0

How do I switch the order of GRUB to before VeraCrypt on a BIOS system, such that Ubuntu is accessible again with full disc encryption?

The following was executed:

  1. Installed Windows 10 Pro N on a single disk
  2. Installed dual boot Ubuntu 20.04 on the same disk, which installs GRUB bootloader
  3. Installed VeraCrypt on Windows and performed complete system disk encryption
    • Full disk encryption installs the VeraCrypt bootloader, which is placed in front of the GRUB bootloader on the Master Boot Record (MBR), meaning the GRUB bootloader towards Ubuntu is not available anymore/skipped. In the VeraCrypt bootloader one can either:
      • Press ESC, which does not turn towards GRUB, indicating the Windows 10 install is corrupted since it's encrypted
      • Enter password correctly, which directly skips the GRUB bootloader, successfully loading Windows 10 and resulting in Ubuntu 20.04 not being accessible/bootable anymore because the GRUB bootloader is skipped

  4. Tried switching the bootloader so the GRUB loader was above Veracrpyt with bcdedit: 
    BcdEdit /enum

  Windows Boot Manager
  --------------------
  identifier              {bootmgr}
  device                  partition=\Device\HarddiskVolume1
  description             Windows Boot Manager
  locale                  en-US
  inherit                 {globalsettings}
  default                 {current}
  resumeobject            {f1c50cdb-e01f-11ea-8662-d17332f8934a}
  displayorder            {current}
  toolsdisplayorder       {memdiag}
  timeout                 30

  Windows Boot Loader
  -------------------
  identifier              {current}
  device                  partition=C:
  path                    \Windows\system32\winload.exe
  description             Windows 10
  locale                  en-US
  inherit                 {bootloadersettings}
  recoverysequence        {f1c50cdd-e01f-11ea-8662-d17332f8934a}
  displaymessageoverride  Recovery
  recoveryenabled         Yes
  allowedinmemorysettings 0x15000075
  osdevice                partition=C:
  systemroot              \Windows
  resumeobject            {f1c50cdb-e01f-11ea-8662-d17332f8934a}
  nx                      OptIn
  bootmenupolicy          Standard
    • I have not yet identified whether the GRUB bootloader is in here, as I think current is the VeraCrypt bootloader that points towards the Windows bootloader with 
      resumeobject {f1c50cdb-e01f-11ea-8662-d17332f8934a}
      I would think that if I can find the object ID of the GRUB boot loader, I could refer to that from resumeobject, or create a new GRUB boot loader entry to add in front of current, but have not yet determined how to use bcdedit to create a new entry, moving the GRUB boot loader to the front.
Improve this question
5
  • 1
    Your statement "EasyUEFI does not work with EFI" makes no sense, as it's purpose is for use on UEFI motherboards for EFI booting. Did both Windows and Ubuntu boot with CSM [Legacy] Mode off in the EFI firmware, as MBR should not be used if you have a UEFI motherboard since EFI boot only supports GPT (OSes should not be installed with CSM [Legacy] Mode on unless the OS cannot EFI boot - both Windows and Ubuntu can).
    – JW0914
    Commented Aug 17, 2020 at 11:48
  • @JW0914 Thank you, I did not understand the difference between EFI and Legacy boot, and misinterpreted the error message of EasyUEFI to mean "doesn't work on EFI", whereas I think it meant "doesn't work on Legacy boot". I think the device in question only has BIOS (Legacy boot) with InsydeH20 setup utility Rev. 3.5, as I was not (yet) able to find an option for UEFI boot, and I adjusted the question accordingly. My apologies for the lack of due diligence, and thank you for your clarification.
    – a.t.
    Commented Aug 17, 2020 at 13:50
  • A motherboard is either BIOS or UEFI (they are not the same things), with CSM [Legacy] Mode on UEFI motherboards emulating BIOS when enabled, but it's not recommended to use since it comes with performance pitfalls, such as taking substantially longer to boot, inability to use GPT, as well as being limited to 4 primary partitions, etc. Unless an OS being installed doesn't support EFI booting [almost all do], CSM Mode should remain off. The Aspire 7750G has a BIOS motherboard and therefore EasyUEFI is not compatible with it
    – JW0914
    Commented Aug 17, 2020 at 14:08
  • 1
    I don't think your VeraCrypt bootloader is "placed in front of GRUB" in your MBR. I think that GRUB stage 1 (MBR) has been simply overwritten by VeraCrypt. That is what happened if I understood your description correctly...
    – Art Gertner
    Commented Aug 19, 2020 at 9:34
  • 1
    @a.t. GRUB configs cannot be modified by Windows boot tools, such as BcdEdit... Have you reviewed the GRUB and VeraCrypt man pages? You [likely] need to modify GRUB's config file via GRUB's CLI or text editor.
    – JW0914
    Commented Aug 25, 2020 at 13:30

1 Answer 1

Reset to default
0
+50

Try solving the problem from Linux (not Windows) side. It is usually more straightforward.

  1. Boot into your Ubuntu. If your bootloader is messed up, you can do so using a bootloader on a live CD. Some minimal knowledge of GRUB commands is needed but you can always bring up the live CD bootloader and use it to boot into your HDD linux installation.
  2. Make a backup of your MBR and store it somewhere within your filesystem where it is easily accessible. Make sure it is stored un an unecnrypted partition... I would use dd to make a backup. Give a backup file a reasonable name. Something like veracrypt.mbr would do
  3. Repair your GRUB. This is easily done from inside your linux installation. There are multiple articles on the interwebz that explain how it is done. At this point GRUB stage 1 will be written to MBR.
  4. Manually add an entry to your grub.cfg which would chainload veracrypt.mbr created in step 2

After these steps you will end up with the following:

  • MBR will contain GRUB stage 1. VeraCrypt nasty stuff will be wiped from it
  • You will be able to boot your linux from GRUB
  • GRUB will contain an entry which will allow you to chainload VeraCrypt

If you want to play it safe, then before proceeding with step 3 which will replace VeraCrypt bootloader in your MBR with GRUB stage 1 you can try to test your setup from GRUB on live CD and see if it works. Just bring up live CD bootloader, drop to command mode and try to chainload your veracrypt.mbr from there. Take a note of command sequence that worked for you. Then proceed with step 3...

Improve this answer
3
  • Thank you, I think you made me realize that what I am asking is not practically possible, and provided an alternative solution. I initially encrypted the whole drive including the Ubuntu installation. With the whole disk encryption, the partition containing Ubuntu is also encrypted, hence it is not practically possible to perform your step 1 neither from a bootloader, as it would require the VeraCrypt decryption. So I think you mean: make 2 partitions on a single disk,Windows on 1, Ubuntu on 2, then encrypt partition 1 and proceed to your step 1 in the Ubuntu. Is that a valid assumption?
    – a.t.
    Commented Aug 19, 2020 at 10:22
  • That sheds more light on your situation. I honestly don't know what will happen if you encrypt the entire drive with dual boot installation already on it. My answer does not directly apply top your question in this case. Can you at least successfully boot into your Windows installation? If yes, can you "see" linux partition from windows disk manager?
    – Art Gertner
    Commented Aug 19, 2020 at 20:58
  • 1
    If you can boot into windows and can "see" your linux partition then why not to attempt adding an option to windows native bootloader using EasyBCD.
    – Art Gertner
    Commented Aug 19, 2020 at 21:01

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .