Saturday, December 5, 2009

Running Windows 7 as a Truecrypt Hidden Operating System

My favorite whole drive encryption system, hands down, is Truecrypt. One of the interesting features is the notion of plausible deniability. One of the ways this deniability may be accomplished in through a hidden operating system. I don’t really need the deniability features, but I have found that the hidden operating system is useful in allowing me to keep Windows XP on my laptop, but being able to seamlessly boot into Windows 7 (I have also set up Windows 2008 Server in the same way).

I have a 160GB hard drive, which I divided into a 40 GB partition and another 120 GB partition. I have XP installed on the 40GB partition, which is my C: drive. I have another D: drive where I keep data. That’s the 120GB partition. It is important to have a similarly partitioned hard drive. It is also vital that the 120GB partition have enough space to hold all of C:, i.e., 40GB. Do a full sector level backup on the drive. I use Knoppix, then use the dd command to copy the entire /dev/sda drive to a file on a USB hard drive. You should be able to access the individual files on D:. Use ntbackup to run a backup from within Windows XP on the D: drive. Once you have all this done, you can install Windows 7 from scratch, reformatting all the partitions, but only installing on the 40GB one. Leave the 120GB partition empty.

After installing Windows 7, run Truecrypt, pull down on the system menu and select “Create Hidden Operating System . . .” Follow the prompts to create it as normal. After you delete the original partition (the last step in Truecrypt’s hidden OS creation sequence), you should then restore the boot sectors and the first partition from your backup. If you used dd, this just means booting into Knoppix and running something like:

dd if=/path/to/backup/file of=/dev/sda bs=512 count=<number of the last sector of the /dev/sda1 partition, which you can determine by running fdisk –l –u /dev/sda>

This will write over the hard drive up to the point where our outer volume which holds the hidden partition starts. When you reboot, you will boot back into your old Windows XP. It will probably freak out about not being able to get to D. Just install Truecrypt, then mount the outer volume using the outer volume password. You can then restore your backup into that volume.

Finally, encrypt the XP system. This will install the Truecrypt boot loader, where you will be able to provide either the XP decryption password or the Windows 7 decryption password in order to choose which operating system you wish to run.

This allows me to run two versions of Windows with no fear whatsoever that they will interfere with one another. Also, it gets me into the habit of performing disaster recovery backups on my laptop.

No comments: