Bitlocker and Linux
Brien Dieterle
briend at gmail.com
Mon Oct 17 20:23:13 MST 2016
I don't see anything there about centrally managed full disk encryption for
Linux with bitlocker. There are products out there but no way a shop is
going to invest in multiplatform solution just for one person. I would
look at doing native Linux encryption (whatever the distro offers during
installation) and turn the key over to IT. That might satisfy the
insurance requirement without having a managed solution for Linux.
On Oct 17, 2016 7:50 PM, "Stephen Partington" <cryptworks at gmail.com> wrote:
> Incorrect, I have done this with Ubuntu. It requires you to turn over the
> initial boot records to windows and use an application like EasyBCD to
> manage them. but it provides full bitlocker compatibility with Linux.
>
> See method 3 from this post for a baseline. http://social.
> technet.microsoft.com/wiki/contents/articles/9528.how-to-
> multiboot-with-bitlocker-tpm-and-a-non-windows-os.aspx
>
> I have done this with windows 7, Have not tried it with windows 10.
>
> On Mon, Oct 17, 2016 at 4:41 PM, Nathan England <nathan at nmecs.com> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> I asked my IT department a question today and may have opened pandora's
>> box.
>>
>> I've been allowed to run Fedora on my company laptop for a couple of
>> years now. I am using a personal hard drive for Fedora that way if I
>> needed to I could put the original Windows drive back in and access what
>> ever I needed.
>>
>> I haven't used my Windows drive in over a year now and it's causing some
>> issues with corporate AD and the anti-virus. So I requested installing
>> windows in a VirtualBox and having corporate IT join it to the domain,
>> install av, office suite, and the other stuff I may need but likely
>> never will use, and then I can easily boot it once a week to keep my av
>> up to date.
>>
>> The response was that our insurance requires the use of Bitlocker.
>> Full stop...
>>
>> Their potential solution is to partition the drive to have Windows and
>> Linux but both be encrypted with Bitlocker so they could access the
>> drive contents should I ever leave or die or what ever...
>>
>> I realize encrypting the linux partition with bitlocker is not likely
>> ever going to happen (right?) but are there corporate linux systems that
>> allow IT access to encrypted volumes like Bitlocker and AD?
>>
>> I feel dirty even asking this. Doesn't this defeat the entire purpose of
>> encryption to begin with? ugh... I guess it makes sense, but it sounds
>> like inferior by design.
>>
>>
>> - --
>> ~~~~~~~~~~~~~~~~~~~~~~~~
>> Nathan England
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1
>>
>> iQEcBAEBAgAGBQJYBWGMAAoJEOuk7+DwYjzgSIYH/3EtMISD68n5d88CX6XDctYT
>> TcJLb00AVw5TvlK/+aLaMCu6EmkaZlDW+1KMk5pYvxV7MMhdPxKq1+tYbFh17JFG
>> G7DWeXUvEC+tGUmy2fvhBGAyaBC5XWNiXkbmWq+g8D6yKzG90P9rjVn3bL7Yw8P3
>> 8c/CyrncOF50yZieSedDgNPtfb2QWnPmaE0O43CcqTFihAN+5JSViV40YacCMTgS
>> 0raKYspau6hbB9lnWg2ScQx0zIvFJvpIE0xwIYPkBDYGtitHm3YoTaFmv3KFsrV6
>> OV/X/EOdurtWdsTwxjM2b6qI7ng0P4/xuSdedoK4jH86AnaKZGTy4Ox4OOidCvU=
>> =HOWo
>> -----END PGP SIGNATURE-----
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
>
> Stephen
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20161017/597e4c3f/attachment.html>
More information about the PLUG-discuss
mailing list