3

Consider the case where a computer has 2 drives: one for a Windows OS and one for a Linux OS. The user then uses full drive encryption, BitLocker, on the Windows drive.

It can be assumed that Linux cannot read data from the encrypted drive in normal operation (barring bootkits or other exploits). But my question is about writing to the drive. Can Linux mount a BitLockered drive for writing? Will writing to an encrypted drive corrupt the entire drive?

My assumption is that one cannot write to the drive because the file system table is encrypted, but I can find no documentation or discussion about this anywhere.

I know that there is the unencrypted partition that is part of the BitLocker process, but I am not referencing that partition.

schroeder
  • 123,438
  • 55
  • 284
  • 319

1 Answers1

3

Linux can read and write data on BitLocker encrypted volumes using Dislocker, but that obviously requires the key.

If you don't have the key, you can only read and write raw ciphertext (the encrypted partition), reading it won't give you anything useful (it just looks like random data), but writing on it will definitely corrupt the underlying NTFS partition and you won't be able to mount it anymore (and Windows won't boot).

  • Do you have any source/reference for the ability to mount and write (and subsequently corrupt)? I doubt the ability to mount, but I have no data to back it up. – schroeder May 07 '14 at 21:48
  • 3
    You can't mount it. By writing I meant writing directly to the partition's device node (`/dev/sda` for example). –  May 07 '14 at 21:55