Hidden OS encryption software for Linux

[M4rc9]

Hello all, and thank you in advance for any replies.

I'm looking for a full system encryption solution that implements the hidden OS feature and supports Linux. Trucrypt has this feature, but only for Windows. I've compared the applications listed in the encrypted software wikipedia page as well as many hours spent on google, but either I'm missing something or this doesn't exist.

Thoughts? Guidance? Suggestions?

Thank you!

[atreyu]

Trucrypt has this feature, but only for Windows.

Are you sure? I just ran TrueCrypt 7.1 on my Fedora 16 box and if I select Create a volume within a partition/drive, the Hidden Truecrypt volume option is there. I didn't actually try to do it though.

[M4rc9]

Are you sure? I just ran TrueCrypt 7.1 on my Fedora 16 box and if I select Create a volume within a partition/drive, the Hidden Truecrypt volume option is there. I didn't actually try to do it though.

Trucypt is supported on Linux, but only for encrypted containers. Trucrypt cannot encrypt an entire Linux system and utilize pre-boot authentication.

.truecrypt.org/docs/sys-encryption-supported-os

Trucypt is exactly the type of solution I'm looking for, there just doesn't seem to be a comparable linux version.....

[jayd512]

Are you asking how to encrypt the data partitions?
Or the entire OS, including your /boot partition?

[M4rc9]

Are you asking how to encrypt the data partitions?
Or the entire OS, including your /boot partition?

Yes, I am looking for complete system encryption. But a bit more than that. In addition to complete system encryption requiring pre-boot authentication, I'm looking for an encryption software that provides a hidden OS feature, as TruCrypt does. To paraphrase, a complete system is encrypted, but then another, hidden OS is embedded within an encrypted outer shell. This allows for a decoy OS, providing plausible deniability. Each OS, the decoy and the hidden, can be accessed by entering a different pre-boot password. Probably not the best wording, but the TruCrypt site describes pretty clearly if needed.

Thank you!

[jayd512]

Fair enough.
I've got no first-hand experience doing such a thing. But I figured I could get some clarification on the issue to help those who might be better equipped to assist.
Best of luck on it!

[Rubberman]

Well, my Win7 system at work uses BitLocker. I don't know if it works with Linux, although we can install Linux systems on our laptops/workstations. I'll have to check if there are full-disc encryption tools that work like BitLocker in such a situation - we have a customized RHEL distribution for such purposes. I'll try to respond to this next week.

[Rubberman]

Well, as far as I can tell, BitLocker doesn't provide a pseudo OS/shell like you can get with TruCrypt. It only supports one startup key, but if you go into the BIOS and change something, it will require the recovery key (a 32 digit number) which you can claim not to know/remember! Of course, this is MS Windows software, so it doesn't support other operating systems.

So, some Google digging gave me some useful links, indicating that what you are looking for may be possible with current versions of the Grub2 bootloader.

XercesTech

This link tells you how to do it. Once done, only the MBR is unencrypted.