Author Topic: 2xHDD and bootloaders (+invalid password action)  (Read 2069 times)

Orlin238

  • Newbie
  • *
  • Posts: 4
2xHDD and bootloaders (+invalid password action)
« on: October 06, 2014, 02:37:56 am »
Hi all!

I moved from TrueCrypt to DiskCryptor and here's what I got:
Two hard disks:

* sda (with 3 primary partitions)
--sda1 (DCed Windows 8 boot, 350MB, active)
--sda2 (DCed Windows 8)
--sda3 (unencrypted NTFS)

* sdb (3 primary partition + lots of logical disks on extended partition) with GRUB2
--sdb1 Linux boot partition
(...)

I'd like to boot from sdb (GRUB2) when invalid or no password is provided (I don't want to move GRUB2 to first disk, because I want to be able to boot sth even if one of disks is dead/removed, without a need to play again with MBR, bootloaders, active partition flags, recovery live cds, etc.).
Tried setting DC to use the first active partition (for incorrect password case) but it's apparently trying to boot from sda1. So I thought about setting sda3 partition as active and installing GRUB4DOS or GRUB-legacy on it with config telling to boot from sdb, but then Windows 8 hibernation stops working (because it needs sda1 to be active and only one partition can be active on one disk).

Any ideas what can I do?

Maybe I should remove DC bootloader, install (without rebooting) GRUB4DOS, set it to boot (GRUB2) from sdb and then install again DC bootloader (choosing to load boot disk MBR on invalid password)?  But I'm not sure if it's good idea and don't want to break encrypted partitions in any way...

And maybe there is something simpler then GRUB4DOS to install entirely in sda's MBR (configured to boot from sdb)? With GRUB4DOS I will need to place it's files on sda3 (what complicates a bit my future plans for this partition).

Thanks in advance for any suggestions and answers :-)


Cheers,
Orlin

Italick

  • Hero Member
  • *****
  • Posts: 510
Re: 2xHDD and bootloaders (+invalid password action)
« Reply #1 on: October 06, 2014, 08:24:30 am »
Right now, I only run encrypted installations of Windows 8 with DC.

I do not use separate partitions for the Windows boot manager, and I have the DC bootloader set up to load the first partition with the matching password.  The password picks the partition to decrypt, and therefore the installation of Windows 8 to load.  I have a copy of the Windows boot manager in each encrypted Windows 8 partition, each of which is configured to load the Windows 8 copy situated in the same partition.

On my previous Windows XP computer, I had an unencrypted operating system and some encrypted XPs.  The unencrypted system was FreeDOS, within which I could back up and restore the drive's MBR sector before making changes.

To load FreeDOS, I would load an XP partition and I would select Grub4DOS from the XP boot menu, which I configured for providing this option.  A copy of Grub4DOS and a configured "menu.lst" file was in each XP partition, and the copy that loaded depended on the XP partition that I selected by password.  Both copies of Grub4DOS had the same FreeDOS installation in its menu, so there were two ways into a single copy of FreeDOS, each via loading a different XP.

I have not tried to get Windows 8 hibernation to work.  I use a solid state drive for the system, so I have all the start-up power that I need.  An extra hard drive for storage has replaced my optical disk drive, connected by a hard drive caddy for this purpose in laptops.

Orlin238

  • Newbie
  • *
  • Posts: 4
Re: 2xHDD and bootloaders (+invalid password action)
« Reply #2 on: October 06, 2014, 05:52:12 pm »
Hi Italick, thx for reply and your solutions, but they don't seem to apply to my case with two different disks (not just partitions) and usage of DiskCryptor's action for invalid password. I want to keep DiskCryptor's bootloader in MBR of my first disk.

Italick

  • Hero Member
  • *****
  • Posts: 510
Re: 2xHDD and bootloaders (+invalid password action)
« Reply #3 on: October 06, 2014, 07:47:12 pm »
Hello,

I use version 1.0.802.118.  When I use this version with the "first partition with appropriate password" boot option, DC will seek a partition with a matching password on both of the connected disk drives.  I have had an encrypted Windows 8 on each device, each with different passwords.

The invalid password action could be to load the active partition, which could be set up to chainload another partition by Grub4DOS.  The active partition is then unencrypted.  I'm still thinking about how to rearrange it so that you could keep the encrypted Windows 8 active, which keeps hibernate from breaking.

Orlin238

  • Newbie
  • *
  • Posts: 4
Re: 2xHDD and bootloaders (+invalid password action)
« Reply #4 on: October 07, 2014, 12:43:53 am »
Quote
The invalid password action could be to load the active partition, which could be set up to chainload another partition by Grub4DOS.  The active partition is then unencrypted.  I'm still thinking about how to rearrange it so that you could keep the encrypted Windows 8 active, which keeps hibernate from breaking.
That's exactly what I tried and described in first post when I mentioned problem with hibernation :-)

Edit:
OK, I was a bit impatient, so after backing up sda1 and MBR of sda i tested my idea:
Quote
Maybe I should remove DC bootloader, install (without rebooting) GRUB4DOS, set it to boot (GRUB2) from sdb and then install again DC bootloader (choosing to load boot disk MBR on invalid password)?  But I'm not sure if it's good idea and don't want to break encrypted partitions in any way...
And it works :-)

The only better solution for me would be to use bootloader that could entirely fit in MBR and was able to chainload second disk - but I'm not sure if it's even possible. If someone is aware of such a solution - please share :-)

And iIf someone is trying to set up bootloaders as I did (ie. boot from second disk for invalid password action) - here are the most important steps:
0. Disable UEFI
1. Install Windows on sda
2. Install Linux with GRUB2 on sdb
3. Using gparted shrink Windows (or some other) partition on sda and create new primary partition
4. Encrypt Windows partition(s) and install DC bootloader sda
5. Reboot to check if decryption works
6. Uninstall DC's bootloader from sda :-)
7. Install GRUB4DOS on sda (in MBR) as it's described here (from options I only selected "Don't search floppy"). Be sure to select correct disk! It's size in dropdown list might be helpful, if not - unplug or disable in BIOS all disks except the one with DCed Windows.
8. Install again DC's bootloader - it will copy GRUB4DOS bootloader from MBR somewhere and it can be used for invalid password action.
9. Copy grldr file (see step 7, link) to partition from step 3 and create there menu.lst file (not menu.lst.txt) with something like:
Code: [Select]
default 0
timeout 0
hiddenmenu

title Boot 2nd disk
rootnoverify (hd1)
chainloader +1
boot

Some steps can be done in different order or even skipped. Probably most users will start from step 6. The only problem may be the need of additional, unencrypted partition on sda (to place grldr and menu.lst files) - if they didn't create one earlier. Encrypted partition can't be shrinked (in most cases) - so it has to be decrypted first...

I'm using DC 1.1.846.118 and sda3 (ord sda4) partition should be in fat32/ntfs or ext2 format. If used only for placing GRUB files it can be even just 1MB big.

Italick

  • Hero Member
  • *****
  • Posts: 510
Re: 2xHDD and bootloaders (+invalid password action)
« Reply #5 on: October 07, 2014, 10:25:00 pm »
Hello.  It looks like Windows hibernation and DC pose a circular problem.  The encrypted partition needs to be active so that the hibernation works for the encrypted system.  DC is only allowing the selection of active partitions to load by default as a wrong password action, and would need the active partition to be unencrypted in this event.

I think I was reading that there is a bootloader called Syslinux that may use a different scheme in the MBR to determine which partition to chain load.  I think that it uses a byte outside of the partition table.  That way, a partition could be marked (Microsoft) active while it is not the default partition that loads (the Syslinux active one).

See these pages:

http://www.syslinux.org/wiki/index.php/Common_Problems
https://bbs.archlinux.org/viewtopic.php?id=156410

If hibernation is really, really important, you may be able to install Syslinux to the MBR, and default it to load a partition that is not Microsoft-active, but is Syslinux-active.  Then, you could prepare some unencrypted operating system to load after a time-out.  The boot manager could be arranged to allow selecting DC before the time-out expires.  DC, if it is selected, is chain loaded from some partition where it installed instead of from the MBR, and the Microsoft-active partition could be selected by the password.

Getting it all working could end up being a headache though.

edit: And of course, back up meticulously if you are going to try all that.  I don't want to be seeing here that you lost your stuff or your computer isn't working any more.  ;)
« Last Edit: October 07, 2014, 10:43:13 pm by Italick »

Orlin238

  • Newbie
  • *
  • Posts: 4
Re: 2xHDD and bootloaders (+invalid password action)
« Reply #6 on: October 08, 2014, 02:13:56 am »
Thx for replying - but did you read my last post? I presented there working solution. You seem just to rephrase some of my ideas, but in a bit worse way (at least for my case).
Quote from: Italick
DC is only allowing the selection of active partitions to load by default as a wrong password action (...)
That is not true. As I described in my solution - you can also tell DC to use a bootloader from the copy (made by DC) of previous MBR.

Quote from: Italick
And of course, back up meticulously if you are going to try all that.  I don't want to be seeing here that you lost your stuff or your computer isn't working any more.
Quote from: Orlin238
(...) so after backing up sda1 and MBR of sda I tested my idea
:)

The topic is almost closed - now I'm just waiting for ideas to resolve small inconvenience:
Quote from: Orlin238
The only better solution for me would be to use bootloader that could entirely fit in MBR and was able to chainload second disk - but I'm not sure if it's even possible. If someone is aware of such a solution - please share :-)