeatedly do this. My options are either:

  • Add the TrueCrypt bootloader to the grub2 config and chainload this with grub2.
  • Boot into the TrueCrypt bootloader and, when hitting escape to exit password entry, boot into grub2.

I have had difficulty with option 1, as when hitting escape TrueCrypt finds no other bootable partition. As I understand, it should search for other bootable disks.

I also have had difficulty with option 2, and with the following inside /etc/grub.d/40_custom (and then running update-grub2) …

menuentry "Windows 7" {
set root=(hd0,1)
chainloader +1
}

(I also tried root=(hd0,0) and root=(hd0,2))

… I get errors with no such partition. I have also read various sources that suggest it isn't possible to do this with grub2 without mounting and booting into the TrueCrypt rescue disk ISO prior to booting Windows. Is this necessary?

What am I doing wrong?

Best Answer

I can help you in a workarround, it is quite tricky so be sure to understand it.

First: BackUP all Second: It requieres two physical disks, with just one i did not get to it

Go to tricky part, the Boot secuence order process:

  • BIOS will boot from one HDD (normally the first one)
  • So put there GRUB2 bootloader
  • Such GRUB will let you boot form partitions on first disk or boot from second disk (that is the tricky part)
  • If want to boot Linux, just boot from another partition on same disk
  • If want to boot TrueCrypt Bootloader, just tell it to boot from second disk, not from a partition

Having this in mind, how to archive that? Easy, follow this steps:

  • Put only one blank HDD into the PC
  • Configure BIOS to boot from it (just for this time)
  • Install windows and TrueCrypt onto it
  • Tell TrueCrypt to encrypt all (only one HDD is present)
  • Reboot, test Windows boots
  • Power off correctly
  • Add a second disk
  • Create on such second HDD some partitions
  • One for /boot (where will go GRUB2)
  • The rest as you wish for Ubuntu /, SWAP, etc...
  • Configure GRUB2 to let boot Ubuntu and to chainload the full second HDD (beware not to tell any partition, just the full HDD)
  • Reboot
  • Tricky: Tell BIOS to boot from second HDD (as you say it let you) just forever since now
  • Test that boot runs GRUB2
  • Test that GRUB2 chain loads correctly first HDD bootloader (TrueCrypt loader) but do not put password phrase nor let Windows Boot, just reboot when password is asked for.
  • Reboot if not done... and test GRUB2 Linux option... will not boot since Ubuntu is not yet installed, but will not load TrueCrypt, so you see it works
  • Install Linux with very special care... do not let it to change any partition table... just install it on second disk using existing partitions... and when asked for bootloader tell it to install Grub or Lilo, etc... onto Linux partition, not on HDD MBR.

With this you will get this scheme:

  • HDD0 - MBR with TrueCrypt, The rest for Windows
  • HDD1 - MBR and /boot partition with GRUB2, one more partition for / (your Ubuntu) inside that there will be another Grub, Lilo, or Grub2 loader onto /boot, extra partitions as you wish

The trick is:

  • Tell TrueTrypt to encrypt as he knows one full HDD with its own bootloader.
  • Boot GRUB2 from another diferent HDD (BIOS need to be able to boot from second HDD)

So when booting this is what happens:

  • BIOS read its config on CMOS
  • BIOS see to boot form second HDD
  • BIOS read second hdd MBR
  • GRUB2 is loaded
  • GRUB2 shows menu: Boot Windows / Boot Ubuntu
  • If you select Ubuntu, then GRUB2 will load another Grub, lilo, etc inside Ubuntu root partition, such other bootloader will load your Linux Ubuntu
  • If you selet Windows, then GRUB2 will chainload to first HDD, acting like if BIOS would boot from first HDD

In this way:

  • TrueCrypt does not know nothing about the second disk for booting, do not depends on it
  • GRUB2 and Linux will not overwrite/ touch nothing on such first disk
  • BIOS will boot from Second Hard Disk

Hope it is enough clear.

Things in mind to archive this:

  • First, do some tests with a VirtualBOX prior to do it on real physical machine, so you get familiar to the process
  • Second, take note on a paper of steps you are following as you do them, just to be able to not forget anything

Now, i must say it can be done without opening the PC... with both disks allways connected.

Imagine this:

  • HDD0 with no partition
  • HDD1 with no partition
  • Installing Windows only on HDD0 in normal way, but do not partition HDD1
  • Install TrueCrypt and tell to encrypt full HDD0, it will not do anything with HDD1
  • Test all goes correctly
  • Boot from a LiveCD such a SystemRescueCD, create partitions on HDD1
  • Ensure you create a dedicated partition for /boot just for GRUB2, not related with your Linux, with 512MB you will also be able to put SystemRescueCD.iso on it and configure GRUB2 to loop bootload from the iso file (see SystemRescueCD web for that)
  • Install GRUB2 onto HDD1 MBR and HDD1 /boot partition
  • Configure grub.cfg of such GRUB2 to boot form your Linux root on HDD1 and a chainload to HDD0 (not to any partition on HDD0)
  • Test GRUB2 boots all options correctly, just test chain load goes correct... when booting Windows and TrueCrypt will ask for passphrase just reboot, do not loose time to boot the Windows itself
  • Install Ubuntu on HDD1 root partition and tell it to install it own grub on HDD1 root partition where your main Linux Ubuntu files goes so it does not touch HDD1 /boot partition at all

That is the tricky!!!

The idea: Use another medium to do the actual boot menu where you can select waht to boot.

Personally on my netbook i have this chain:

  • /boot with GRUB2 menu with options to boot: WindowsVista, Windows7, Linux Ubuntu 32bits, Linux Ubuntu 64Bits, SystemRescueCD.iso, memtext86+, floppy, ... etc
  • If i select Linux Ubuntu 32Bits... it will load another diferent GRUB2 with options: Go Back (boot from HDD MBR), Kernel X, Kernel X debug, Kernel Y, Kernel Y debug, etc...
  • If i select Linux Ubuntu 64Bits... it will load another diferent GRUB2 with options: Go Back (boot from HDD MBR), Kernel X, Kernel X debug, Kernel Y, Kernel Y debug, etc...

This is the idea... have in the boot process more than one GRUB!!

Why more than one? Easy... in case the system updates the Grub it does not touch the one i use as a boot menu, simple and efective.

Now, the TrueCrypt problem... if it encypts the system partition it need to be onto the MBR it do not let you any other way (except RecoveryCD).

So if TrueTrypt encrypts a Windows system partition, better let it the full disk

Hey! Linux also can be installed on same disk as Windows for performance... and data on the other...

First HDD with:

  • /dev/sda -> TrueCrypt loader (The MBR)
  • /dev/sda0 -> Windows encrypted by TrueCrypt (some GBs)
  • /dev/sda1 -> Linux Ubuntu / (some GBs) it will hold another Grub, a subfolder called boot and all system files, etc...

Second HDD with:

  • /dev/sdb -> GRUB2 loader (The MBR) i will reference it as "BootMenu"
  • /dev/sdb1 -> /boot for GRUB2 "BootMenu" (512MB if you want on it SystemRescueCD.iso file)
  • /dev/sdb2 -> NTFS partition for DATA seen on Windows and Linux (if not encrypted) as a

Hope you will get to it.

I had explained as this just thinking you know how to boot from a CD, configure BIOS, create partitions, install GRUB2, etc...

This is not for noobs. Has very advances techniques steps and is not a HowTo...

It is only the idea to boot from another media, such other media (a CD, Floppy, etc) will contain a Boot menu that let select to boot from First HDD or from a partition, etc... in other words GRUB2.

Hope you find it usefull.

Related Question