Monday, 2 November 2009

Dual Boot Windows XP and BackTrack with Encryption

A number of people have asked me how I am dual booting Windows XP and BackTrack and have both operating systems installed on a fully encrypted partitions. The follow is a rough guide to setting it up. It may not be the best way of setting up this type of configuration but if works for my needs. Your experiences may vary. My laptop has a 200GB IDE hard drive in it. Please adjust for your spec.


Before starting you may want to wipe your entire hard drive.
  • dd if=/dev/urandom of=/dev/hda
Windows XP encrypted with TrueCrypt 6.3
BackTrack /boot partition (not encrypted)
BackTrack / partition encrypted


Install Windows XP first (200GB)

Boot off BackTrack4 cd. fdisk /dev/hda create a /boot partition (hda2) 200MB create a / partition (hda3) remainder of disk. Setup the encrypted partition.

  • modprobe aes-i586
  • cryptsetup luksFormat /dev/hda cryptsetup luksOpen /dev/hda3
  • rootmkfs.ext3 –j –O extent /dev/mapper/root

Run the BT installer and select /dev/mapper/root to be mounted as / and /dev/hda2 as /boot. Make sure you check the format box for /dev/mapper/root

Do not reboot just yet we need to modify a few files.

  • mkdir /mnt/root
  • mount /dev/mapper/root /mnt/root
  • mount /dev/hda2 /mnt/root/boot
  • chroot /mnt/root
  • mount –t proc proc /proc
  • mount –t sysfs sys /sys

Next we need to edit the /etc/crypttab file. I'm going to keep the name root for / .
  • root /dev/hda3 none luks

Next step is to edit /etc/fstab. The / should look like this. Amend if needed.

  • /dev/mapper/root / ext3 relatime,errors=remount-ro 0 1 /dev/hda2 /boot ext3 defaults 0 0

Next step is to add a few modules to the kernel.
Edit /etc/initramfs-tools/modules file and add the following to the end of the file.

aes-i586
sha256
dm-mod dm-crypt


Update your initrd with the following command.
  • update-initramfs –k all –c
I got an error when it tried to create an initrd file for kernel 2.6.29.3 but BackTrack4 comes with 2.6.29.4 so as long as you get no errors on the initrd for 2.6.29.4 you should be good.

Now time to fix grub.
  • cd /boot/grub/ nano menu.lst

Your BackTrack section should look like this.

  • title BackTrack 4
  • uuid Your uuid of boot partition
  • kernel /vmlinuz-2.6.29.4 root=/dev/mapper/root ro initrd /initrd.img-2.6.29.4 quiet
Next we need install grub
  • grub-install /dev/hda
exit from the chroot environment. Unmount /mnt/root/boot and /mnt/root


Using TrueCrypt I fully encrypted the windows system partition (not full disk encryption) through TrueCrypt 6.3 and let it write its bootloader to the MBR. This will overwrite GRUB.

Don't worry we'll fix this later.

Boot with BackTrack cd and copied the truecrypt bootloader from the MBR to a file in the /boot partition. In my case hda2

I used these commands to do so:

  • dd if=/dev/hda of=/mnt/boot/truecrypt.mbr count=1 bs=512
  • dd if=/dev/hda of=/mnt/boot/truecrypt.backup count=8 bs=32256

Reinstalled grub to the MBR using these commands:
  • sudo grub
  • install (hd0,1)/grub/stage1 (hd0) (hd0,1)/grub/stage2 0x8000 p
Added a chainloader to the menu.lst Windows XP entry to point to the truecrypt bootloader within the /boot partition:

title XP
rootnoverify (hd0,0)
makeactive
chainloader (hd0,1)/truecrypt.mbr
boot
Posted by at Monday, November 02, 2009 1 comments
Labels: , , , ,
Subscribe to: Posts (Atom)