Encrypted Windows 7 & Linux Advice Wanted

I would like to set up my laptop to dual boot Arch Linux and Windows 7 with file sharing and encryption. Just wanted some advice on going about this because I have not dealt with encryption nor file sharing. I have two 500GB hard drives, and this is my plan:

Install Windows 7 across both hard drives
Use a live CD to wipe out Windows boot loader and replace with Grub Legacy
Use live CD to wipe out second hard drive and re-size the Windows partition located on first hard drive
Install Arch Linux along side with Windows 7 on first hard drive, all remaining space goes to home folder as ext2
Install truecrypt and ext2fsd

Concerns:

Is this the most efficient way to share files between both OSes? Or should I just be using NTFS to store all my data?
How would the file permissions work when sharing files between Windows and Linux?
Is there a high likley hood of corruption, and what is the ease of backing up files from an encrypted disk?
Anything I should look out for, conflict between Grub and Truecrypt?

Thank you for any advice, and feel free to post any links you might find useful to me. I am trying to plan this out so I can minimize downtime as I do not want to spend more than a night on this, nor do I want to run into a major problem some time in the future.

Miles

Posted 2012-04-20T23:04:18.563

Reputation: 23

This is possible, but its too late for me to make an answer. You might spend more than one day to get it work. You have to use Grub2, because it is easiest to use the recovery *.iso of truecryt to make win7 boot. (legacy cannot boot from an image afaik). – Baarn – 2012-04-21T00:11:57.447

Answers

I'm not sure about how best to set up the file sharing between operating systems, but I wrote up a description of how to get Windows 7 and Arch Linux installed with encryption on a single drive: http://aprescott.com/posts/dual-booting-windows-and-linux-with-encryption

You may be able to work off this approach to have the second drive be shared and automounted in both operating systems, provided the filesystem on the second drive is supported enough for reading and writing.

File permissions would be dealt with by whichever piece of software is non-natively dealing with the filesystem being mounted. Some software will only mount some filesystems in read-only mode and won't touch any of the permissions when writing, for example.

To back up, you have a few choices. One is to back up the entire drive at the binary level, using a command like dd or a specific tool. Since this involves copying encryption headers set by both TrueCrypt and dm-crypt, there's consideration you need to give to the security of such a backup, as well as handling the possibility of changing your decryption keys.

An alternative, one which I try to follow, is to simply backup files with rsync from your operating system partitions to an external drive which is itself also encrypted. Mike Cardwell has a good blog post on secure, free, incremental and instant backups with Linux.

Adam Prescott

Posted 2012-04-20T23:04:18.563

Reputation: 126

This article could help you with the encryption part. It's rather old and uses Win XP and Ubuntu 8.04 for the demonstration, but the principles are there, even Grub vs. Truecrypt.

Also I don't see a reason why span the Windows/NTFS across both disks in the first step. Better create proper-sized partitions during the Windows installation, so you won't need to resize them later. You can format them later to anything you need.

As Truecrypt encryption for a system disk is only available for Windows, you have to encrypt your Linux system partition differently. There's a nice article on howtogeek.com on that.

As for the other "data/home" hard drive, I'd use Truecrypt's whole drive encryption and format that to ext3 then. ext2fsd can handle it from Windows as well, and unlike ext2, ext3 has a journal, which is a major convenience. Here's a note about mounting Truecrypt partitions on boot, which you'll need if you want it as /home.

tlwhitec

Posted 2012-04-20T23:04:18.563

Reputation: 155