Booting with syslinux bootloader and encryption involved

#1
Hi,

I have been using EasyBCD successfully with grub legacy for some time. Due some changes on Arch Linux, I decided to move from grub to syslinux. This is a work computer running Win 7, and I have the following setup:

/dev/sda1: Win 7, NTFS, encrypted with Safeboot, now McAfee Endpoint Encryption (so I have no access to this partition outside of Windows)
/dev/sda2: /boot partition for Arch x86_64
/dev/sda3 / for Arch x86_64, encrypted with dm-crypt/LUKS
/dev/sda4 TrueCrypt partition for sharing between Arch/Win 7, NTFS

I installed syslinux per the Arch Wiki manual installation instructions. In other words:

Code:
# cryptsetup luksOpen /dev/sda3 root
# mount /dev/mapper/root /mnt

# mount -t proc /proc /mnt/proc
# mount -t sysfs /sys /mnt/sys
# mount -o bind /dev /mnt/dev
# mount /dev/sda2 /mnt/boot

# chroot /mnt /bin/bash

###chroot# mkdir /boot syslinux
###chroot# extlinux --install /boot/syslinux
###chroot# umount /dev/sda2
###chroot# dd if=/usr/lib/syslinux/mbr.bin bs=440 count=1 of=/dev/sda2
###chroot# exit

# umount /mnt/dev
# umount /mnt/sys
# umount /mnt/proc

# reboot
I also added a /boot/syslinux/syslinux.cfg file:

Code:
PROMPT 1
TIMEOUT 50
DEFAULT arch

LABEL arch
  LINUX ../vmlinuz-linux
  APPEND root=/dev/mapper/root cryptdevice=/dev/sda3:root ro
  INITRD ../initframfs-linux.img
I added a syslinux entry to EasyBCD, pointing it to the second partition to boot. I rebooted and chose the linux option and just got a black screen with flashing text cursor.

I re-tried with the following, wondering if syslinux was relying on the /dev/sda MBR since I didn't use altmbr.bin (the Arch Wiki makes it sound like syslinux might rely on the device MBR if the partition to boot was not explicitly specified.

Thus, I retried with altmbr.bin:

Code:
# print '\x2' | cat /usr/lib/syslinux/altmbr.bin - | dd bs=440 count=1 iflag=fullblock conv=notrunc of=/dev/sda2
This didn't work either. Then I googled around a bit and found a syslinux article on using EasyBCD. Now, since I can't mount my Windows partition in Linux, I manually made a copy of the /dev/sda2 MBR I installed above, rebooted, and then copied the file once running Windows. I used the command:

Code:
# dd if=/dev/sda2 bs=512 count=1 /path/to/syslinux.mbf
I opened EasyBCD and noted the file it pointed to for my Arch entry. I then moved my MBR dd copy to replace the EasyBCD file pointing to my syslinux bootloader (looked to be a UUID of some sort, like linux_{bunch-of-alpha-num-chars}.mbr). When I boot, however, I just get a black screen with a flashing text cursor.

Does anything above look suspicious?
- Should I have stuck with mbr.bin instead of altmbr.bin
- I find the copying of 440 bytes to install syslinux and then dd'ing 512 bytes to use for EasyBCD odd. Is there any issue with that?
- ETA: another thing that occurred to me -- is doing `dd if=/dev/sda2 bs=512 count=1 of=/path/to/file.img` to a flash drive and then copying/renaming the file to replace what EasyBCD is pointing to any different than being able to directly do `dd if=/dev/sda2 bs=512 count=1 of=/path/to/windows/mount/NST/linux-mbr-name.img? If copying is messing with the attributes or exact file contents, could that be my issue? If so, how do I fix that given that I can't mount Windows? I could perhaps run a live CD inside of a virtual environment and dd the file into Windows?

I realize this may get into the syslinux area more than EasyBCD's, but 1) there were some other posts about this (precedent), but the solution (which is what I did above) isnt' working for me and 2) there's only one post in the syslinux archives discussing EasyBCD. It ends with a poster saying that "it should work" but not knowing why and then the thread died.


