Dual-booting Fedora 10+ and Windows Vista with TrueCrypt encryption

I had been hitting my head against the wall trying to figure out how to do full-disk encryption and dual-boot my system simultaneously with Vista and Fedora 10. There’s not a whole lot online about this specific scenario yet. The solution is actually pretty easy: no weird configurations, just a logical and well-organized one. I am using TrueCrypt to encrypt Windows partitions. Fedora 10 comes with its own encryption utility.

This guide is for beginner-intermediate users. You can view a diagram of the resulting boot process in my later post here.

Goals

• The ability to boot into my choice of Fedora 10 or Windows Vista on my laptop at each boot
• All my data encrypted

Requirements

• A computer with at least one hard disk you are willing to wipe clean (BACK UP your data first!)
• Windows Vista installation DVD
• Fedora 10 (or higher) installation DVD
• Gparted LiveCD isn’t required, but it really helps when partitioning
• TrueCrypt 6.2a
  
• EasyBCD to modify the Windows boot loader (A free, small, and legitimate install – don’t worry. You can uninstall it later.)

Problems overcome by this method

• My notebook’s hard disk could only contain 4 primary partitions.
• Primary partitions are the only ones that OSes can be installed to (Windows, anyway).
• Primary partitions are the only partitions the system can boot from
• Each extended partition counts as a primary partition.
• 6 or 7 partitions are needed.
• TrueCrypt can’t encrypt an entire drive that has multiple partitions, OSes, and various file systems when it only runs on one
• TrueCrypt doesn’t play well with Grub or any non-Windows boot loader.
• Windows likes to be installed first and only on a partition flagged as “bootable” (or, if no partitions are flagged “bootable” at all)

How the boot loaders work together

• We install and use Windows’ default boot loader to the MBR. This is what the computer will boot to first.
• We install GRUB (Fedora’s boot loader), but not to the MBR. This will merely be available for us to boot to later.
• We install TrueCrypt which takes over the Windows boot loader. TrueCrypt’s boot loader goes into the MBR. On boot, the user will authenticate with TrueCrypt then be taken to the Windows boot loader where the option Vista or Fedora (technically GRUB) becomes available.

Instructions

1. Back up your data. You are going to wipe the hard disk totally clean and reformat it very soon.
2. Reformat the entire drive. To do this, I use Gparted LiveCD. If you don’t want to use Gparted, Fedora 10’s installer comes with a partition editor. But, it’s a bit trickier. You’ll have to partially complete the Fedora setup in order to get to it, apply the changes to the disk, then exit setup because Fedora shouldn’t be installed first. (Windows Vista’s partition editor is NOT powerful enough. You cannot use it for this.) I strongly encourage the use of a Gparted LiveCD or LiveUSB.
   I thought about how to split up my drive and after a while, I came up with this:
   

   Partition layout for dual booting Fedora 10 and Windows Vista with TrueCrypt

   I wish I had sized them differently now that I look back on it, but the setup is what’s important for this. Note the padlocks! Each padlock indicates an encrypted partition. The yellow padlocks with “TC” are encrypted with TrueCrypt in Windows. The blue ones are encrypted by Fedora. As you can see, each and every partition – except, of course, the /boot partition – is encrypted. Partitions labeled in red are for Windows. Black is for Linux.

   Okay, so this is a setup that works for me. Basically, you’ll need these things:

   • A primary boot partition to put Grub (the boot loader Fedora can install for you) – I recommend about 50 to 100 megabytes. Do not flag this as “bootable” when partitioning – Windows will complain.
   • An extended partition to hold all the “data” or “miscellaneous” partitions. This will hold your Fedora /home directory (basically the “My Documents” folder of Linux), Windows backup partition (optional), and your Linux swap file (very highly recommended). The swap file should be at least as large as your RAM’s capacity. If you can afford the space, I recommend double the memory, actually.
   • A primary partition for Windows Vista to be installed to.
   • A primary partition for Fedora 10 to be installed to.

