Any experts on Bitlocker here?


Recommended Posts

Hi all,

 

Here is the situation. I have a computer that was encrypted with bitlocker one hard drive and encrypted with linux on another drive as a dual boot. This computer was setup way before my time for another user for research purposes. This computer recently had a motherboard replacement. As a result bitlocker broke. I tried for a few days to get the system to accept a pin reset but it kept saying something about the TPM protector. So I decrypted the system for the Windows drive. I then tried to reencrypt it but could not because it was saying a required tpm measurement was missing. This error comes from the fact that Grub is installed. When I restored the MBR the system then allowed me to start bitlocker process for encrypting but I did not complete it because now Grub is broken. If I restore Grub, bitlocker won't work again.

 

TLDR version: Does anyone know how to bitlocker Windows and dual boot linux on separate hard drives?

Link to comment
Share on other sites

On 9/16/2017 at 5:12 PM, Gotenks98 said:

Hi all,

 

Here is the situation. I have a computer that was encrypted with bitlocker one hard drive and encrypted with linux on another drive as a dual boot. This computer was setup way before my time for another user for research purposes. This computer recently had a motherboard replacement. As a result bitlocker broke. I tried for a few days to get the system to accept a pin reset but it kept saying something about the TPM protector. So I decrypted the system for the Windows drive. I then tried to reencrypt it but could not because it was saying a required tpm measurement was missing. This error comes from the fact that Grub is installed. When I restored the MBR the system then allowed me to start bitlocker process for encrypting but I did not complete it because now Grub is broken. If I restore Grub, bitlocker won't work again.

 

TLDR version: Does anyone know how to bitlocker Windows and dual boot linux on separate hard drives?

Talk about making life hard for yourself!

 

(Note: I have opinions on things but I am NOT a BitLocker expert.)

 

https://en.wikipedia.org/wiki/BitLocker

 

1. Don't encrypt drives - silly idea at best. Just encrypt whatever needs encrypting at a file level.

 

2. Don't use BitLocker - as you have found out it is a Windows specific technology which is just destined to not play well with Linux at a low level.

 

3. Don't use TPM - that should make the boot process easier to share via PIN or USB key.

 

4. Use BitLocker, but also use Hyper-V to efficiently run Linux in a VM which obviously also gets encrypted by BitLocker or you can double-encrypt by doing whatever inside the Linux VM

 

5. Use a 3rd Party (open source to prevent back doors)  drive encryption tool that runs on both to reduce headaches. https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software

 

For me I would choose option #1 and also run Linux in a VM since dual booting is so 90's

 

  • Like 3
Link to comment
Share on other sites

I agree, you may as well use this opportunity to reconsider how you currently have things set up and why, and maybe try something different instead.

 

For me, I would also have Windows running on the disk with a VM of Linux. Regarding encryption, I would suggest VeraCrypt due to it being cross-platform and free. Being cross-platform would allow you to access the encrypted data from both operating systems without duplicating information.

  • Like 1
Link to comment
Share on other sites

I actively avoid using bitlocker on desktops, end of, laptops it has its uses (data security) 

 

Sorry isnt a fix, except avoid using it next time when you want/need to share with other OSes. 

Link to comment
Share on other sites

Unfortunately this isn't an option. Its company policy which is why it has to be this way. Believe me I did question the whole dual boot scenario to start with as it just will make things harder in the long run. Due to the nature of the research being done this person who uses the machine will need to use the hardware at its max capacity so a VM would not work which is what I was told. I would have gotten this person 2 separate computers if it came down to it, but I was not around when the call was made to do this.

Link to comment
Share on other sites

6 hours ago, Gotenks98 said:

Unfortunately this isn't an option. Its company policy which is why it has to be this way. Believe me I did question the whole dual boot scenario to start with as it just will make things harder in the long run. Due to the nature of the research being done this person who uses the machine will need to use the hardware at its max capacity so a VM would not work which is what I was told. I would have gotten this person 2 separate computers if it came down to it, but I was not around when the call was made to do this.

Too bad you have to deal with a corporate environment that thinks it makes sense to employ low IQ individuals to make important tech decisions.

 

Hypervisors such as Hyper-V have almost no overhead and are not the CPU sapping software such as Virtual Box from the last millennium. Combine advanced VM technology with modern CPU's sophisticated hardware support for virtualization and it is impossible to make a case for not using VM technology unless there is a biologically based defective processing unit involved.

 

Whole disk encryption doesn't exactly help either when it comes to freeing computing resources.

 

So it must be some monster of a 64 core Xeon Workstation with 512 gig RAM etc to need every extra CPU cycle right?

 

 

 

 

Link to comment
Share on other sites

It is a Xeon system but it is a precision laptop with tons of ram, solid state drive. Pretty much everything to the max on this laptop. The user of said system was very adamant about not using VMs which is why this decision was made back then. I know had I been involved this would not have happened.

Link to comment
Share on other sites

8 minutes ago, Gotenks98 said:

It is a Xeon system but it is a precision laptop with tons of ram, solid state drive. Pretty much everything to the max on this laptop. The user of said system was very adamant about not using VMs which is why this decision was made back then. I know had I been involved this would not have happened.

He probably doesn't know the difference between a VM today and when he started to grow his linux beard 30 years ago ;)

Link to comment
Share on other sites

16 minutes ago, Gotenks98 said:

It is a Xeon system but it is a precision laptop with tons of ram, solid state drive. Pretty much everything to the max on this laptop. The user of said system was very adamant about not using VMs which is why this decision was made back then. I know had I been involved this would not have happened.

If I recall correctly, the new Precisions have 4 M.2 sockets for hard drives.

 

So maybe add a 3rd hard drive unencrypted as the multi-boot drive which should really simplify things.

 

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.