Dual boot and disk encryption

3

2

I need to dual boot these:

  • Unencrypted Windows 7 partition
  • Encrypted Linux partition (/ and /home)

I was thinking to erase the entire disk then: Install Windows 7 then install a linux distribution in this way:

  • /dev/sda1 windows boot - unencrypted
  • /dev/sda2 windows system - unencrypted
  • /dev/sda3 /boot - unencrypted
  • /dev/sda4 LVM encrypted
  • /dev/sda5 swap

Do you think that it will work? is it safe?

Thanks a lot!

Luca

Posted 2013-03-13T14:32:35.103

Reputation: 31

what kind of partition table are you using MSDOS or GPT? You should encrypt swap, too (put it inside lvm), as you can't control which parts of the memory are written to it. – Baarn – 2013-03-13T14:40:05.387

I'll use MSDOS. Thanks for reply. It should work with this partition table and grub? – Luca – 2013-03-13T14:47:16.007

@Luca - What will work exactly? As it being safe depends on you use to encrypt /dev/sda4 – Ramhound – 2013-03-13T15:08:05.227

i'll encrypt with the default method of the ubuntu 12.10 installer (dm-crypt with luks) – Luca – 2013-03-13T15:12:02.730

You can only have four primary partitions in the MSDOS partitioning scheme. Simply solve it by putting swap inside lvm. I still don't really get the question, what do you think is safe? And it sure works, if you are able to get it to work is another question. – Baarn – 2013-03-13T16:04:03.660

Thanks. The question was if I can boot fine both systems with that partition table (I'll put swap in the lvm). – Luca – 2013-03-13T16:16:14.497

Answers

0

It should work [ at least from a Linux point of view, I don't "do" windows - but it looks like that should work too - not sure if you need a boot partition for Windows though], except as @Informaticker said it would be sda5 and sda6 because sda4 is a virtual partitions. A few thoughts which may help you do it even better -

  1. If you are going to use LVM, why not put the SWAP partition on LVM as well ? That will give you more flexibility.

  2. Instead of running LVM for Linux, have you considered just running the OS on 1 partition and then a second partition - formated as FAT32 (or maybe NTFS ?) and then creating a file the size of the disk and using Truecrypt - with symlinks from /home, /root and anything else you care for. This will provide a few advantages including the ability to access it from either OS and plausible deniability (both OS's will boot without prompting for a password, and Truecrypt has plausible deniability built in). Of-course, this is not full-disk encryption so might not be what you want.

davidgo

Posted 2013-03-13T14:32:35.103

Reputation: 49 152

Asked: 2013-03-13T14:32:35.103

Viewed: 411 times

Active: 2013-03-15T07:18:18.393