LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 04-29-2011, 01:35 PM   #1
Cotun
Member
 
Registered: Jan 2009
Location: UK
Distribution: Debian Stable and Unstable
Posts: 61

Rep: Reputation: 21
Dual-Booting With Ubuntu Using Grub 2 And A Truecrypt Windows Installation


Hi

I've been trying to get a dual-boot system with a truecrypted Windows partition and grub 2 in combination to work successfully and to date, I haven't had much luck. I'm using the grub 2 version from Ubuntu 10.04.2 LTS.

I understand from searching through Google that there is presently no easy way to chainload the Truecrypt boot loader from Grub 2 in a similiar way that was done with Grub 1. This is because the Grub 2 payload is much larger and actually overwrites some of the Truecrypt boot loader, preventing it from starting.

A workaround is to boot the Truecrypt recovery ISO from Grub 2. This has been reported to work and is well documented on the forum thread below:-

http://ubuntuforums.org/showthread.php?t=1229541&page=3

However, I haven't been able to get this to work. In particular, the section shown below for adding a custom item to the Grub 2 menu is where the problems start.

Code:
#!/bin/sh
exec tail -n +3 $0
# Vista TrueCrypt
menuentry "Truecrypted Vista" {
insmod part_msdos
insmod ext3
set root='(hd0,msdos3)'
linux16 ($root)/memdisk iso raw
initrd16 ($root)/truecryptDesktop.iso
Firstly, "insmod ext3" does not work on this system at all, although "insmod ext2" goes through without error and should still work. My version of grub 2 also does not accept the designation "(hd0,msdos3)" and actually requires the older (hd0,3) type. I have confirmed that grub 2 is able to access the files required on the boot partition though and the hard disk and file designations are correct.

Things really go wrong on the last two lines starting with linux16 and initrd16. When this grub 2 entry is run, the memdisk boot loader does appear to start up, but it freezes on a line "Loading boot sector... loading...". I don't think it ever gets to trying to load the truecrypt ISO image.

Does anybody know what might be going wrong here? I've been looking for ages now and can't seem to find any solution to this problem apart from restoring the Truecrypt loader to the hard disk and trying to chainload Grub 2 from Truecrypt. I'd rather use Grub 2 as the main loader though as Ubuntu Linux will be the main operating system in use.

Thanks
 
Old 04-30-2011, 11:02 AM   #2
thebombzen
Member
 
Registered: Dec 2010
Location: Noneya Business
Distribution: Linux Mint
Posts: 56

Rep: Reputation: 5
Bootloading windows with grub can be annoying. Here's how I do it:

First: Windows likes to think it's the first drive. If it isn't, it will complain on boot. Often you might have grub on a different drive than windows, in this case add this to your grub.conf file.

map hd1 hd0

This make whatever is being chainloaded think that hd1 is actually hd0, so if windows is on hd1 it won't complain. If both windows and grub are on different partitions of the same drive, then you can skip this.

The next is to use rootnoverify to set what to chainload. For me, grub is on hd0,0, and windows is on hd1,2. So I'd use

map hd1 hd0
rootnoverify (hd1,2)

because grup ignores the map command for its own purposes. The last step is to chainload.

So wherever you have windows installed, I'll call it hdX,Y, do this

map hdX hd0 (ignore this if X = 0)
rootnoverify (hdX,Y)
chainloader +1

This should be the way for you to chainload windows from grub.
 
Old 04-30-2011, 01:17 PM   #3
Cotun
Member
 
Registered: Jan 2009
Location: UK
Distribution: Debian Stable and Unstable
Posts: 61

Original Poster
Rep: Reputation: 21
Thanks for your reply.

I'm pretty sure all the commands you provided are for Grub 1 and I'm using Grub 2. Additionally, I'm using a truecrypt'd version of Windows and the commands you provided seem to be for a standard version. Unfortunately therefore, the information you provided isn't any help

Grub 2 works fine for a standard version of Windows and Grub 1 works fine with the Truecrypt/Windows combination. I just can't get Grub 2 and Truecrypt to work together
 
1 members found this post helpful.
Old 04-30-2011, 03:41 PM   #4
shugo
LQ Newbie
 
Registered: Apr 2011
Posts: 2

Rep: Reputation: 1
I am trying to do something similar, but my setup is breaking for different reasons. I can try to offer a few pieces based on what I've done so far.

First thing I can advise is not hard-coding the root device into the config ( set root='(hd0,msdos3)'
). I believe it is better practice to use the UUID of the filesystem, so that should something change in the system that affects the drive ordering (moving plugs, BIOS update, etc.) you won't have to change your GRUB2 configurations.

