Blog

Mount Bitlocker – Encrypted Windows Partitions On Linux

Published on: August 16, 2019 by Albert Reilly

Mount Bitlocker – Encrypted Windows Partitions On Linux

Scenario:

The logical volume encryption system included with Microsoft Windows is called BitLocker. In cases of dual-booting Windows 10 and a Linux distribution, accessing a BitLocker-encrypted Windows volume from Linux may be required. Here, we cover how to decrypt and mount the BitLocker partition from the Linux command line, as well as how to add it to /etc/fstab, for automatic mounting on boot.

We will use Dislockerto decrypt and mount BitLocker volumes. Dislocker is a tool for reading BitLocker encrypted partitions on Linux and macOS, featuring read/write support for BitLocker encrypted partitions on Windows 10, 8.1, 8, 7 and Vista (AES-CBC, AES-XTS, 128 or 256 bits, with or without the Elephant diffuser). It also supports BitLocker-To-Go encrypted partitions (USB/FAT32 partitions). Microsoft added a diffuser to provide some additional security properties that are desirable in the disk encryption setting for version 7 and Vista but have removed it from 8. Dislocker also supports BitLocker-To-Go encrypted partitions (USB/FAT32 partitions).

Step 1: Install Dislocker

Debian / Ubuntu

sudo add-apt-repository ppa:hermlnx/dislocker

sudo apt-get update

sudo apt install dislocker

RedHat / CentOS

wget https://forensics.cert.org/cert-forensics-tools-release-el7.rpm

rpm -Uvh cert-forensics-tools-release*rpm

yum --enablerepo=forensics install dislocker

Step 2: Creating folders for decrypting and mounting partition

Now, create two folders to decrypt (bitlocker_decrypt) and mount (bitlocker_mount) the partition. The -p option is to make parent directories if not exists.

sudo mkdir -p /media/bitlocker_decrypt

sudo mkdir -p /media/bitlocker_mount

Step 3: Identify the encrypted partition

You can use sudo fdisk -l and lsblk to see all the available partitions from the command line and will have to figure out which uses BitLocker encryption. Linux recognizes encrypted BitLocker partitions as standard NTFS partitions. So the command output will give you partition type as something like HPFS/NTFS/exFAT. You can also identify the partition by login into Windows or identifying the size.

You could also use the Gparted utility, which shows bitlocker in the File System columns for BitLocker-encrypted partitions.

Step 4: Decrypt and mount the BitLocker-encrypted partition

sudo dislocker <partition> -u <password> -- /media/bitlocker_decrypt

sudo mount -o loop /media/bitlocker_decrypt/dislocker-file /media/bitlocker_mount

Replace <partition> with the partition that uses BitLocker encryption (/dev/sda1, /dev/sdb2, etc.) which you identified in step 3, and <password> with the user password for that BitLocker volume. Instead of the user password (-u <password>), you could also decrypt the BitLocker volume using the recovery password (-p <password>), or using the BEK file (-f <bekfile>).

The first command will create a file dislocker-file which is a virtual NTFS partition and is mounted to our mount folder using the second command.

You should now be able to access your Windows BitLocker-encrypted volume from your Linux desktop.

Step 5: Mount the BitLocker encrypted partition on boot

If you want to have the BitLocker encrypted volume automatically mounted on boot, you can use /etc/fstab by adding these two lines.

sudo vi /etc/fstab

<partition> /media/bitlocker_decrypt/dislocker-file fuse.dislocker user-password=<password>,nofail 0 0

/media/bitlocker_decrypt/dislocker-file /media/bitlocker_mount auto nofail 0 0

You may use recovery-password instead of user-password.

We have now successfully mounted BitLocker-encrypted windows partitions on Linux using Dislocker and have configured it to auto-mount on boot.

Server Management

Category : Linux

Albert Reilly

Albert Reilly

Albert likes to explore and learn new things. He is hardworking, enthusiastic and is getting expertise in Linux administration, Networking and Security areas. He understands client requirements and is able to act accordingly. He has been working for 2 years with us.

You may also read:

Comments

Add new commentSIGN IN

Let's Connect

Get new updates

Categories

$0.000 items