-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for bitlocker #617
Comments
Also to fdisk and all the other tools within this project. |
Do you mean detection of the bitlocker signatures on the block devices? |
@karelzak Yes, gsgrippal meant detection of signature. Right now GParted has some custom code in src/GParted_Core.cc (function GParted_Core::detect_filesystem_internal) to detect bitlocker block devices and gsgrippal also wants KDE Partition Manager to detect bitlocker too. Yet instead of duplicating that code I think it's better for it to just live in blkid, so that it can be shared. |
Addresses: #617 Signed-off-by: Karel Zak <kzak@redhat.com>
@gsgrippal Neither support in util-linux nor in KDE Partition Manager will make it appear in Dolphin. If I remember correctly, you'll also have to ask Solid project. For comparison, LUKS2 is supported by util-linux and support in KDE Partition Manager is improving (e.g. I can unlock it there) but Dolphin or KDE Device notifier can't mount LUKS2 volumes. |
@stikonas ok I know that. What I don't know is if dolphin or kde device notifier use util-linux to detect media, or they do like gparted and just fetch data with their own methods. |
@gsgrippal. No, not own methods. I think Solid and udisks2 as Solid backend. But dolphin wouldn't show it there anyway if it can't mount it. Don't think many distributions ship bitlocker FUSE module. |
@stikonas no distro ships with dislocker, and almost the same for veracrypt/truecrypt/apple filevault. if dolphin doesn't do that, it may need improvement. Currently, Windows 10 automatically detects when a volume is bitlocker partially/totally encrypted (you can pause encryption/decryption process and resume after a reboot). It also shows a different symbol depending if it's locked or unlocked (either by user entering password or auto-unlock at os boot): The volume name can only be obtained once it's decrypted. |
@gsgrippal well, of course windows detects is own proprietary encryption method. On the other hand it does not detect LUKS partitions. |
@stikonas I was not sure about the cryptsetup thing so I said "almost the same..." If I install LibreCrypt (https://github.com/t-d-k/LibreCrypt) on Windows 10, will it be auto-recognize from My Computer like dislocker volumes, or do I have to manually mount them like Veracrypt? |
@gsgrippal I don't know. I don't use Windows. |
Supported: * WinVista version * Win7 and later versions (based on NTFS) * BitLockerToGo (for removable media; based on FAT32) Unfortunately, it's without LABEL and UUID. It seems BitLocker does not use volume_label and volume_serial stuff from NTFS header. Addresses: #617 Signed-off-by: Karel Zak <kzak@redhat.com>
I have added BitLocker detection, for Win7 version:
BitLockerToGo:
Unfortunately, it's without LABEL and UUID. The Win7 BitLocked is based on NTFS header, but it does not use volume_label and volume_serial from the header. Maybe for BitLockerToGo would be possible to use LABEL from FAT superblock, not sure. Anyway, libblkid cannot be used to unlock the device, it's just detection library. You need to use another tools (https://github.com/libyal/libbde ?) to unlock the device. The ideal solution would be to follow what we have for LUKS, udevd (by libblkid) detects BitLocker and then (for example systemd) asks for key/password.... but this is out of libblkid :-) Note that lsblk reads information from udev db, with the bitlocker detection you will see "BitLocker" as FSTYPE (e.g. lsblk --fs). |
@karelzak dislocker supports AES-XTS, which is the one I have on my Windows 10 and dislocker works fine with it, while libbde seems a work in progress... |
Also I think could provide more information, for example if the volume is 100% encrypted or not, or other parameters. |
I have no clue what is better for BitLocker, I have no Windows, I don't use BitLocker at all ;-) |
Isn't extra info for LUKS provided only by cryptsetup, not by util-linux. In that case I would say same applies to bitlocker. |
Google search led me here when i was searching to find out of blkd supports bitlocker signature detection. For those interested in managing bitlocker volumes using a GUI tool, I have a project called "zuluCrypt"[1] and i am working[2] on adding support for bitlocker volumes using "dislocker"[3] backend. [1] https://mhogomchungu.github.io/zuluCrypt/ |
Add bitlocker support to udevadm
http://www.forensicswiki.org/wiki/BitLocker_Disk_Encryption
The text was updated successfully, but these errors were encountered: