Published on: August 16, 2019 by Albert Reilly
The logical volume encryption system included with Microsoft Windows is called BitLocker. In cases of dual-booting Windows 10 and a Linux distribution, accessing a BitLocker-encrypted Windows volume from Linux may be required. Here, we cover how to decrypt and mount the BitLocker partition from the Linux command line, as well as how to add it to /etc/fstab, for automatic mounting on boot.
We will use Dislockerto decrypt and mount BitLocker volumes. Dislocker is a tool for reading BitLocker encrypted partitions on Linux and macOS, featuring read/write support for BitLocker encrypted partitions on Windows 10, 8.1, 8, 7 and Vista (AES-CBC, AES-XTS, 128 or 256 bits, with or without the Elephant diffuser). It also supports BitLocker-To-Go encrypted partitions (USB/FAT32 partitions). Microsoft added a diffuser to provide some additional security properties that are desirable in the disk encryption setting for version 7 and Vista but have removed it from 8. Dislocker also supports BitLocker-To-Go encrypted partitions (USB/FAT32 partitions).
Debian / Ubuntu
sudo add-apt-repository ppa:hermlnx/dislocker sudo apt-get update sudo apt install dislocker
RedHat / CentOS
wget https://forensics.cert.org/cert-forensics-tools-release-el7.rpm rpm -Uvh cert-forensics-tools-release*rpm yum --enablerepo=forensics install dislocker
Now, create two folders to decrypt (bitlocker_decrypt) and mount (bitlocker_mount) the partition. The -p option is to make parent directories if not exists.
sudo mkdir -p /media/bitlocker_decrypt sudo mkdir -p /media/bitlocker_mount
You can use sudo fdisk -l and lsblk to see all the available partitions from the command line and will have to figure out which uses BitLocker encryption. Linux recognizes encrypted BitLocker partitions as standard NTFS partitions. So the command output will give you partition type as something like HPFS/NTFS/exFAT. You can also identify the partition by login into Windows or identifying the size.
You could also use the Gparted utility, which shows bitlocker in the File System columns for BitLocker-encrypted partitions.
sudo dislocker <partition> -u <password> -- /media/bitlocker_decrypt sudo mount -o loop /media/bitlocker_decrypt/dislocker-file /media/bitlocker_mount
Replace <partition> with the partition that uses BitLocker encryption (/dev/sda1, /dev/sdb2, etc.) which you identified in step 3, and <password> with the user password for that BitLocker volume. Instead of the user password (-u <password>), you could also decrypt the BitLocker volume using the recovery password (-p <password>), or using the BEK file (-f <bekfile>).
The first command will create a file dislocker-file which is a virtual NTFS partition and is mounted to our mount folder using the second command.
You should now be able to access your Windows BitLocker-encrypted volume from your Linux desktop.
If you want to have the BitLocker encrypted volume automatically mounted on boot, you can use /etc/fstab by adding these two lines.
sudo vi /etc/fstab <partition> /media/bitlocker_decrypt/dislocker-file fuse.dislocker user-password=<password>,nofail 0 0 /media/bitlocker_decrypt/dislocker-file /media/bitlocker_mount auto nofail 0 0
You may use recovery-password instead of user-password.
We have now successfully mounted BitLocker-encrypted windows partitions on Linux using Dislocker and have configured it to auto-mount on boot.
Category : Linux