DiskCryptor forum

DiskCryptor => Troubleshooting => Topic started by: Anfinuo on January 14, 2015, 04:41:00 pm

Title: Dual boot (XP+7)
Post by: Anfinuo on January 14, 2015, 04:41:00 pm
XP is installed on boot partition.
7 obviously is not.
So how can I (if I can at all), encrypt them, and still boot to both of them ?
Title: Re: Dual boot (XP+7)
Post by: Italick on January 15, 2015, 12:55:36 am
I prefer to get multi-boot set up in Diskcryptor by installing each Windows OS on a different partition, and encrypting each of these with a different password.

I install the Diskcryptor bootloader to the master boot record of the hard drive, and I specify the option to load the first partition that matches the password.

I suggest, if you install Windows 7, that you install the boot manager and the OS on one partition, instead of having Windows 7 and its boot manager on different partitions.

Before making changes to a working system, I recommend making an image copy of the hard drive in case of the need for a recovery.  My preferred tool for this is Macrium Reflect.
Title: Re: Dual boot (XP+7)
Post by: Anfinuo on January 15, 2015, 01:04:02 pm
I prefer to get multi-boot set up in Diskcryptor by installing each Windows OS on a different partition, and encrypting each of these with a different password.
Like I've said, they are on different partitions.

I install the Diskcryptor bootloader to the master boot record of the hard drive, and I specify the option to load the first partition that matches the password.
I'm not that worried about the "first" partition\OS, I'm worried about the second.

I suggest, if you install Windows 7, that you install the boot manager and the OS on one partition, instead of having Windows 7 and its boot manager on different partitions.
XP is installed on boot partition.
7 obviously is not.
Installed, not: I want\plan to install.

Before making changes to a working system, I recommend making an image copy of the hard drive in case of the need for a recovery.  My preferred tool for this is Macrium Reflect.
And backup header after encryption. Yeah, I know. But let's not get ahead of ourselves.
Title: Re: Dual boot (XP+7)
Post by: Italick on January 16, 2015, 11:23:54 am
Hello,

If you select "first partition with appropriate password" in the bootloader configuration options, this means that every time you start the computer, you want Diskcryptor to try starting an operating system from each partition on the installed drives, until it has succeeded.  Success occurs only by starting the operating system that was encrypted by the password that was entered.
Title: Re: Dual boot (XP+7)
Post by: Anfinuo on February 02, 2015, 11:39:53 pm
If you select "first partition with appropriate password" in the bootloader configuration options, this means that every time you start the computer, you want Diskcryptor to try starting an operating system from each partition on the installed drives, until it has succeeded.
I'm more worried about DC bootloader, being compatible with mine. Got two, first with some additional options, and then standard one, with only 7, and XP as options.

I know True\Vera Crypt is "twitchy" with custom bootloaders. Will DC's work ?
Title: Re: Dual boot (XP+7)
Post by: Italick on February 03, 2015, 07:55:19 am
Hello.

DC's bootloader can work with other bootloaders.

At one time, I had 2 encrypted copies of Windows XP on my PC, and I had a third bootable partition containing FreeDOS.

In each copy of XP, I configured the XP bootloader for a dual boot.  The choices were to continue loading XP (my default, with a delay of 1 second), or to start the Grub4DOS bootloader on the same partition.  The Grub4DOS bootloader was installed within each copy of XP.

I configured each copy of Grub4DOS to load the FreeDOS partition, which I left unencrypted.

Each copy of XP had a different password.  In DC bootloader configuration, I was using the "first partition with appropriate password" option to make it possible to select a copy of XP based on the password entered.

My suggestion is to install Windows 7 the way XP is installed, with the windows boot manager situated on the same partition as the OS itself.  I am not saying that having the boot manager and the OS on separate partitions (Microsoft's default) cannot work.  I have not tried that scenario because I sense that it could add unnecessary complexity.

You mentioned that the bootloader for TC/VC is twitchy.  I would like it if the developer of VC would make a "first partition with appropriate password" option in VC.  I think the lack of that capability was a shortcoming in TC.

edit

So to recap my setup, I had 2 copies of XP and 1 copy of FreeDOS.  When I started the PC, the DC booloader would request my password.  My password would determine which copy of XP was mounted and started.  Then, XP would give me an opportunity to interrupt it so that I could start Grub4DOS (another bootloader), which was arranged to load FreeDOS.  The DC bootloader was installed to the MBR of my hard drive, and each partition with XP contained a copy of the XP loader and Grub4DOS.