Thanks for any suggestions on where to start troubleshooting.

John
 
Last edited:

mqudsi

Mostly Harmless
Staff member
#2
Some things to note: the MBR is only for the disk node (i.e. /dev/sda and not /dev/sdaX). The partitions have a bootsector. 446 bytes is the disk's MBR minus the disk's partition listing. The bootsector of a partition may or may not be 512 bytes, it may or may not be contiguous, it may or may not reside at the start of the partition.

EasyBCD already does the "dump the bootesctor and pray for the best" approach when creating syslinux entries.

I would suggest using NeoGrub to chainload the bootsector directly, in particular with the map syntax: Grub4dos Guide - Map Command
 
#3
Some things to note: the MBR is only for the disk node (i.e. /dev/sda and not /dev/sdaX). The partitions have a bootsector. 446 bytes is the disk's MBR minus the disk's partition listing. The bootsector of a partition may or may not be 512 bytes, it may or may not be contiguous, it may or may not reside at the start of the partition.
Thanks for that and good to know! Does this mean that doing something like `dd if=/usr/lib/syslinux/mbr.bin bs=440 count=1 of=/dev/sda2` is not possible? Or just that the terminology is different. I'm not sure where syslinux gets it's contents of mbr.bin... if it's based on the actual MBR, it won't work since it's encrypted. If it's just installing itself there to load the system, that should be fine.

EasyBCD already does the "dump the bootesctor and pray for the best" approach when creating syslinux entries.
Have you had anyone else do this not-from-the-device, but from a partition?

I would suggest using NeoGrub to chainload the bootsector directly, in particular with the map syntax: Grub4dos Guide - Map Command
I could try this, though I'm a bit nervous about using it as it looks like if I goof that entry, I might not be able to load anything. I'd rather I could add a NeoGrub entry for linux only, and have Windows just keep doing what it's doing for the Win7 option. I don't know how `find --set-root /NTLDR` will work for me, as I'm not sure what's currently going on. Is there a way to see (and possibly change) the current settings I see in "View Settings"? As in, are those stored in a text file somewhere?

I may just go with Grub2, as grub legacy was working fine for me. Another option would be to just re-enable grub. I still have the backed up nst_linux.mbr file, and that was working even after I moved all the grub files from my /boot partition, so EasyBCD's copy was working. I could manually boot using that as well. I thought grub legacy relied on things in the filesystem, and since I uninstalled the package, I was convinced I was borked.

Now I know that grub doesn't actually need anything to function properly in the filesystem, so I may just be able to use what I had.

Thanks for the response. Seems that individuals don't do this often. I'm still confused about why following the other approaches for syslinux/EasyBCD aren't working for me, unless it's that I used /dev/sda2 to write the syslinux mbr.bin to vs. /dev/sda and that's not possible?


John
 

Terry60

Knows where his towel is.
Staff member
#4
"........... "View Settings"? ....... are those stored in a text file somewhere?......"
That's the whole point of EasyBCD. The boot information stopped being a text file with NTLDR's boot.in.
Since Vista, it's all been in an unintelligible BCD Data Base.
 
#5
@Terry: Sorry -- I was ambiguous. That's not what I meant. I had some doubts about the moving/over-writing EasyBCD's bootload file with my dd'd copy of the syslinux bootloader. I wondered if I could manually change the file name if I needed to. So "text file" as in edit manually what I'm seeing in "View Settings," which obviously is text-based somewhere.

----------

Got it working. I was being silly and thinking I needed to install the syslinux bootloader (mbr.bin or altmbr.bin) somewhere and trying to install to /dev/sda2. Turns out, all that's required is the `extlinux --install /path/to/mounted/dev/sda2` step, nothing else. Thanks for responding and assisting. Glad to have this fantastic program so I can dual boot, and even more glad I've go the system all squared away again!

If this comes up again, I did post on the Arch linux forums where I got some good help from the syslinux end (I wasn't sure if this was an EasyBCD or my issue on the syslinux side to begin with). Turns out it was me and nothing to do with EasyBCD.