3

In a dual-boot environment (windows? and linux mint 15) What would be best best way to prevent access to the linux partition(s) when the system is booted into windows 7?

The goal would be to prevent windows malware from modifying the contents of the linux partitions while the system is booted in windows.

Both systems are installed on the same physical drive.

Rory McCune
  • 60,923
  • 14
  • 136
  • 217
  • 1
    By default, Linux partitions are ext3 or ext4 unless you change them. Viruses may access your Linux partition files, but to do so, you must have the Linux partition mounted for example using the program you said before. So if you don't use such program, you shouldn't have any problem. – The Illusive Man Jun 29 '13 at 18:39

2 Answers2

8

Best option is just to encrypt the Linux partition, e.g. with LUKS. That way the Windows 7 partition can't actually access any of the data on the other partition. Technically it can still read and write to the partition (there's no way to prevent this) but the data it sees is all encrypted.

Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196
Polynomial
  • 132,208
  • 43
  • 298
  • 379
  • 1
    According to the truecrypt website you can't encrypt a system partition with truecrypt when running Linux, only windows is supported at the moment http://www.truecrypt.org/docs/sys-encryption-supported-os – Lucas Kauffman Jun 29 '13 at 17:59
  • You can encrypt the linux partition with the native Linux encryption scheme (LUKS DM Crypt) Likewise, Windows can be enrypted with truecrypt and the Linux partition wouldn't be able to read it (unless you set it up to do so and provide the key) My laptop is set up this way, only the truecrypt boot loader in the MBR and a small /boot partition for Linux (with Grub's bootloader in it) are unencrypted. Linux is DM crpyted and Windows is Truecrypt. When I boot it goes to the truecrypt menu, if I enter the password Windows boots, if I press ESC it prompts me for what partition is the boot partition – Rod MacPherson Jul 01 '13 at 01:29
3

There are some variables to take into account. First of all it's not trivial to just access the Linux partitions. Mainly because, natively, Windows does not support ext3 or ext4 which are used to install Linux on. Without these drivers it's impossible to access the drives. Malware will, normally, not have onboard read/write drivers for these filesystems.

While very implausible it's not impossible. To prevent your Windows partition from viewing Linux you will need to encrypt your Linux partition with LUKS. To prevent your Linux from accessing your Windows partition, you need to encrypt your Windows partition with Truecrypt (full system encryption).

The hard part here is setting it all up. I did find a nice article over here which details how you can setup such a system.

Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196
  • The trick is to install Windows, install Linux encrypted except the /boot, and install Grub to the /boot partition. Then install Truecrypt in Windows and encrypt it. Truecrypt sits in the MBR, Grub sits in the /boot partition. Grub version 1 can sit in the MBR if you really want it to boot grub first instead of chainloading from Truecrypt first, but Grub2 is too big and will overwrite your trucrypt keys. – Rod MacPherson Jul 01 '13 at 01:38