You can do this by first finding the UUID of your filesystem. In Ubuntu, run

Code:
sudo blkid
which will print something similar to the following

Code:
/dev/sda2: UUID="67e61837-c1a4-417c-9ac4-403c85406ea8" TYPE="ext4"
/dev/sda3: UUID="95d0a291-d127-404c-91ae-4d667a04a2a0" TYPE="ext4"
This will list each partition that it can read and print the name of the partition device (/dev/sda2) and the UUID associated with it (67e61837-c1a4-417c-9ac4-403c85406ea8). In my case /dev/sda1 is the TrueCrypted-NTFS for Windows (it does not print out here because we cannot see the filesystem data), /dev/sda2 is my /boot partition, and /dev/sda3 is my Ubuntu install. You can use that to find your disk in GRUB2 similar to the following:

Code:
menuentry "Windows" {
search --set=root --fs-uuid 67e61837-c1a4-417c-9ac4-403c85406ea8
linux16 /memdisk iso
initrd16 /TrueCrypt_Descue_Disk.iso
boot
}
This is my menu entry that loads up the TrueCrypt Rescue Disk. Note that there isn't the ($root) used anymore. This is because when GRUB2 sees paths that don't start with a device name such as (hd0,msdos1), it uses the path relative to the "root" variable already. Using the variable is a little more explicit, but I think this way is a bit cleaner. You could just as easily use the variables as you had them, as a matter of personal preference.

I have seen some issues regarding how the bootstrapping with memdisk actually works. You'll notice that I do not have the "raw" parameter that you and the UbuntuForums post did. When I had that parameter, memdisk would hang when it printed out its version. So at the moment I am defaulting to the "safeint" usage, but it might be worth playing around with those yourself to see what works on your system (I can't post URLs, but if you google "memdisk set memory access method" it will take you to the list).

Something else I had tried was extracting the raw boot image from the TrueCrypt Rescue Disk and trying to boot with that, but I am not entirely sure that is needed. If you would like to go that route I can provide more info how to do that as well.

I am also using a newer version of GRUB2 (the one included with the new 11.04 release, 1.99-rc1), so that may or may not affect my results in comparison to yours.

Not sure how much this has helped, but maybe there is some useful information in it. Best of luck solving this dilemma.

Last edited by shugo; 04-30-2011 at 03:43 PM. Reason: typos
 
Old 05-01-2011, 06:17 AM   #5
Cotun
Member
 
Registered: Jan 2009
Location: UK
Distribution: Debian Stable and Unstable
Posts: 61

Original Poster
Rep: Reputation: 21
Thanks for the information Shugo.

Quote:
First thing I can advise is not hard-coding the root device into the config ( set root='(hd0,msdos3)'
). I believe it is better practice to use the UUID of the filesystem, so that should something change in the system that affects the drive ordering (moving plugs, BIOS update, etc.) you won't have to change your GRUB2 configurations.
I agree this is better practice, but I'm unlikely to be swapping the drive orders anytime soon and it would cause complications even if I did implement this step. I also know for sure that this isn't the problem with my boot loader because I pressed C when it booted up, and manually entered the information on the grub command-line. Tab-completion was working perfectly, so I know it is indeed finding the files.

What is interesting though is that the "msdos" notification does not work on my grub like it is mentioned on the forum. I guess this might indicate that the grub version they were using was newer than the one that comes with the LTS edition. When I installed Truecrypt, I used the original LTS edition to update the MBR with Grub 2 so maybe I should update Grub 2 on my actual desktop and then update it again. It might be a newer version.

Quote:
I have seen some issues regarding how the bootstrapping with memdisk actually works. You'll notice that I do not have the "raw" parameter that you and the UbuntuForums post did. When I had that parameter, memdisk would hang when it printed out its version. So at the moment I am defaulting to the "safeint" usage, but it might be worth playing around with those yourself to see what works on your system (I can't post URLs, but if you google "memdisk set memory access method" it will take you to the list).
Thanks, this is useful. I'll have to test it and see if it helps. But since you had no success, I'm not too hopeful
 
Old 05-02-2011, 02:19 AM   #6
shugo
LQ Newbie
 
Registered: Apr 2011
Posts: 2

Rep: Reputation: 1
Quote:
Originally Posted by Cotun View Post
What is interesting though is that the "msdos" notification does not work on my grub like it is mentioned on the forum. I guess this might indicate that the grub version they were using was newer than the one that comes with the LTS edition. When I installed Truecrypt, I used the original LTS edition to update the MBR with Grub 2 so maybe I should update Grub 2 on my actual desktop and then update it again. It might be a newer version.
That is a little weird. What version does grub report back when you do

Code:
sudo grub-install -v
sudo dpkg -s grub-pc
as compared to what GRUB reports at the top when you are at the menu?

