Bitlocker and Grub2?

bec_it

Member
I just want to follow up incase anyone else ever has a problem with this. What Mahmoud suggested above worked perfectly! Thanks so much for sticking with me and getting this working!

On windows 7 by default during setup it creates a 100mb unencrypted partition incase you want to use bitlocker in the future. (As bitlocker requires this partition to function). The bitlocker files only use about 35 megs or so, so it leave plenty of room to put these files there. In order to see the drive though you much assign it a drive letter first. Here are the steps to get Ubuntu 9.10 working with bitlocker:


  1. Use EasyBCD to create a entry for linux. Use Grub2 for the type.
  2. Launch Computer Management: Start -> Right-click My Computer -> Manage
  3. Once that opens click Disk Management on the left.
  4. In the list at the top Right-Click on System Reserved and choose Change Drive Letter and Paths
  5. Click Add.
  6. Pick any available drive letter from the list. I'll use R for this example.
  7. Now copy the folder NST and the file ANG0 from your C Drive to the new drive you just picked (R in my example)
  8. Now go back to EasyBCD and click Change Settings and Under Entry-Based Setting change to the new OS you created. Select the drive you picked earlier (R in my example) and Save Settings.
  9. (Optional Step) If you would like to rehide R from My Computer list go back to Computer Management -> Disk Management -> System Reserved -> Change Drive Letter and Path -> Remove R drive from the list (This just hides the drive, it does not delete any data)
  10. Reboot and test to see if works! It did for me!
Thanks again for your help!

Hi to all, my laptop has the following partitions:
- Windows 7 64bit ( C: )
- data (NTFS) ( D: )
- Linux (Ubuntu) boot (GRUB2)
- Linux root
- Linux swap
This dual boot configuration worked well with Windows bootloader and EasyBCD, until I encrypted te C: Windows 7 partition with Bitlocker. After that change I get now the "try(hd0,0): NTFS" prompt when choosing the Ubuntu entry at boot.
What is strange in my configuration is that neither before Bitlocker installed, nor now I have the mentioned 100 MB partition. I used severel partition manager (Acronis, Gparted, ...) but non og these has found any 100 MB partition.
I've tried to put the NST dir and the ANG0 file either on C: or on D: but it didn't work. When choosing this location in EasyBCD also a "root" item is present in the drop down menu: what is it ?
Many thanks in advance for any help.
 

bec_it

Member
From W7 Disk Management, which partition is flagged "active", and which "system" ?

Hi Terry, thanks a lot for your interest !
Included you can find the partitions screenshot (do not consider H: it's a memory card):
- the first one is the Ubuntu boot partition
- the second is Ubuntu root
- the third is Ubuntu swap

Beppe


partitions.jpg
 

Terry60

Telephone Sanitizer (2nd Class)
Staff member
OK.
W7 put its boot files on D instead of creating a dedicated boot partition, presumably because you had D set "active" when you installed W7. (or have you used EasyBCD "Change boot drive" prior to encrypting the OS ?)
That's what you want to use in lieu of "System Reserved" if you're following instructions in this thread.
 

bec_it

Member
OK.
W7 put its boot files on D instead of creating a dedicated boot partition, presumably because you had D set "active" when you installed W7. (or have you used EasyBCD "Change boot drive" prior to encrypting the OS ?).

I don't remember to have set "Change boot drive" with EasyBCD.
My laptop has been installed with a company-wide image, so I don't know if (and why) D has been set active during the image build. Anyway I agree that it's a little bit strange configuration: wouldn't be better to have "system" and "active" on C ?

That's what you want to use in lieu of "System Reserved" if you're following instructions in this thread.

Since, as from company policy, we must encrypt partitions (with Bitlocker only, if Windows of course) and, since I use both Windows and Ubuntu, I thought to encrypt C only, with Bitlocker and D (data) and Ubuntu with Truecrypt. In this way I could access the D partition from both the OSes.
But I think that with the configuration I currently have on my laptop I can not encrypt D with Truecrypt because it contains boot related data. Am I wrong ?
What if I remove Bitlocker, create a 100 MB additional partition, then set it as "system reserved", set C as "system" and "active", then I re-encrypt C with Bitlocker ?
Many thanks in advance.
 

