Tuesday, 8 September 2015

Dual boot Kali + Encrypted Windows

Assumption:
You have a system with Kali 2.0 (encrypted) and a Windows setup that needs to be made encrypted as well. Encrypting Kali is simple enough to google and so is applying Veracypt system wide encryption so .. moving on. The problem comes into play because both Veracrypt and Linux want to make use of the MBR for their boot sequence.. which cant happen since Veracrypt is not able to boot multi-boot Linux.

Solution:
Give use of MBR to Veracrypt with the added capability to boot from a secondary partition for a separate OS (in this case /dev/sda3 which is my /boot).

Encrypt windows partition with Veracrypt and overwrite your linux MBR, boot from a Kali live cd/usb and:
cryptsetup luksOpen /dev/sda4 root
lvscan
(volumes are inactive)
modprobe dm-modvgchange -aylvscan
Now we can proceed with fixing our boot sequence.

mount /dev/mapper/hermes-root /mnt/
mount /dev/mapper/hermes-home /mnt/home
mount /dev/sda3 /mnt/boot
for i in /sys /proc /run /dev ; do mount --bind "$i" "/mnt$i"; done
chroot /mnt
vi /etc/default/grub
add line to show:
GRUB_DISABLE_OS_PROBER=true
save and exit
update-grub
grub-install /dev/sda3
exit
for i in /mnt/home /mnt/boot /mnt/sys /mnt/proc /mnt/run /mnt/dev /mnt ; do umount  $i ; done
reboot

Now you should only have Kali on your Grub2 menu which will only be accessible if you choose NOT to boot with Windows.

Thanks for reading :)