Quote:
Originally Posted by Cotun View Post
Thanks, this is useful. I'll have to test it and see if it helps. But since you had no success, I'm not too hopeful
I was actually having problems with my setup for another reason: I was trying to boot GRUB2 from a USB disk and use it to chainload TrueCrypt to decrypt and boot an encrypted system disk that was actually inside the computer, as to not depend on the TrueCrypt bootloader on disk to help prevent an attack like the Stoned bootkit. The reason why I am having issues is because of how TrueCrypt only looks for hd0 to try to decrypt, and when you boot from USB that drive steals hd0. So you can't boot because when you type in the password at the prompt it is trying to decrypt my USB disk instead of the real hard drive. Other people seem to used the

Code:
map (hd0) (hd)
map (hd1) (hd0)
trick to get around that in GRUB1, but when I use the new drivemap -s directive (equivalent in GRUB2 from what I understand), the memdisk kernel just hangs after printing out its version. Still working on that one.

However, I did setup the scenario you have with a VM (mostly, different Windows and Ubuntu versions), and I did get it to successfully boot TrueCrypt-ed Windows as well as Ubuntu from GRUB2. So I do believe it is possible, and I'm more than happy to share what I did step for step in hopes that something comes out for you too.

The first thing I did was take a brand new 20G and boot the Windows 7 installer. I created a single 15GB partition on it and installed Windows onto that (I side-stepped the 100MB system-reserved partition, because that is only strictly necessary for BitKeeper, which I was not using). Once that was installed I put TrueCrypt onto it and setup System Encryption as a partition. Let TrueCrypt install its bootloader and let me create a rescue disk, and let the encryption step happen.

Once all of that was done, I shutdown the machine and put in an Ubuntu 11.04 install CD. It booted and I setup 2 more partitions using the rest of the space: a 512MB /boot partition and the rest of it as / for Ubuntu. I told GRUB2 to install to /dev/sda, so that it would overwrite the TrueCrypt loader and run instead.

I rebooted the machine, and Ubuntu loaded with GRUB. I copied memdisk from the installation and the rescue disk from TrueCrypt into /boot, and added the following to /etc/grub.d/40_custom

Code:
#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
menuentry "Windows" {
    search --no-floppy --set=root --fs-uuid 454389aa-7b14-4ed4-a48b-7729edfd7ff8
    linux16 /memdisk iso int
    initrd16 /RD_Test.iso
}
where the UUID here is to put root as my /boot partition, and RD_Test.iso is the rescue disk iso TrueCrypt created. Note that I have the parameter "int" given to memdisk instead of "raw" or "safeint". I have this because if I used any of the other values, Windows would reboot as soon as it got to the login screen. Not sure why that is, but it didn't if I did it this way.

So I added that entry, and ran

Code:
sudo update-grub
and made sure that my /boot/grub/grub.cfg had the menuentry for my Windows.

After that, when I rebooted holding Shift, I saw my Windows entry in the menu, and selecting it takes me to the TrueCrypt rescue disk launcher. However, when I typed in my password it would report that it was incorrect. I am still not sure why this is (perhaps GRUB2 overwrote something TrueCrypt cared about in the first partition), but going into Repair Options and repairing the Volume Header seems to have fixed whatever had gone wrong. Now I have a machine that will boot either TrueCrypted Windows 7 or Ubuntu from a GRUB2 bootloader.

Again, I'm not sure how much any of this will help you. You were saying that you would see the "TrueCrypt Rescue Disk" printed out, but nothing past that. I had seen something similar, and I believe it was changing off of the "raw" parameter to memdisk that got past that. Try booting GRUB2, editing the configuration for your Windows entry with Ctrl-x for a different memdisk parameter and seeing if any of them make it further.

I've also seen information that memdisk can have trouble when there are BIOS bugs, which may explain why it doesn't completely load the TrueCrypt rescue disk when you do it now. It is a bit dangerous, but it might be worth looking at BIOS updates for your motherboard and see if there is any particular mention of something.

I will hold on to this VM for a while in case there is anything I can pull off of it for you that would be of help.

