multi-boot with full hard drive encryption and pre-boot authentication using Fedora & windows 10
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
multi-boot with full hard drive encryption and pre-boot authentication using Fedora & windows 10
I would like to multi-boot with full hard drive encryption and pre-boot authentication using Fedora 20 or higher and windows 10. Unfortunately all I can find is old information and I can't figure out how to apply it to both Fedora 20 or the newer versions and Windows 10.
I am sorry if this is in the wrong section I could not figure out where to put it.
Interesting. I do not see a question in your post, but that sounds like an interesting project.
I would think you require an encryption tool suitable for full disk encryption that is compatible with linux, with Windows, and with grub all at the same time. Challenging!
I would think Truecrypt might serve, although it is out of development and support and may be NSA compromised. There are projects spawned from the fires of its demise that might serve a well.
I have always encrypted my partitions a bit separately (and reluctantly) using tools that fit the OS involved. Truecryypt may have been involved, but I have not attempted what you propose.
I know next to nothing about these things, but wouldn't it be best to use a HDD/SSD that offers hardware-level full disk encryption (FDE) using the BIOS ATA password as the key?
In that way the encryption would be completely operating system-agnostic, the encryption being at a lower level than any operating systems and data on the drive.
Last edited by hydrurga; 03-17-2016 at 06:22 AM.
Reason: Always learning new things...
Sorry the post was the question. I just worded it as what I wanted to get done because I am not sure how to go about doing it. I know how to do them each separately but the windows encryption does not play well with the Fedora encryption.
I would think Truecrypt might serve, although it is out of development and support and may be NSA compromised. There are projects spawned from the fires of its demise that might serve a well.
Veracrypt is one of those that came out of TrueCrypt.
I didn't know that there was a term for this:
Quote:
What is pre-boot authentication?
Pre-boot authentication (PBA) is the process of authenticating a user before the computer boots up. In other words, if you use a computer with Windows as the operating system, the encryption software will ask for a username and password the moment you turn on the computer. This is before you even see the Windows startup screen (which, incidentally, confirms your computer is booting up). The Windows logon prompt, of course, shows up after the boot-up screen is done with its thing.
So, with PBA, the computer will wait to boot up until you supply the correct username and password. The lights are on, but nobody's home. Why is this important?
I know of LUKS for RHEL, however I don't believe it is advised to encrypt the /boot, and typically its for partitions.
Last edited by JockVSJock; 03-17-2016 at 11:17 AM.
Veracrypt is one of those that came out of TrueCrypt.
I didn't know that there was a term for this:
I know of LUKS for RHEL, however I don't believe it is advised to encrypt the /boot, and typically its for partitions.
Hardware based encryption trumps all of this, and makes the OS somewhat irrelevant. I have never understood what value it has if engaging the decryption is automatic. You have not PROTECTED anything.
TruCrypt, the last versions anyway, was quite capable of encrypting the entire drive INCLUDING boot partitions, linux partitions, and Windows partitions. The TC loader got control first, and you had to enter the key to get past it. Once the TC loader was happy, it would fire up the decryption code and load the boot image (which could be the grub loader) and you were off to the races. I never used it that way, but a few people on my team did.
If you fired up a live-cd and examined the disk, it looked blank and unformatted. There were settings to apply a honey-pot of sorts: decoy partitions that looked real and from within which would disallow access to or even detection of your encrypted data.
LUKS is nice for Linux, if you need encrypt only data partitions. You can do more with it, but not like what you could with TrueCrypt. As far as I know, it does not do Windows.
I may have to look into VeraCrypt. Sounds interesting.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.