GNOME Bugzilla – Bug 723232
BitLocker Disk Encryption not recognised
Last modified: 2014-05-13 01:40:09 UTC
GParted doesn't recognise partitions encrypted by Microsoft's BitLocker Disk Encryption (BDE). Reference: Detecting BitLocker http://blogs.msdn.com/b/si_team/archive/2006/10/26/detecting-bitlocker.aspx
Created attachment 267512 [details] [review] Recognise BitLocker (v1) Hi Curtis, BitLocker recognition patch --------------------------- Here's a patch to make GParted recognise BitLocker Disk Encryption. I decided that BitLocker should not have an an unsupported warning, making it like linux-raid and linux-suspend and not like LUKS. Shout if this is wrong. For testing purposes you can fake a signature on a partition like this: echo -FVE-FS- | dd of=/dev/sda11 bs=1 seek=3 Another reference to recognising BitLocker partitions, besides the one commented in the code: http://www.forensicswiki.org/wiki/BitLocker_Disk_Encryption TrueCrypt consideration ----------------------- I also looked at TrueCrypt (http://www.truecrypt.org/) but they prevent encrypted partitions from being recognised, making them indistinguishable from shredded random data, so can't be recognised. Identifying TrueCrypt volumes http://en.wikipedia.org/wiki/TrueCrypt#Identifying_TrueCrypt_volumes TrueCrypt Volume Format Specification http://www.truecrypt.org/docs/volume-format-specification Thanks, Mike
Hi Mike, Thank you for this new patch for detecting bitlocker. I have applied the patch and tested using your suggestion for writing the signature to an already existing partition. All went well. Do you know if there are any GNU/Linux tools for manipulating bitlocker? My guess is the answer is no. I am also okay with not having a warning about bitlocker being not supported. In the link from comment #0, the article author mentions that not only the signature needs to be checked, but also disk location 0x00D and a few other zeroed disk locations (0x00E to 0x023). Do you think we should implement these extra checks which will add some complexity to the code? Curtis
Hi Curtis, I don't know of any open source tools for manipulating bitlocker. A quick google didn't find anything. Don't really expect to find any either. I've looked at the BIOS Parameter Block (BPB), looked at the code for (lib)parted and libblkid (util-linux) and done some testing by overwriting byte 0x10, fat_count. Parted doesn't care and continues to recognise fat16, fat32 and ntfs. Blkid does care and checks all the PBP values are correct and stops recognising them as vfat and ntfs. Given that GParted isn't going to do anything with a bitlocker partition I don't think that it really matters if someone partially fakes a signature and GParted recognises it when Windows presumably would reject it because the PBP values don't pass checking. So I wouldn't implement validation of the PBP values. Thanks, Mike
Created attachment 267684 [details] [review] Recognise BitLocker (v2) Hi Curtis, Here's patch v2. The only difference is the addition of this comment line in GParted_Core::get_filesystem(): // Validation of BIOS Parameter Block fields is unnecessary for recognition only Thanks, Mike
Hi Mike, Thank you for the explanation on not needing the extra checks and the updated patch with the additional comment. I have reviewed and tested the patch in comment #4 and all went well. As such I have committed the patch for inclusion in the next release of GParted. The relevant git commit can be viewed at the following link: Recognise BitLocker encrypted partitions (#723232) https://git.gnome.org/browse/gparted/commit/?id=97284797717d750173540e6f35f639ac85b8f61b Curtis
This enhancement was included in the GParted 0.18.0 release on February 19, 2014.
'Forgot to close this bug report as being implemented.