So here's what you might do:

Install XP.
Encrypt XP with DC, install DC loader to MBR, then test.
Change the bootloader setting to "first partition with appropriate password".
Install Win7 in another partition without creating a separate partition for the boot manager.
Allow the Win7 installer to overwrite the MBR to make it bootable.
Encrypt Win7 with DC (with different password from XP), then install DC loader to MBR.
Change the bootloader setting to "first partition with appropriate password".

If it works, the XP password can load XP and the Win7 password can load Win7.

edit 2

Hello,

I decided to edit this latest post of mine in the thread instead of putting my post after yours.  I think I'll see if I can help you with this by trying out your setup in VirtualBox.

I am assuming these facts for now:  You have XP in the first partition.  Your second partition is a "system reserved" partition installed with Windows 7.  Your third partition is the Windows 7 OS.  You are not running system encryption with Diskcryptor yet, and there is no Diskcryptor bootloader on the hard drive.  The XP partition is the active one, which boots first.

edit 3

I started with a (virtual) hard drive containing only Windows XP, and I installed Windows 7 onto the drive, using unallocated space after the XP partition.

The installer updated the boot manager on the XP partition, and it added Windows 7 to the menu.  Windows XP and Windows 7 are sharing a boot manager.

If you want a dual boot arrangement where the systems are encrypted differently, they cannot share a boot manager.  They each have to run their own copy of the boot manager inside their respective partitions.

I'm seeing if I can use EasyBCD to put a working copy of the boot manager into the Windows 7 partition, so that both systems can be encrypted and operable.

edit 4

Hello.  I finally got a dual boot arrangement for XP and 7, both encrypted, in VirtualBox.  I'm working on explaining how I did it, and I'll update.
Title: Re: Dual boot (XP+7)
Post by: Anfinuo on February 03, 2015, 02:48:49 pm
So here's what you might do:

Install XP.
Like I've said before - already installed both of them.
Title: Re: Dual boot (XP+7)
Post by: Anfinuo on February 07, 2015, 02:53:37 pm
O.K., maybe this will "jog" the thread.

I'm planing to encrypt the non-boot Win 7 partition first, and install DC bootloader.
Then I'll, try the boot partition with Win XP, ditto bootloader.
So I got a question:
"Enable Automounting on Boot Time", if I disable it, and encrypt boot partition, what will happen ? Prompt to mount, then decrypt ? Mounting only by LiveCD, another OS ? End of the world ?

Also, what does: "Force unmount" do ?
Title: Re: Dual boot (XP+7)
Post by: Italick on February 08, 2015, 11:03:28 pm
OK, so here's what worked for me:

(I was using a disposable test environment in VirtualBox, and so I suggest that you put your recovery plan in place before you try any of this on your PC.)

I installed XP in VirtualBox, and then I installed 7 in a partition after XP on the same drive.

It seems to me that the installation disk for 7 automatically updates the boot manager in the XP partition, and sets up both XP and 7 to share the same boot manager.  If both XP and 7 are encrypted with separate passwords for dual boot by Diskcryptor, each OS partition needs to have its own copy of the boot manager.  They cannot share one.

So first, I loaded the 7 installation disk in repair mode and got myself to a command prompt.

To change the active partition to the one with 7 (instead of XP), I did these commands.  Bear in mind that I temporarily made my PC unbootable, because the 7 partition that I activated was missing a boot manager.

D:
diskpart
lis dis
sel dis 0
lis par
sel par 2
active
exit

Then I restarted and booted the 7 installation disk again, and got myself to a command prompt.

C:
bcdboot C:\windows /s C:
bootrec /fixboot
bootrec /rebuildbcd

Those commands installed a boot manager and a boot sector to the C drive, where 7 was contained.  The reason why I made the 7 partition active is because I believe that bootrec /fixboot installs a boot sector only to the active partition, but I have not verified this.

Then, it was time to make the XP partition active again, and my PC became bootable after this was done:

diskpart
lis dis
sel dis 0
lis par
sel par 1
active
exit

Then I started 7.  In 7, I installed Diskcryptor and encrypted the 7 system.

To make this work, the bootloader configuration needs to be changed, using Diskcryptor, before the system is restarted.  In bootloader configuration (main tab), the booting method should be changed to first partition with appropriate password.  In bootloader configuration (invalid password tab), the invalid password action should be changed to boot active partition.  Also in bootloader configuration (invalid password tab), select "Use incorrect password action if no password entered.".

After I restarted, Windows 7 was encrypted, and it could only be loaded by entering the correct password to Diskcryptor.  Entering an incorrect password (or no password) brought me to a boot menu with XP and 7, but 7 was not bootable from that menu.  XP was bootable from the menu.

Then, I encrypted XP with a different password to get a dual boot system where XP and 7 were encrypted.  The last thing to do, as cleanup, is to remove the entry for 7 from the boot menu that starts from the XP partition.  This could probably be done with EasyBCD.
Title: Re: Dual boot (XP+7)
Post by: Anfinuo on February 10, 2015, 01:00:50 am
I decided to edit this latest post of mine in the thread instead of putting my post after yours.
Now I know why I got message about "phantom" reply :)

I am assuming these facts for now:
Italick, don't assume, be 256 steps ahead, just ask if you need some additional info to help me, and answer the question I'm asking.
Why ? Because you're wasting your time needlessly.

No, I don't have no "hidden"\rescue\whatever partition. I got what I've wrote - XP on boot partition (first), 7 on "next" (second).
If this matters (it shouldn't, but maybe it does), I have two other partition for data.

If by system, you're referring to partition with OS, then yes - I don't have it encrypted yet, so no DC bootloader, and hence this thread.
But those two data partitions I've mentioned, are encrypted with DC.
Yes, first (XP) partition is active, first to boot, etc.

So to recap:
1 internal, non-SSD, non-Failgate, HDD, with four partitions (NTFS all), two with OS are unencrypted, two with data are encrypted.

...I suggest that you put your recovery plan in place before you try any of this on your PC.)
I've managed "death" of my "Failgate" 7200.11 series, and a Partition Magic SNAFU before (100% my bad), so one way, or another, I'll live through this too :)
Sadly, the current Macrium doesn't support BartPE (would fit nicely on the one with DC bits).

It seems to me that the installation disk for 7 automatically updates the boot manager in the XP partition, and sets up both XP and 7 to share the same boot manager.
Well, duh !
Probably every new bootloader updates (in one way, or another) the previous one. If it didn't, it wouldn't boot.
When I had Linux on the drive in question, it "updated" it too: First was Linux one with options for Linux, and Windows in general, then Windows one with XP and 7.

...command prompt.
Well, If I would tinker with partitions, I have more user-friendly tools like GParted.
Hell, even the Windows manage bits, could probably do it.
Rescatux is fine too.

The rest looks like a lot of unnecessary, backwards steps\going in circles, so I'm gonna do it myself\way. But thank you for some tips, trying.
Also, feel free to tell me: "I told you so", if I mess up.

Shame DC is so "unpopular"...
Title: Re: Dual boot (XP+7)
Post by: Italick on February 10, 2015, 01:26:56 am
Hello,

To be clear, the walkthrough in my last post concerns a system where XP was installed first, and then 7 was installed in the space after XP, using the installation disk.  The installer only created one partition, and it put Windows 7 there.  (The machine had no reserved partition, or anything else, except for one XP partition and then one 7 partition.)

Quote
No, I don't have no "hidden"\rescue\whatever partition. I got what I've wrote - XP on boot partition (first), 7 on "next" (second).

That looks like the arrangement that I had on my virtual computer that I tried before making the walkthrough.

I've never looked into whether Macrium Reflect can be integrated into BartPE.  I have, however, been able to add Diskcryptor and Veracrypt to a rescue WinPE that I made with Macrium Reflect.
Title: Re: Dual boot (XP+7)
Post by: Anfinuo on February 12, 2015, 05:34:42 pm
I've remembered that I have an old 60 GB drive, so it's gonna be my "lab rat" :D
Just need to "trim" data on the OS partitions, to make them fit.
Will share the results.
Title: Re: Dual boot (XP+7)
Post by: Italick on February 12, 2015, 11:31:25 pm
Hello,

I found a technique (in my virtual machine) that simplifies the bit about tinkering with partitions.

The overall procedure has 4 main stages, and the 4 main stages are the same whether you use this walkthrough or my previously posted one.

1) Prepare the 7 partition (by adding boot manager and partition boot sector).

2) Start encryption for 7.

3) Configure bootloader options that you need in Diskcryptor.

4) Encrypt XP.

To prepare the 7 partition (faster method):

Start 7, insert 7 installation disk, open a command prompt with administrator abilities.

My 7 partition was labeled C: and my cd drive was labeled E:.  Change the drive letters in the following commands, if necessary, to target the cd drive and the 7 partition.

Run the commands:

E:\boot\bootsect /nt60 C:
bcdboot C:\windows /s C:

Now the 7 partition is updated for Diskcryptor.

Next:

Install Diskcryptor on 7 and restart 7, if Diskcryptor was not already installed.

In 7, encrypt the 7 partition.

While encryption is being done, use Diskcryptor to make the changes to the bootloader that you need:

* In bootloader configuration (main tab), change the booting method to "first partition with appropriate password".

* In bootloader configuration (invalid password tab), change the invalid password action to "boot from active partition".

* Also in bootloader configuration (invalid password tab), select "Use incorrect password action if no password entered.".

Restart, then enter an incorrect password (or no password).  Go into XP.  (Trying to start 7 would cause a crash because you did not enter the password for 7.)  Install Diskcryptor on XP and restart XP, if Diskcryptor was not already installed.

In XP, encrypt the XP partition with a password that was not used for 7.
Title: Re: Dual boot (XP+7)
Post by: Anfinuo on February 15, 2015, 04:51:55 pm
FFS, I've been trying to "clone" my existing OS-es, to that old HDD, but it doesn't work.
The backup images are o.k., verified, and stuff. Bootloaders are o.k., but XP freezes at the choose user menu, which now is choose nothing menu, because there's no user to choose from, no mine, no Administrator, no Guest, nothing, just a frelling "wallpaper", with no buttons, or anything.
7 starts, but all my settings, stuff is gone...

I'm very close to using: "F**k It. We'll do it Live!" option...
Title: Re: Dual boot (XP+7)
Post by: Italick on February 15, 2015, 09:02:14 pm
In my past experiences with XP, I found that it worked best to initiate system encryption while running the system that was being encrypted.

I don't know if you were thinking of encrypting 7 while XP is running, and then XP while 7 is running.

I would run 7, encrypt  7, restart to XP, encrypt XP.
Title: Re: Dual boot (XP+7)
Post by: Anfinuo on February 18, 2015, 06:24:24 pm
I would run 7, encrypt  7, restart to XP, encrypt XP.
Yes, that's exactly what I'm gonna do now, when I finally got that "backup" working (more or less).
And it looks like MR Free, is better than commercial software, or at least it's trial versions (no retarded limitation for partition size when restoring).


Edit
I was hopeful prematurely - it doesn't work, or to be more precise - doesn't work like it should.
With both of my HDD's connected, I can F8, and boot from the backup one (with some errors, but DC seems to be working). With only the backup one, I got what I wrote before.
With all those mess-ups people write about, I don't want to install boot record with my main HDD connected, but it seems like there's no other way.
FFS...
Title: Re: Dual boot (XP+7)
Post by: Italick on February 19, 2015, 07:24:29 pm
You could install bootloader to USB instead of HDD.

But then you would have to encrypt 7 while running XP, and XP while running 7.  It is different from my last recommendation, but I have seen it work before.

If I remember right, encryption of the system drive (the one where the current OS is running) automatically puts a bootloader on the HDD.
Title: Re: Dual boot (XP+7)
Post by: Anfinuo on February 21, 2015, 05:50:36 pm
Encrypted the backup 7 partition (yep, it automatically adds a bootloader), with the tips you gave me (First partition with appropriate password, Boot from active partition, Use incorrect password action if no password entered).
I can boot from it, but when I input correct password, it says something about missing MBR :|
Backup XP isn't encrypted, and boots fine after providing incorrect password.
Title: Re: Dual boot (XP+7)
Post by: Italick on February 21, 2015, 10:27:58 pm
Hello,

I assume this has been done:

Quote
To prepare the 7 partition (faster method):

Start 7, insert 7 installation disk, open a command prompt with administrator abilities.

My 7 partition was labeled C: and my cd drive was labeled E:.  Change the drive letters in the following commands, as needed, to target the cd drive and the 7 partition.

Run the commands:

E:\boot\bootsect /nt60 C:
bcdboot C:\windows /s C:

Now the 7 partition is updated for Diskcryptor.

