1
1
I have a Macbook Air (MacBookAir6'2) that I want to set up a triple-boot on:
Required Operation Systems:
- OSX (10.11.3)
- Linux (Debian based: Elementary or Mint)
- Windows 8.1 Pro
The 2 main requirements are:
- Encryption: I will be working with client data. EVERYTHING must be encrypted.
- I need to access files from any of the 3 OS's.
I know this can be done (sort of) by using each OS's built-in encryption (Filevault, LUKS, Bitlocker) and them setting up a final storage partition encrypted with a cross platform encryption software like Veracrypt. This would work, but id like each OS to be able to access each others files, run diag on each other, etc...
My knowledge and logic would suggest this plan of attack:
- Use a 3rd-party bootloader (rEFInd for example)
- Use a 3rd-party encryption program (instead of Filevault, Bitlocker, and LUKS) that can handle full disk encryption AND have full support for GPT and UEFI.
Boot process:
-> Disk would be decrypted upon boot using standard password authentication -> rEFInd(or similar loader) would handle the boot process. -> Login of each OS would proceed as normal and ALL files would be accessible to all three(3rd party file managers would be needed to an extent I think)
Note: I have yet to find an encryption program that can handle UEFI and GPT (Veracrypt doesn't)
Note2: I had the thought to use a hypervisor and just use one os at a time, but I don't think that the performance impact would be worth it. Any suggestions along this line of thought?
Note3: My knowledge of UEFI, Encryption methods, File Systems and Partitions schemes, and the deep underlining mechanics of the modern OS are a bit patchy. If I'm missing something or making some terrible logic error please enlighten me. I'm (mostly) serious!
KEDLogic
Posted 2016-03-17T22:29:54.157
Reputation: 11
1
Before jumping into details, are you sure you want to go down a rather involved triple boot (possibly infeasible as is) route? Also what's your threat model? Using VMs for Windows and Linux on a OS X host with a FileVault encrypted drive provides a lot of security for most and is a much simpler and usable solution (you'll also be able to keep your Apple support). Are these your specs?. If they are, your performance worries are likely overblown, especially so if you have an ssd. If you're interested I can write a more detailed answer?
– None – 2016-03-18T00:10:39.740I agree with rustynuts. Also, AFAIK it's impossible to encrypt *EVERYTHING* on the hard disk. If nothing else, the boot loader(s) and related files must be unencrypted, since (AFAIK) there's no firmware support for encryption. Even if it did, you'd still need OS-level support for whatever encryption tool you used. The only way around this would be a disk controller that supports encryption in its own hardware and firmware. AFAIK, Macs don't ship with such hardware. – Rod Smith – 2016-03-18T13:23:12.680
A VM is a valid option (I am using one to an extent) but the problem is with performance. I am an onsite IT consultant dealing with Mac, Windows, and Linux environments. I use all three OSs, but I prefer the MacBook hardware and I don't want to lug around 3 laptops. A triple boot would be the ideal if it is possible.
As for the need for security, the laptop holds client data (some of which is medical) so HIPAA comes into play. Full encryption is a must. I’m aware that this will probably be a long and complicated process and I’m OK with that so long as the ed result is stable and secure. – KEDLogic – 2016-03-18T22:41:10.707
Some hard drives have real AES encryption built-in, no software hassles except a supported bios/efi required. Why not just use that? – Xen2050 – 2016-03-18T23:44:52.390
Mh understanding is that nowadays MacBooks have all their parts soldered on. Thought that is a brilliant thought none the less. – KEDLogic – 2016-03-18T23:59:16.023