Linux + Windows dualboot, both encrypted

Hi guys, i have an old atom n455 1gb ram 250gb hdd netbook, i currently installed Windows 7 Home Premium 32bit on it and need advice on how to encrypt that system and install encrypted antergos to dualboot them.
i installed w7 in bios mode and have veracrypt on it, didn't encrypt the partition yet, i currently am about to install antergos and use it's built-in encryption, my question is what to use as a boot manager? i'd like to choose which os to boot and then decrypt that os but veracrypt wants me to use it's bootloader that will require me to first, decrypt bootloader then boot into linux and decrypt second time, i don't want to decrypt two times since i use strong keys and it would take twice as long, not to mention needlesly decrypting windows in the process.
What should i do?

My plan was to:
1. install windows
2. install arch
3. encrypt windows
4. set up grub to boot first and only trigger veracrypt bootloader once win 7 is selected
but that doesn't seem possible from what i read vcbl installs in mbr and it's only possible to use it as main bl
i'm also familiar with diskcryptor if that would be a better choice but it's only avalibel for windows so i would be unable to mount windows partition under linux

Here's how i planned to partition the drive, i'd like someone to look over this too becouse i'm not sure if i'm doing it correctly:
1. unencrypted primary linux /boot partition
2. encrypted extended linux partition
in that extended partition i'd like make two unencrypted ones, i assume that encrypting extended partition will also encrypt logical partitions inside
a. logical swap partition
b. logical / partition
3. encrypted primary windows partition
i alredy made this one, leaving enough space before it for antergos partitions
4. encrypted primary ntfs storage partition to be mounted under windows or linux

as long as they don't share the same drive then you can install multiple bootloaders across different drives using MBR. If you were using UEFI then you wouldn't have this problem.

it's a netbook from 2010, it doesn't support uefi and it only has one drive.

Ok. I found this guide that i plan to roughly follow:
https://techblog.mastbroek.com/all-articles/dualboot-encrypted-windows-and-ubuntu/6/
but with antergos and veracrypt instead of ubuntu and truecrypt so what i think i will have to do is:

  1. install windows
  2. encrypt boot drive
    so far so good, i installed windows and i'm about to start encrypting it
  3. install antergos with built-in encryption and with grub on /boot instead of in mbr
    there is a slight problem with this one, i installed antergos before and there doesn't seem to be a choice of where grub is installed
  4. repair veracrypt bootloader in mbr and drive header if needed
  5. repair grub if needed

Can someone help me throu steps 3-5? I'm not sure what exactly should i do after encrypting windows.
I'm fairly confident with setting up partitions and encryption in antergos but after that, i have no idea how to get those two encrypted systems working together.
Please help.

I would not reccomend using arch based distro. From their news

Due to the decreasing popularity of i686 among the developers and the community, we have decided to phase out the support of this architecture.
The decision means that February ISO will be the last that allows to install 32 bit Arch Linux. The next 9 months are deprecation period, during which i686 will be still receiving upgraded packages. Starting from November 2017, packaging and repository tools will no longer require that from maintainers, effectively making i686 unsupported.

So if you plan to actually keep the system for use then you won't be getting updates after this year.

Thanks for that information, I will consider switching to something else on that computer when the time comes.

But for now I would like to know how to do what I want, a dualbooting encrypted system, can somebody here help me with this?

I wish I could help you.

Best of luck!

Thanks, I've been trying to get help with this system for a day now, nobody can help me, not only here but on two diferent forums i also tried getting help, i will just try to do this on my own.

You said if i had uefi and two drives this would be easier, could you (or anyone else) help me set this up on a newer laptop with uefi and two drives? I have a Lenovo Y580 that i want to do basicly the same thing on, it has a small msata ssd that i would like to put linux on and a 1tb harddrive i'd like to use for windows and storage.
I'd like to use kubuntu or mint kde on that one tho.

the thing about UEFI is its much easier to have multiple operating systems on the same disk. MBR is deprecated and difficult to work with in these scenarios.

Basically you would install windows as normal on the HDD (set up encryption), then linux as normal on the SSD (set up encryption), and then you would set up GRUB in UEFI mode and create entries for linux and windows.

GRUB => Windows bootloader => windows || GRUB => linux, each which its own encryption scheme. The only thing is that if you use LUKS, there will be an issue with supporting the TRIM function for SSD's. Link to that thread here.

I believe that Ubuntu and *buntu distros automagically add the windows entry in grub during installation, provided that windows in set up prior to installing linux. Just be sure that you don't install them on the same disk if you want them on separate drives.

If you are trying to set them up on the same drive then instead you will need to install linux first and partition off a NTFS filesystem for where you will install windows, and let windows handle its own encryption, and linux its own encryption.

The only issue is this may not work depending on which edition of windows you use. Windows 7 like to set itself up the old way but it does have support for UEFI, you just have to install it via UEFI. Now let me save you a lot time if you are going the windows 7 route. Don't install it via USB. Use a disk (which you can boot to from UEFI to do the install). Trust me, Win7 has freaky shit not work when you try to install it from usb in UEFI mode.

Now if you are tying to do a newer version of windows then you will first have to boot to a live CD, do the same as before, install windows first this time, then check back and make sure it didn't overwrite where you will install linux, then install linux. If you install linux first you run the risk of windows 8 or 10 wiping it during its installation. From experience this is what I do because every time I've tried to install windows I always do it first, or physically separate all my other drives from the motherboard when I install windows because for some reason it likes to fuck with everything.

This is just the information I've garnered after many years of frustration and failed attempts. Hope it helps.

1 Like

Your first issue in your plan is antergis. One it always breaks, two there is no 32 bit version. Also since your atom is based on the pentium M I would look into finding a 2 gig ram stuck before even doing anything else. On top of that you can't really encrypt windows. You can have a folder with all your shit in it and encrypt that, or if you have 8.1 you can use ReFS and that has encryption options, or a separate partition from boot to encrypt, but you can't encrypt the base system as far as I know.

Next, if you really want arch then get manjaro. It will run ok if you get the xfce version. What I would do though is find a super lightweight distro or build arch or gentoo from scratch so I only have what I need. Then I would probably use AwesomeWM or xfce so that the interface is snappy. And if you are intending for this to daily for some reason separate your /home and your root, use xfs, give your root 20-25 gigs and your /home whatever is left.

Good luck I guess.

there are third party applications to encrypt the drive in windows, as well as bitlocker.

I hate bitlocker with a passion.