Which encryption method is best used for my MacBook Pro which uses Boot Camp for Windows 7?

0

I'm running MBP 6,1 with Lion 10.7.4 and Boot Camp with Windows 7 x64.

I'm doing research to try and encrypt my laptop so that while I'm traveling I feel a little more secure about this machine in case it gets lost. I know that my options are more difficult because of the Boot Camp drive.

I've read a few sites that say it's likely to be a combination of File Vault for OS X and TrueCrypt for Windows. However, I need more specific instructions about what it involves.

Here are my questions:

  1. Will I have to completely reinstall both OSes from scratch? I've read that TrueCrypt needs to be installed first?
  2. Which order do I need to encrypt first? Should I first encrypt Windows with TrueCrypt?

I appreciate any feedback from people who have already successfully done this.

micah

Posted 2012-05-23T20:41:53.257

Reputation: 121

Answers

1

You'll find lots of links saying how they did it with both true crypt and Filevalt but very little that confirm that it works nicely.

I decided not to bother with my OSX partition as so little on there that needs to be encrypted if any... and used TrueCrypt but I had to loose the GPT Protective partition to do it.

It works and I was able to boot to both OS's as I needed :) (though I now cant boot to OSX for some reason)

However It seems that the only real (simple, reliable) solution is PGP Whole Disk Encryption - which if (and when) I need to do it again or need to do both I will be doing.

As for more info as to how to do it lifted from here

After much work I was able to accomplish using both FileVault and TrueCrypt. The biggest issue to work around was the fact TrueCrypt (TC) boot loader exceeds the maximum size that can fit in the first sector, it extends into the GPT rescue partition and corrupts the GPT partition table data. Since it is not possible to install the TC bootloader I used GRUB/GRUB4DOS to load the ISO recovery image of TC to boot the proper windows partition.

I managed to setup the partitioning to allow Windows to install on the “second” MBR partition.

My GPT partition layout is :

  1. GPT Rescue
  2. GRUB Boot
  3. Windows
  4. OSX

I used gpart from the Linux SysRescue CD. I created the layout above, and created a Hybrid MBR with partitions 2 and 3.

I installed OSX Lion onto the OSX partition.

Once this was setup I proceeded to install Windows. You can only format the windows partition during the installation, do not do any partitioning as this will corrupt the GPT data.

With windows installed and working installed the BootCamp drivers and then installed TC. Installing TC will corrupt your GPT/Hybrid MBR setup as it will overwrite the GPT table and GPT rescue partition when it writes the bootloader. Now you will need to use the Linux SysRescue CD and gpart to restore the GPT partition table from the backup and recreate the Hybrid MBR.

With the partition table rebuilt you will need to setup GRUB/GRUB4DOS to load the TC recovery ISO to boot the Windows partition. This involves installing GRUB and then installing GRUB4DOS as the boot image for GRUB. GRUB4DOS can then be setup to boot the TC recovery ISO.

Once Windows/TC was all setup, I went back to OSX and enabled FileVault. If you did everything correctly you will notice that the disk partition tool under OSX still reports the disk as a GPT disk, not MBR. If it is reported as MBR FileVault will fail to enable.

Booting the recovery ISO is a bit messy, but it does accomplish the task of using both FileVault and TC. Perhaps TC will be improved in the future such that it creates a multistage boot loader and using an additional partition instead of just overwriting beyond sector 1 which just happens to work for Windows.

Edit:

One thing I recommend is that you have a good backup to start with so you can recover to where you were. clonezilla can and will do it.

Also make sure the partition table is backed up (both the GPT and MBR - hybrid mbr) otherwise you can have fun.

Dreaddan

Posted 2012-05-23T20:41:53.257

Reputation: 111

Asked: 2012-05-23T20:41:53.257

Viewed: 969 times

Active: 2012-07-13T14:18:29.070