I recall, during one experiment, that I got this message after I entered "E:\boot\bootsect /nt60 C:".

Quote
The update may be unreliable since the volume could not be locked during the update: Access is denied.

I substituted the command to E:\boot\bootsect /nt60 C: /force, and I  got the confirmation that the boot sector was written to C:.

Based on this, I suggest:
* Decrypt 7 while running XP.
* Start 7, then insert 7 installation CD.
* Open elevated (administrator) command prompt.
* Run command <CD_driveletter>:\boot\bootsect /nt60 <Win7_driveletter>: /force.
(Probably, <Win7_driveletter> will be C.  Be sure not to make a change to XP by mistake.)
* Encrypt 7 while 7 is running.
* Make sure previous bootloader options are in place:
(first partition with appropriate password, boot active partition if password incorrect, no password = wrong password)
* Restart and test.

Finishing encryption is not necessary, if you pause the encryption in Diskcryptor before rebooting to test.
Title: Re: Dual boot (XP+7)
Post by: Italick on February 22, 2015, 01:45:07 am
Is there a file named BOOTMGR in the root folder of the drive with 7?

I think that the bootloader's failure to detect BOOTMGR on the partition can result in the message Missing MBR-helper.
Title: Re: Dual boot (XP+7)
Post by: Anfinuo on February 22, 2015, 10:33:37 pm
I definitely think somethings wrong with DC.

I decrypted the backup 7 partition (using BartPE), removed DC bootloader - it boots fine.
I encrypted the backup XP partition (using BartPE), installed DC bootloader - it boots fine, but now, the unencrypted backup 7 partition doesn't.
I've encrypted the backup 7 partition again - it doesn't boot, but fortunately backup still XP does.

I'm finished for today. Maybe in my sleep, something will come to me :D
Title: Re: Dual boot (XP+7)
Post by: Italick on February 23, 2015, 12:25:49 am
Hello.

So XP and 7 are both encrypted, and only XP can be started.  They could both be started while they were not encrypted.

Next, I would use the BartPE to change the 7 encryption password so that it is the same as the XP encryption password.

I suspect that would make both systems bootable (provided that both systems were bootable before the encryption was applied).

It is possible to get both systems working and encrypted under different passwords, but first let's try the test where they both have the same password.
Title: Re: Dual boot (XP+7)
Post by: Anfinuo on February 26, 2015, 04:22:28 pm
Thank you, it worked.
Well, sort of. Got some critical error message, about Win 7 going to shutdown in 1 minute (first time ever). But I think those errors are because of "grafting" (backup of a HDD, "restored" on a different HDD).
Guess, it's time to make, and move backups to external a media, and "get the show rolling".
Title: Re: Dual boot (XP+7)
Post by: Italick on March 02, 2015, 06:45:40 am
Hello.

So, you were able to start both XP and 7 after you put them both under the same password.

You know what that means, don't you?

It means that the actions which the processor needs to perform to boot Windows 7 include reading some piece of data, in plaintext form, that is encrypted on the XP partition.  If the passwords are different, the XP partition does not get decrypted to produce the necessary data to load 7.

If the passwords match, Diskcryptor decrypts some data from both partitions in the process of booting 7, and all of the requirements to start 7 are met.

If you try to have the systems encrypted and working under separate passwords, you have to prepare these things correctly for that plan:

* the partition boot record for 7  (That is to say, the first 512 bytes in the 7 partition, not the MBR.)
* the Windows boot manager files on the 7 partition

By default, Microsoft installer DVDs for Windows 7 do not install the Windows boot manager files onto the 7 partition if you install 7 to a new partition after XP has already been installed.
Title: Re: Dual boot (XP+7)
Post by: Anfinuo on March 02, 2015, 09:34:06 pm
It means that the actions which the processor needs to perform to boot Windows 7 include reading some piece of data, in plaintext form, that is encrypted on the XP partition.  If the passwords are different, the XP partition does not get decrypted to produce the necessary data to load 7.
Well, I don't really follow your logic, and can't test\confirm this, since I've cleaned the test HDD.
Title: Re: Dual boot (XP+7)
Post by: Anfinuo on March 04, 2015, 08:06:11 pm
Funny thing. I've DBAN-ed the backup HDD, but the DC bootloader is still there :D
Guess it's true that DBAN doesn't wipe the "whole" disc.

As for encrypting the "main" drive, it's temporary on hold, but will keep you informed.