Best wishes,
Shugo

Last edited by shugo; 05-02-2011 at 02:26 AM. Reason: extra detail about grub version and other troubleshooting steps
 
1 members found this post helpful.
Old 05-02-2011, 12:51 PM   #7
Cotun
Member
 
Registered: Jan 2009
Location: UK
Distribution: Debian Stable and Unstable
Posts: 61

Original Poster
Rep: Reputation: 21
Thanks for going to incredible trouble just to test out my configuration! I do really appreciate the effort. You deserve your rep for that one

Unfortunately, this is probably not a good time to tell you that I abandoned trying to get it work and installed the Truecrypt boot loader back into the MBR. Then I installed Grub 2 to the /boot partition and now both systems boot perfectly. The only annoyance is having to press ESC before the Grub loader appears, but seriously that's not much of a hassle

I was right in regards to the grub version not being updated to the latest. The original LTS edition had version 1.98-1ubuntu5 and that's what was installed in my boot loader. I updated the package to 1.98-1ubuntu10 and flashed the boot loader with it, but it unfortunately made no difference. Grub-install, the initial boot menu and the package information show the same version.

Quote:
I was actually having problems with my setup for another reason: I was trying to boot GRUB2 from a USB disk and use it to chainload TrueCrypt to decrypt and boot an encrypted system disk that was actually inside the computer, as to not depend on the TrueCrypt bootloader on disk to help prevent an attack like the Stoned bootkit. The reason why I am having issues is because of how TrueCrypt only looks for hd0 to try to decrypt, and when you boot from USB that drive steals hd0. So you can't boot because when you type in the password at the prompt it is trying to decrypt my USB disk instead of the real hard drive. Other people seem to used the trick to get around that in GRUB1, but when I use the new drivemap -s directive (equivalent in GRUB2 from what I understand), the memdisk kernel just hangs after printing out its version. Still working on that one.
Hmm, yes, I see your problem. I'm not really qualified to provide any suggestions (I don't even really understand the memdisk kernel at all), but it reminds me of the difficulties I had when I created a bootable crypto USB flash drive containing a full copy of Debian. It worked eventually, but there was lots of head scratching over the mounting of partitions before I got it all right.

I hadn't heard of the Stoned bootkit, so thanks for the info on that. It seems if Truecrypt filled the remaining MBR sectors with relevant and verifiable data, it would provide immunity against it (although this might cause other problems). Stoned looks to be quite a sophisticated piece of software though.

If you do manage to resolve it, could you let me know. This is probably a security hole to think about in the future.

Quote:
Again, I'm not sure how much any of this will help you. You were saying that you would see the "TrueCrypt Rescue Disk" printed out, but nothing past that. I had seen something similar, and I believe it was changing off of the "raw" parameter to memdisk that got past that. Try booting GRUB2, editing the configuration for your Windows entry with Ctrl-x for a different memdisk parameter and seeing if any of them make it further.
Unfortunately this didn't have any effect. I never actually see anything relating to Truecrypt being printed at all, I'm almost certain that the boot loader is never actually loaded and all the output comes from memdisk. I don't know why it freezes up, but it's possible it relates to the fact that my /boot partition and the Truecrypt partition are on different drives. That might really confuse it. I could try the drivemap suggestion you mentioned in your post, but I've already decided not to spend more time trying to get this to work at present.

Another possibility is that this issue has been resolved in a later version of Grub 2. You are using Ubuntu 11.04 while I'm still with the 10.04 LTS version. That might be significant.
 
Old 05-22-2011, 10:08 AM   #8
Lisux
LQ Newbie
 
Registered: Aug 2005
Posts: 3

Rep: Reputation: 1
After struggling with this for a while I finally found grub2tc which seems to be the best way to go about it. It extracts the TrueCrypt bootloader and converts it to a format that grub can load.

grub2tc's README also explains how to solve some of the common problems mentioned here like the "It appears you are creating a hidden OS" error ("TrueCryp" tag/marker is present) and "Incorrect password" (missing volume header) either when using grub2tc or recovery iso method.

Last edited by Lisux; 05-22-2011 at 10:10 AM.
 
Old 07-06-2012, 02:20 PM   #9
macher1
LQ Newbie
 
Registered: Jul 2012
Posts: 3

Rep: Reputation: Disabled
2Lisux: Could you describe how to use grub2tc please? I would be very grateful. Thank you!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] grub rescue: "error: unknown filesystem" when booting Windows XP / Ubuntu dual boot LittleRatRottenHut Linux - Laptop and Netbook 9 02-01-2011 08:32 PM
Problem with grub dual booting windows xp and ubuntu 7.04 Frozen.past Linux - Newbie 36 01-31-2008 08:49 AM
Problem dual-booting into windows xp with Grub justintime32 Debian 4 03-26-2005 12:27 PM
Dual-booting Ubuntu using Grub fails tsalem Linux - Newbie 10 01-25-2005 09:47 PM
Dual booting redhat 9 with windows XP using GRUB TechnoBod Linux - Software 2 07-09-2003 06:58 AM


All times are GMT -5. The time now is 07:25 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration