Comments on: How to use TrueCrypt®-encrypted Windows system drives on Linux

By: J. C. Denton

J. C. Denton — Thu, 20 Nov 2008 18:53:02 +0000

Ok, my problem is fixed, and has been for some time. I am really sorry, for not reporting back, but I totally forgot about the question I posted here. Thanks a lot for your mail Jan, but since it is not my regular e-mail I only found it now and was reminded of this.

Here is the solution, it was very simple: My kernel was simply lacking XTS crypto support, even though the error message given by dmsetup did not give any indication of that at all. You might wanna mention that in the program requirements, though. My current kernel (2.6.25) still has XTS marked as Experimental, but my previous one (.23) didn’t have it at all. So, I guess I am not the only one out there that need to do a kernel update for that. For completeness sake, my system has both the regular loopback device as well as the device mapper crypto target (not the crypto-loop device) coded into the kernel and this works just fine with multiple encrypted volumes. Adding an abitrary number in form of encrypted USB disks seems to work, too. So, I guess there is no limitation.

Once again I wanna thank Jan for this wonderful tool. I have it running on two computers now, without any problems, and I still keep using it in spite of the new TrueCrypt version claiming to offer the same functionality. I just like the slickness with which it perfectly integrates into my automount scripts. Contrary to this, I HAVE to use the official TC for my non-System windows drives and the way it messes up my mtab with those weird fuse mounts is just bad and not pretty at all.

Finally, Jan’s program came in very handy when I was struggling to understand the TC Volume Specification, in order to make a low-level backup of all my MBRs, partition tables and crypto headers. Btw, I recommend doing that to everyone, in DMCrypt+Luks the single availability of the header is the single point of failure and TC only has the backup burned to the Rescue CD (apparently, there is no backup volume header on the driver for system encrypted drives).

By: Recent Links Tagged With "truecrypt" - JabberTags

Recent Links Tagged With "truecrypt" - JabberTags — Thu, 06 Nov 2008 13:34:10 +0000

[...] public links >> truecrypt How to use TrueCrypt-encrypted Windows system drives on Linux Saved by jannideath on Wed 05-11-2008 Useful Software - Truecrypt Saved by omifan92 on Sun [...]

By: Jan

Jan — Sun, 05 Oct 2008 22:52:35 +0000

For reference, here’s a rough summary of the reply I sent to J.C.’s comment: 1) check the syslog (including dmesg logfile) for relevant information. 2) I vaguely recall that at some point, the loop driver was unable to support multiple loop devices unless compiled as a module.

By: J. C. Denton

J. C. Denton — Sat, 27 Sep 2008 10:55:04 +0000

Thanks a lot for the program Jan. Unfortunately, it doesn’t work for me (on a Gentoo Linux system already using DM-Crypt + Luks for Linux system encryption). I actually think your program is fine only when the output is piped to dmsetup that one fails and replies that the device or resource is busy. Can’t figure out what it is, any ideas ? The system layout is Windows system encryption on hda1 (not the entire hard drive, only on that one), plus 2 more partitions encrypted using DM-Crypt + Luks. Maybe it interferes somehow ? Or I got the parameters wrong, why do I have to give the partition and on top of it the disk device ? Can’t that be deduced ? Or is it because your program needs something from the MBR which might be somewhere else ? Thanks a lot. ;)

By: Jan-Krueger.net » Blog Archive » Using TrueCrypt(R)’s encrypted system partitions from Linux, now with less bugs

Sun, 17 Aug 2008 13:30:15 +0000

[...] Creative Engineering « How to use TrueCrypt®-encrypted Windows system drives on Linux [...]

By: Andrew

Andrew — Tue, 12 Aug 2008 03:05:00 +0000

Attempted to use dmsetup-tc on Ubuntu Hardy Heron.

Drive structure:

hda: TrueCrypt MBR

hda1: TrueCrypt system encrypted Windows XP (fully encrypted)
hda2: GRUB bootloader (chainloads hda1 if pwd supplied at TrueCrypt MBR; also boots Ubuntu)
Ubuntu 8.04 Hardy Heron
hda3: swap

Compiled with: CFLAGS = -O3 -DDEBUG

Tried to do:

# dmsetup-tc /dev/hda /dev/hda1 | dmsetup create hda1
Enter passphrase for encrypted volume:
Loading header from /dev/hda…
Deriving header key…
Decrypting header…
dmsetup-tc: fatal error: Success
#

/dev/mapper/hda1 is created, but I cannot mount it.

To get a clue, I tried redirecting the output of dmsetup-tc to a file: out.txt.
The file is empty after running the command.

I tried permutations of my passphrase, with same result. (Inspecting the main.c file, I think I’d have gotten a little further feedback if the command was working, but I had entered a bogus passphrase.)

I’ve verified after these attempts that I can successfully restart, enter my passphrase at the TrueCrypt MBR prompt, and boot into Windows XP.

Using TrueCrypt 6.0a on hda1.

Any suggestions where I might be going wrong?

By: Cchild

Cchild — Wed, 23 Jul 2008 19:58:02 +0000

Reinstall should not be a problem–My data is backed up. I may hay a handful files in my Windows home directory that I will lose.

This is how it happened. I was upgrading (clean install) from openSUSE 10.3 to openSUSE 11.0 and forgot one crucial check–I forgot to tell the boot-loader not to allow writing mbr to disk–since grub currently does not support truecrypt boot-loader.

By: Jan

Jan — Wed, 23 Jul 2008 19:49:13 +0000

I’m not a certified expert or anything but yes, that’s what it looks like to me.

By: Cchild

Cchild — Wed, 23 Jul 2008 19:48:22 +0000

So in other words, I must reinstall the OS?

By: Jan

Jan — Wed, 23 Jul 2008 19:46:35 +0000

Bad news, I think: using another rescue disk to restore the bootloader trashes the volume master keys (every rescue disk has a copy of the volume-specific encrypted header, so using the wrong rescue disk restores the wrong header and the wrong keys).

I think you’re *really* screwed now. If so, you have my sympathy.