[Bug 484102] Re: Grub2 doesn't chainload truecrypt loader correctly

Chris Evans chrishold at psyctc.org
Sun Jan 12 13:29:42 UTC 2014 

Thanks, that sounds clear.  I gave up on trying to do things that way
and went for a fully LUKS encrypted disc, (well except for a small stub
that acts as the initial bootloader and /boot on /dev/sda1) and I run
Windoze using VirtualBox.  It's not perfect but I think it's pretty
secure, certainly enough for my needs, and seems more solid than the
dual boot.  There's a lot I'd love to see improved both for LUKS
encrypting and the VM. (Windoze is definitely slow in it though I'm not
sure why and that fluctuates, I _THINK_ it's partly down to the Windoze
antiviral I run in there as sometimes there's a dramatic improvement
after that updates itself but it always slumps back to crawl speed.
Fortunately I don't need Windoze for that much so I just live with it.)

Anyway, glad to see someone is still interested in this: thanks.

Chris

----- Original Message -----
> From: "Joseph Harrietha" <484102 at bugs.launchpad.net>
> To: chrishold at psyctc.org
> Sent: Saturday, 11 January, 2014 6:02:21 PM
> Subject: [Bug 484102] Re: Grub2 doesn't chainload truecrypt loader correctly
> 
> About Comment #28
> 
> I can confirm that I get this same error.
> 
> I've done a bit of diagnosing and I have found that its a linker error,
> the -tText field fails to resolve the system memory address. This could
> be due to this laptop having a newer UEFI-supporting BIOS, or due to
> some quirk with where the OS stores its data concerning usable memory.
> 
> Either way, the linker error is why we both get the "No physical memory
> is available at the location required for the windows boot manager. The
> system cannot continue." error.
> 
> The ISO method is imperfect, my main reason being that you cannot, with
> a hex editor, go in and remove all strings that identify the bootloader
> as a rescue CD, which means that this solution is very... very insecure,
> and partially defeats the point of using truecrypt. It also retains the
> encrypted keys in the bootloader image, whereas grub2tc does not.
> (Remember the extracted "volhead").
> 
> Anyone could take your unencrypted tc-rescue disk, run grub2tc on them, get
> your volume header and begin hacking. Sure, it still wouldn't be easy... but
> never underestimate your opponent.
> If you're using TC, you have your reasons.
> 
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/484102
> 
> Title:
>   Grub2 doesn't chainload truecrypt loader correctly
> 
> Status in “grub2” package in Ubuntu:
>   Invalid
> 
> Bug description:
>   Binary package hint: grub2
> 
>   I am working on a dual-boot system with one hard disk.
>   sda1 = /boot
>   sda2 = Windows Vista Ultima encrypted with TrueCrypt System Encryption
>   sda3 = Ubuntu 9.10 encrypted lvm
> 
>   The grub2 entry for windows is created by the file 50_windows in the
>   "/etc/grub.d" directory:
> 
>   #! /bin/sh -e
>   echo "Adding Windows Vista entry" >&2
>    cat << EOF
>   menuentry "Windows Vista" {
>   	set root=(hd0,2)
>   	parttool (hd0,2) boot+
>   	chainloader (hd0,1)/truecrypt.mbr
>   }
>   EOF
> 
>   Choosing this entry in the grub2 menu the Truecrypt loader only shows the
>   following message:
>   "TrueCrypt Boot Loader
>   Load damaged! Use Rescue Disk: Repair > Options > Restore Truecrypt Boot
>   Loader"
>   But this would install the Bootloader into the MBR, where grub2 shall be.
>   The TrueCrypt Loader is in /boot/truecrypt.mbr
>   Booting Ubuntu works without problems.
> 
>   With grub-legacy the chainloading worked.
> 
>   The menu.lst:
>   title		Windows Vista
>   rootnoverify	(hd0,1)
>   savedefault
>   makeactive
>   chainloader	(hd0,0)/truecrypt.mbr
> 
>   My Grub2 version: 1.97~beta4
> 
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/484102/+subscriptions
>

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/484102

Title:
  Grub2 doesn't chainload truecrypt loader correctly

Status in “grub2” package in Ubuntu:
  Invalid

Bug description:
  Binary package hint: grub2

  I am working on a dual-boot system with one hard disk.
  sda1 = /boot
  sda2 = Windows Vista Ultima encrypted with TrueCrypt System Encryption
  sda3 = Ubuntu 9.10 encrypted lvm

  The grub2 entry for windows is created by the file 50_windows in the
  "/etc/grub.d" directory:

  #! /bin/sh -e
  echo "Adding Windows Vista entry" >&2
   cat << EOF
  menuentry "Windows Vista" {
  	set root=(hd0,2)
  	parttool (hd0,2) boot+
  	chainloader (hd0,1)/truecrypt.mbr
  }
  EOF

  Choosing this entry in the grub2 menu the Truecrypt loader only shows the following message: 
  "TrueCrypt Boot Loader
  Load damaged! Use Rescue Disk: Repair > Options > Restore Truecrypt Boot Loader"
  But this would install the Bootloader into the MBR, where grub2 shall be. The TrueCrypt Loader is in /boot/truecrypt.mbr
  Booting Ubuntu works without problems.

  With grub-legacy the chainloading worked.

  The menu.lst:
  title		Windows Vista
  rootnoverify	(hd0,1)
  savedefault
  makeactive
  chainloader	(hd0,0)/truecrypt.mbr

  My Grub2 version: 1.97~beta4

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/484102/+subscriptions

More information about the foundations-bugs mailing list