Linux-Windows Vista dual boot with BitLocker and a TPM


Based on my earlier posts, I’ve recently written a whitepaper for Microsoft France on how to build a machine that is capable of dual booting either Linux or Windows Vista when the latter is protected by BitLocker leveraging a TPM chip.


If you understand French, you’ ll find the whitepaper, a webcast where I describe the steps and a video showing all the process and test of the final result on Microsoft’s France interoperability website (http://www.microsoft.com/france/interop). To directly access the file please go to http://www.microsoft.com/france/interop/themes/infrastructure/20080430-dualboot-linux-bitlocker/default.mspx.


The video (“Partie2”) is annotated with French callouts but it should be easy to understand even to non French speaking people. Here are the different sequences you can watch (the file embeds markers to jump directly to the different sections) :


0’00”: Linux OpenSuse install


Install Linux


4’28”: GRUB install out of MBR, on the Linux partition; get a copy of Linux boot sector


Install GRUB outside MBR - 1


Install GRUB outside MBR - 2


6’22”: Windows Vista install


Partitioning


Install Windows Vista - choose partition


Install Windows Vista


10’54”: add an entry for Linux/GRUB in Windows Vista Boot Manager, using bcdedit tool


bcdedit


13’11”: boot test with Linux BEFORE enabling BitLocker; NTFS partitions mount


NTFS partition view from Linux BEFORE BitLocker is enabled


15’09”: enable TPM in BIOS


TPM enablement in Dell D820 BIOS


15’32”: BitLocker enablement with TPM from Windows Vista


BitLocker enabling


Save recovery password - BitLocker with TPM


Turn on BitLocker after system check


BitLocker system check OK


BitLocker encryption


22’38”: boot test with Linux AFTER Bitlocker was enabled using a TPM; NTFS partitions mount fails


Partition encrypted by BitLocker not mountable by Linux


24’18”: boot test with Windows VistaAFTER BitLocker was enabled using a TPM; visualize partition with DiskScape tool


Low level view of partition encrypted by BitLocker, with DiskScape


encrypted partition with BitLocker seen in clear through BitLocker filter driver


25’23”: add entry for Boot Manager in GRUB


26’32”: secure startup test launching machine through Boot Manager then GRUB then Boot Manager


Secure startup with BitLocker - modified boot chain


Secure startup with BitLocker - modified boot chain, USB key requested


Secure startup with BitLocker - modified boot chain, recovery password entry


27’20”: secure startup test using a bootable DVD in startup chain

Comments (1)

  1. Anonymous says:

    Mon collègue Cyril Voisin vient de publier un webcast sur la configuration d’un dual boot Linux