Tuesday, 8 September 2015

Dual boot Kali + Encrypted Windows

You have a system with Kali 2.0 (encrypted) and a Windows setup that needs to be made encrypted as well. Encrypting Kali is simple enough to google and so is applying Veracypt system wide encryption so .. moving on. The problem comes into play because both Veracrypt and Linux want to make use of the MBR for their boot sequence.. which cant happen since Veracrypt is not able to boot multi-boot Linux.

Give use of MBR to Veracrypt with the added capability to boot from a secondary partition for a separate OS (in this case /dev/sda3 which is my /boot).

Encrypt windows partition with Veracrypt and overwrite your linux MBR, boot from a Kali live cd/usb and:
cryptsetup luksOpen /dev/sda4 root
(volumes are inactive)
modprobe dm-modvgchange -aylvscan
Now we can proceed with fixing our boot sequence.

mount /dev/mapper/hermes-root /mnt/
mount /dev/mapper/hermes-home /mnt/home
mount /dev/sda3 /mnt/boot
for i in /sys /proc /run /dev ; do mount --bind "$i" "/mnt$i"; done
chroot /mnt
vi /etc/default/grub
add line to show:
save and exit
grub-install /dev/sda3
for i in /mnt/home /mnt/boot /mnt/sys /mnt/proc /mnt/run /mnt/dev /mnt ; do umount  $i ; done

Now you should only have Kali on your Grub2 menu which will only be accessible if you choose NOT to boot with Windows.

Thanks for reading :)