PDA

View Full Version : Encrypt Your Dual Boot Fedora and Windows (DVD and netinstall installations)



Cylinder57
26th September 2013, 11:35 PM
Hello everyone,

This is part 1 of a different version of "Encrypt Your Dual Boot Fedora and Windows." It's for DVD and netinstall installations.

Notes:
- This guide assumes that you're starting off only with an unencrypted Windows operating system.
- This guide also assumes that Fedora and Windows are on the same drive.
- You'll need an USB drive.
- This guide uses Diskcryptor.
- This post is for DVD and netinstall installations.
- This post will also cover verifying Diskcryptor.
- If you want to verify the Fedora iso, please click on the following link and read that guide:
http://www.forums.fedoraforum.org/showthread.php?t=294058

Please follow the guide at http://www.forums.fedoraforum.org/showthread.php?t=293691 (the original guide,) unless the instructions say otherwise.

1. Please follow steps 1-4 of the original guide. However:

On step 4 of the original guide, if you're downloading the DVD or netinstall iso, see https://fedoraproject.org/en/get-fedora-options#formats .)

Steps 2 and 3 of this guide will explain how to verify the downloaded Diskcryptor file in different ways.

2. Between step 2 and 3 of the original guide, if you want to verify the downloaded Diskcryptor file through pgp signatures:

- Download the pgp signature of that downloaded file. See the following picture below if you need any help:
25472

- Download and install Gpg4win. (See http://gpg4win.org/download.html .)
- In a command prompt, attempt to verify Diskcryptor by typing:

"C:\Program Files\GNU\GnuPG\gpg2.exe" --verify "C:\Documents and Settings\User\My Documents\Downloads\dcrypt_setup.exe.asc" "C:\Documents and Settings\User\My Documents\Downloads\dcrypt_setup.exe"

“C:\Documents and Settings\User\My Documents\Downloads\dcrypt_setup.exe.asc” and “C:\Documents and Settings\User\My Documents\Downloads\dcrypt_setup.exe” can be replaced with
whatever path dcrypt_setup.exe.asc and dcrypt_setup.exe are in.

- You'll likely receive output that says something like:

gpg: Signature made (Replace date and time here) using RSA key ID B3CDF308
gpg: Can't check signature: public key not found

Notice the key ID listed in the first line, which in this example is B3CDF308.

- Download the public key from the pgp keyserver:

"C:\Program Files\GNU\GnuPG\gpg2.exe" --keyserver subkeys.pgp.net --recv-keys B3CDF308

If your key ID listed is not B3CDF308, please change it.

- This time, verify the downloaded Diskcryptor file again:

"C:\Program Files\GNU\GnuPG\gpg2.exe" --verify "C:\Documents and Settings\User\My Documents\Downloads\dcrypt_setup.exe.asc" "C:\Documents and Settings\User\My Documents\Downloads\dcrypt_setup.exe"

Again, if necessary, replace the paths dcrypt_setup.exe.asc and dcrypt_setup.exe are in.

- You should see something like “gpg: Good signature” somewhere in the output.

3. Between step 2 and 3 of the original guide, if you want to verify the downloaded Diskcryptor file through the SHA-1 and/or MD5 checksum:

- Download checksum tools (e.g. md5sum, sha1sum, etc.) at: www.nfllab.com/sums/sums.zip
- To check the Diskcryptor file's checksum, in a command prompt, type something like:

“C:\Documents and Settings\User\My Documents\Downloads\sums\sha1sum.exe” “C:\Documents and Settings\User\My Documents\Downloads\dcrypt_setup.exe”

“C:\Documents and Settings\User\My Documents\Downloads\sums\sha1sum.exe” and “C:\Documents and Settings\User\My Documents\Downloads\dcrypt_setup.exe” can be replaced with whatever path sha1sum.exe and dcrypt_setup.exe are in. Note that sha1sum.exe can be replaced with md5sum.exe.