Terry60

Telephone Sanitizer (2nd Class)
Staff member
If you create a boot partition ("System Reserved" is just the name MS put in the label field when they format the partition. It doesn't convey any status. You could equally well call it "My Boot", "Start Here", "Abracadabra" or anything else you like)
What gives it status is the presence of the boot files. If you put the put the boot files in C, you can't encrypt C and the "System Reserved" partition would just be a meaningless empty space.
If you create "System Reserved" (under any name you like), give it a letter, then use
Changing the Boot Partition - EasyBCD - NeoSmart Technologies Wiki
to copy the boot files into it
It will become "system" and "active" (those are the Disk Management flags which convey the status)

Disk Management flags have the following meanings

"boot" = "this is the system you're running"
"system" = "this is where I found the boot files for the currently running system"
"active" (on the first HDD in the BIOS boot sequence) = "this is where I started the search for the boot files"
"active" (on subsequent HDDs in the BIOS boot sequence) ="this is where I will look if I don't find something in the MBR on the first HDD"

You shouldn't need to un/re-encrypt C.
 

bec_it

Member
If you create a boot partition ("System Reserved" is just the name MS put in the label field when they format the partition. It doesn't convey any status. You could equally well call it "My Boot", "Start Here", "Abracadabra" or anything else you like)
What gives it status is the presence of the boot files. If you put the put the boot files in C, you can't encrypt C and the "System Reserved" partition would just be a meaningless empty space.
If you create "System Reserved" (under any name you like), give it a letter, then use
Changing the Boot Partition - EasyBCD - NeoSmart Technologies Wiki
to copy the boot files into it
It will become "system" and "active" (those are the Disk Management flags which convey the status)

Disk Management flags have the following meanings

"boot" = "this is the system you're running"
"system" = "this is where I found the boot files for the currently running system"
"active" (on the first HDD in the BIOS boot sequence) = "this is where I started the search for the boot files"
"active" (on subsequent HDDs in the BIOS boot sequence) ="this is where I will look if I don't find something in the MBR on the first HDD"

You shouldn't need to un/re-encrypt C.

Terry, still many thanks for your kind availability.
I remembered that some time before moving to encryption I did a P2V (physical to virtual) of my laptop, so I've found and started the virtualized copy. Well, before encryption, boot, system and active flags were all on C. So I should say that Bitlocker moved flags to D :| (according to what you say above).

Yestedrday I deactivated encryption and wituout it I can boot Ubuntu again. What I've seen in this case is that the grub string "try(hd0,0) NTFS5" still appears after choosing the Ubuntu bootloader entry, but it stays there for less than a second and then Ubuntu starts. When encrypted the boot sequence stopped instead to "try(hd0,0) NTFS5" without going on.

As of your last answer it seems that creating a new partition and using EasyBCD to make it the new boot one should solve my issue. In addition, since I've deactivated Bitlocker, a new encryption should use the new boot partiition.
Unfortunately doing in this way all the Ubuntu partitions will increase in sequence; now my Ubuntu boot partition is the third, root the fourth and swap the fifth, they'll shift forward by one unit so probably (I think) I'll have to re-grub Ubuntu: am I right ?
 

Terry60

Telephone Sanitizer (2nd Class)
Staff member
Partition numbers don't depend on the physical position on the HDD but on the sequence in the MBR partition table, so it's hard to predict what the eventual numbers will be if you move things about, but if they do change you will need to do edit the grub.cfg (via etc as described Grub 2 Basics - Ubuntu Forums)
 

pkpdjh

New Member
I truly appreciate this great tool and all the help in this thread!

I feel like I have done everything right as described here to combine GRUB2 and BitLocker, but I am still getting the 'Trying hd(0,0):NTFS5' message when I select the NeoGrub option from the Windows bootloader.

I have four partitions:
- Ubuntu
- Linux Swap
- Windows Boot (Created during attempt to install BitLocker)
- Windows 7

I have assigned S: to the Windows Boot Partition.

Things worked fine until I enabled the BitLocker.

Here is a link to my EasyBCD overview, detailed configuration, contents of my S: drive and disk management screen:

http://www.davehenning.com/neostuff/

Does anything look wrong here?

The first time I tried to follow these instructions, I completely unencrypted my drive and copied Neogrub files to my S: drive before re-encrypting. Now, EasyBCD writes everything directly to my S: drive so I should be able to do this without en-encrypting and re-encrypting, correct?

Thanks,
Dave ...
 

mqudsi

Mostly Harmless
Staff member
Hi Dave,

There's something suspicious about your setup. EasyBCD is showing "EasyBCD Boot Device" and not "Boot Device" which means that it does not think S: is the device the BCD is being loaded from.

Please post the output of EasyBCD | Useful Utils | Power Console
Code:
bootgrabber.exe /tlist /v
 
Top