   Partition your drive as such and be sure to format with the appropriate file systems. You can use the table above as reference.

3. Write down which partitions (in order) is formatted as what file system. If you can’t remember, you might be hosed. You’ll need to remember which partition numbers to use for what during the installs.
4. Start installing Windows Vista. You’ll be forced to do a custom installation. Choose the primary NTFS partition you reserved for the Windows install. Don’t forget to load hard disk drivers – especially on laptops. If your Windows install hangs around 70%, then you need to install the SATA drivers for your laptop. Once drivers are loaded and you select the right partition, install Windows.
5. After Windows installs, boot into it normally and finish setup. Don’t spend too much time customizing things yet. Once it is running, shut down and install the Fedora 10 DVD. Boot to that and install Fedora. However, take note of the following:
   • Be sure you do a CUSTOM LAYOUT for your partitioning. Fedora will want to wipe things and create its preferred partition layout by default. Don’t let it do this. Make sure you go straight to the part where you can view and modify your current partition information.
   • Don’t format the NTFS partitions. Windows is on one of them.
   • Be sure to set the mount point for the small partition (100 MB?) to be /boot. Check “Format as” and select “ext3.” You cannot encrypt this partition.
   • Set the mount point for the partition for your /home directory to… you guessed it: /home. Check “Format as ” and select “ext3″ then choose the “Encrypt” option.
   • Set the mount point for the partition for your swap file as /swap. Linux will have to format it and you should, of course, select “Encrypt.”
   • Set the mount point for the partition for your main Fedora install to be “/”. Check “Format as” and select “ext3″ then choose the “Encrypt” option.
6. Before continuing, ensure that neither of the NTFS partitions have a check mark next to them. If they do, they will be formatted and you’ll have to start over. Continue. Fedora will warn you it will delete all the data on the modified partitions. That’s okay. You may have to set your passwords now as well. Go ahead and do that.
7. Soon it will ask you about the boot loader. Tread carefully here. Do not write the GRUB boot loader to the MBR. When it says “Install the boot loader on/dev/sda1″ (the “sda1″ may be different) – keep the box checked but click “Change Device” and choose “first sector of boot partition” instead.
8. After that step, you should be home free. Finish up the install and reboot the computer. It will boot straight into Windows.
9. Once Windows loads, download and install EasyBCD. You’ll want it to easily modify the Windows boot loader. Add an entry to the boot loader: click “Add/Remove Entries” – choose the “Linux” tab, select “GRUB” from the dropdown, and name it something intelligent. Choose the partition that contains GRUB, not Fedora. I think this is most flexible. Leave the checkbox unchecked.
10. Add the entry then try rebooting. You should now be able to boot into either Fedora or Windows! Boot into Windows again and let’s encrypt it.
11. Install TrueCrypt and create a new volume. Choose “Encrypt the system partition or entire system drive.” From this point, you’ll have to choose the proper options. Read them carefully! I don’t remember the exact sequence, but you need to specify “Multi-boot” at some point. At the end it will ask whether Windows has its boot loader in the MBR or if a different boot loader is used (like GRUB). Remember: Windows’ boot loader is being used!
12. Once you’ve finished the volume creation wizard, you’ll be asked to “Test” the system. It will restart for you. It should boot into the TrueCrypt boot loader where you’ll type your password. After that, it should load the Windows boot loader where you can boot into either Fedora or Vista!

From here, finish encrypting the system partition, then remember to encrypt any other NTFS partitions you made for Windows.

When you’re done, try booting into Fedora. It should go to the GRUB boot menu where you can select Fedora or change your mind and go back to Windows. As Fedora boots, you’ll be asked perhaps several times for your password as it mounts the encrypted partitions.

Congratulations – your entire hard drive is now secure and running two operating systems that REALLY don’t get along. Now that’s an accomplishment! Go treat yourself to a cookie.

This entry was posted on Thursday, December 18th, 2008 at 7:38 PM and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.