After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 723232 - BitLocker Disk Encryption not recognised
BitLocker Disk Encryption not recognised
Status: RESOLVED FIXED
Product: gparted
Classification: Other
Component: application
GIT HEAD
Other Linux
: Normal normal
: ---
Assigned To: gparted maintainers alias
gparted maintainers alias
Depends on:
Blocks:
 
 
Reported: 2014-01-29 12:34 UTC by Mike Fleetwood
Modified: 2014-05-13 01:40 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Recognise BitLocker (v1) (6.27 KB, patch)
2014-01-29 12:56 UTC, Mike Fleetwood
none Details | Review
Recognise BitLocker (v2) (6.35 KB, patch)
2014-01-30 23:08 UTC, Mike Fleetwood
none Details | Review

Description Mike Fleetwood 2014-01-29 12:34:48 UTC
GParted doesn't recognise partitions encrypted by Microsoft's
BitLocker Disk Encryption (BDE).

Reference:

Detecting BitLocker
http://blogs.msdn.com/b/si_team/archive/2006/10/26/detecting-bitlocker.aspx
Comment 1 Mike Fleetwood 2014-01-29 12:56:05 UTC
Created attachment 267512 [details] [review]
Recognise BitLocker (v1)

Hi Curtis,

BitLocker recognition patch
---------------------------

Here's a patch to make GParted recognise BitLocker Disk Encryption.

I decided that BitLocker should not have an an unsupported warning,
making it like linux-raid and linux-suspend and not like LUKS.  Shout
if this is wrong.

For testing purposes you can fake a signature on a partition like this:
    echo -FVE-FS- | dd of=/dev/sda11 bs=1 seek=3

Another reference to recognising BitLocker partitions, besides the one
commented in the code:

http://www.forensicswiki.org/wiki/BitLocker_Disk_Encryption


TrueCrypt consideration
-----------------------

I also looked at TrueCrypt (http://www.truecrypt.org/) but they prevent
encrypted partitions from being recognised, making them
indistinguishable from shredded random data, so can't be recognised.

Identifying TrueCrypt volumes
http://en.wikipedia.org/wiki/TrueCrypt#Identifying_TrueCrypt_volumes

TrueCrypt Volume Format Specification
http://www.truecrypt.org/docs/volume-format-specification


Thanks,
Mike
Comment 2 Curtis Gedak 2014-01-30 19:57:47 UTC
Hi Mike,

Thank you for this new patch for detecting bitlocker.  I have applied the patch and tested using your suggestion for writing the signature to an already existing partition.  All went well.

Do you know if there are any GNU/Linux tools for manipulating bitlocker?

My guess is the answer is no.  I am also okay with not having a warning about bitlocker being not supported.

In the link from comment #0, the article author mentions that not only the signature needs to be checked, but also disk location 0x00D and a few other zeroed disk locations (0x00E to 0x023).

Do you think we should implement these extra checks which will add some complexity to the code?

Curtis
Comment 3 Mike Fleetwood 2014-01-30 22:26:59 UTC
Hi Curtis,


I don't know of any open source tools for manipulating bitlocker.  A
quick google didn't find anything.  Don't really expect to find any
either.


I've looked at the BIOS Parameter Block (BPB), looked at the code for
(lib)parted and libblkid (util-linux) and done some testing by
overwriting byte 0x10, fat_count.  Parted doesn't care and continues to
recognise fat16, fat32 and ntfs.  Blkid does care and checks all the
PBP values are correct and stops recognising them as vfat and ntfs.
Given that GParted isn't going to do anything with a bitlocker partition
I don't think that it really matters if someone partially fakes a
signature and GParted recognises it when Windows presumably would reject
it because the PBP values don't pass checking.  So I wouldn't implement
validation of the PBP values.


Thanks,
Mike
Comment 4 Mike Fleetwood 2014-01-30 23:08:09 UTC
Created attachment 267684 [details] [review]
Recognise BitLocker (v2)

Hi Curtis,

Here's patch v2.  The only difference is the addition of this comment line
in GParted_Core::get_filesystem():

//  Validation of BIOS Parameter Block fields is unnecessary for recognition only

Thanks,
Mike
Comment 5 Curtis Gedak 2014-01-31 17:33:45 UTC
Hi Mike,

Thank you for the explanation on not needing the extra checks and the updated patch with the additional comment.  I have reviewed and tested the patch in comment #4 and all went well.

As such I have committed the patch for inclusion in the next release of GParted.

The relevant git commit can be viewed at the following link:

Recognise BitLocker encrypted partitions (#723232)
https://git.gnome.org/browse/gparted/commit/?id=97284797717d750173540e6f35f639ac85b8f61b

Curtis
Comment 6 Curtis Gedak 2014-02-19 17:56:11 UTC
This enhancement was included in the GParted 0.18.0 release on February 19,
2014.
Comment 7 Curtis Gedak 2014-05-13 01:40:09 UTC
'Forgot to close this bug report as being implemented.