- Compare the output of the command prompt (the checksum value of the .exe file) to the checksum value listed at: http://diskcryptor.net/wiki/Downloads/en . See the following picture if you need any help:
25473

5. Just like step 5 of the original guide, backup the MBR to a USB drive. However, for this guide, the method for doing so will be different.
If you restarted your computer and are now booting from a DVD or netinstall CD:
- Select “Troubleshooting” by pressing down once. Then press enter.
- Select “Rescue a Fedora system” by pressing down once. Then press enter.
- You should get into this screen:
25474

- Select “Skip.” To do so, press Tab 3 times. Then press enter.
- Just make sure “Shell” has been selected by default. Then, to select “Ok,” press Tab once and then press enter.
- You should be at a bash shell that looks like this:
25475

- Mount your usb drive. To do so, type:
[code] mkdir /mnt/1
blkid -o list -c /dev/null # Check your USB's UUID
mount -U (Whatever UUID your USB is) /mnt/1


The following picture should better explain what you should be doing:
25471

- To back up the MBR to a USB drive, type:

dd if=/dev/sda of=/mnt/1/dc.mbr count=1 bs=512

- Unmount your usb drive by typing “umount /mnt/1” (without the quotes.)
- Reboot Fedora by typing “reboot” (again, without the quotes)

EDIT: Part 2 of this guide will be finished in another post on this thread.

Sincerely,

Cylinder57

Cylinder57
27th September 2013, 12:35 AM
Hello everyone,

This is part 2 of a different version of "Encrypt Your Dual Boot Fedora and Windows." It's for DVD and netinstall installations.

The only reason why this guide is in two parts is because I can't insert more than 5 pictures in one post. If I can insert more than 5 pictures in one post, then I wouldn't need two threads posts for 1 guide.

Notes:
- This guide assumes that you're starting off only with an unencrypted Windows operating system.
- This guide also assumes that Fedora and Windows are on the same drive.
- You'll need an USB drive.
- This guide uses Diskcryptor.
- This post is for DVD and netinstall installations.
- I mentioned how to verify Diskcryptor in part 1 of this thread.
- If you want to verify the Fedora iso, please click on the following link and read that guide:
http://www.forums.fedoraforum.org/sh...d.php?t=294058

Please follow the guide at http://www.forums.fedoraforum.org/sh...d.php?t=293691 (the original guide,) unless the instructions say otherwise.

6. Follow step 6 to 11 in the original guide.

Note that at the original guide's step 6, since you're using a DVD or netinstall iso, you should see something along the lines of this:
25476

7. If you installed Fedora with a desktop environment (e.g. KDE, GNOME, Xfce, LXDE,) just follow step 12 of the original guide. On the other hand, if you just did a minimal install, then:

After you finished your installation and booted to your Fedora computer, you should see a shell login screen.

This step will be about backing up the MBR.

Login as root. To do so:
- Type “root” on the shell.
- Type your password.

You'll need to mount the USB drive again. To do so, type:

mkdir /mnt/1
blkid -o list -c /dev/null # Check your USB's UUID
mount -U (Whatever UUID your USB is) /mnt/1


Just like step 12 of the original guide, copy the MBR file (which is in the USB Drive) to the boot partition (/boot)

cp /run/media/USER/USBDRIVE/dc.mbr /boot/dc.mbr

Again, USBDRIVE can be replaced with whatever name your USB drive is. Also, USER can be replaced with whatever your username is.

8. Follow step 13 to 15 of the original guide.

You should now be able to dual-boot an encrypted Fedora and an encrypted Windows system.

Sincerely,

Cylinder57

Gareth Jones
29th September 2013, 03:45 PM
Hi Cylinder57. Thanks for the guides, I’m sure they will be appreciated. Please keep multi-part guides in a single thread though, even if they are in multiple posts. It makes things easier for users to follow. Threads merged.