I regularly consolidate my disk drives to higher capacities as they are available to reduce the complexity managing many controllers, so I’ll often have to wipe the drives before I sell them (trade up). Often they are sold at very little moment’s notice, sanitizing the data might take too long. I learned that if I encrypt my data drives, I don’t really have to do much other than just clearing out the partition before I sell them, and there’s little performance penalty for Bitlocker in modern hardware.
Right now dislocker (Linux version of bitlocker) does not have a GUI to automatically unlock and mount the encrypted drives. Here’s the script that has the form “BL_{drive name}.sh” that will unencrypt the device and mount it and at the same time creating the script in the same folder to unwind (unmount & lock) the drive.
#!/bin/bash
# Extracting partition name from file name (BL_*.sh)
FN_base="$(basename -- $0)"
FN_bare="${FN_base%.*}"
partition=${FN_bare/BL_/}
# TODO: Check with /dev to make sure it's legit
echo $partition
dev_partition="/dev/$partition"
# Unlock the device into a raw image 'file'
path_raw="/media/dislocker/raw_$partition"
sudo mkdir -p $path_raw
file_raw="$path_raw/dislocker-file"
sudo dislocker $dev_partition -u -- $path_raw
# Mount the image file as a disk
path_mount="/media/dislocker/mount_$partition"
sudo mkdir -p $path_mount
sudo mount -o loop $file_raw $path_mount
# Build wind down file
script_unwind="unwind_$partition.sh"
# Leave /media/dislocker there for isolation
echo "#!/bin/bash" > $script_unwind
echo "sudo umount $path_mount">> $script_unwind
echo "sudo rmdir $path_mount" >> $script_unwind
# Note that the website is wrong. umount the path, not the dislocker-file
echo "sudo umount $path_raw" >> $script_unwind
echo "sudo rmdir $path_raw" >> $script_unwind
# Make sure the "$0" is literal including the $ sign or it will
# delete this file instead of the unwind_sd*.sh file
echo "sudo rm -- \"\$0\"" >> $script_unwind
chmod +x $script_unwind
There are reports that newer zuluCrypt can now do bitlocker volumes. Will get back to that later.
I tried to get zuluCrypt on Linux Mint and ran into a few quirks
- They claim zuluCrypt after 5.7.1 and above supports Bitlocker
- Linux Mint 20.1 (Ulyssa)’s package repositories are conservative. It only supports up to zuluCrypt 5.7 when 6.0 is out
- Zulucrypt’s website says you still need dislocker backend for zuluCrypt use Bitlocker
- Nonetheless after these requirements are done, I cannot unlock a Bitlocker drive. The error message says it’s ‘missing a parameter’. What parameter?
- I figured that the Bitlocker malfunction might be solved with 6.0 so I tried to download the .deb files from zulucrypt’s website for 6.0. It’s missing a bunch of dependencies that are NOT SATISFIABLE, including a libqt5 dependency that’s nowhere to be found. I found the .deb file yet there’s a chain of dependencies that also cannot be found
- I tried to get the cryptsetup (LUKS) referred by Zulycrypt’s website but it has its down dependencies problem
- So to install zulycrypt 6.0, I have no easy option other than moving to Ubuntu.
- I chose Mint because Ubuntu’s UI defaults are annoying to Windows users from my previous experiences, the glitches and a lot of missing options in their default GUI programs frustrates me.
- So I wondered if I can install Cinnamon (Mint’s core interface) on Ubuntu so I can get the latest and the greatest packages without waiting for the authority of Linux Mint to implement them.
Turns out there’s already a linux distro that’s uses Cinnamon on Ubuntu by default! It’s called “Ubuntu Cinnamon Remix“! Even better, after I’ve installed it, I realized I don’t have to muck with the dislocker/zulucrypt/cryptsetup/LUKS shit at all! Bitlocker just work right out of the box! When you click on the Bitlocker encrypted volume, it will prompt you for the password and that’s it!
FULL DISK ENCRYPTION IS BUILT IN Ubuntu Cinnamon Remix 20.04!
665 total views, 1 views today