This document describes how to install multiboot system-encrypted Windows partition and Linux (or any other OS). Please note that you cannot use whole-drive encryption (only system partition).
Althought truecrypt 1.6 documentation says it is not possible, it works. I use it on many computers.
This guide assumes you already have installed TC system encryption and system boots using truecrypt to Windows. Other OSes may be installed, but not bootable.
dd if=/dev/sda of=track0.bin bs=512 count=64 # (Linux) dd.exe if=\\?\Device\Harddisk0\DR0 of=track0.bin bs=512 count=64 # (Windows)Sector 0 contains truecrypt loader, secotrs 1-62 contain truecrypt resident boot-time decryptor (two mirrored copies), sectors 63 and 64 contain mirrored truecrypt system volume header. This header is encrypted and contains keys for system volume decryption.
To simplify installation, create also two other files:
dd if=/dev/sda of=tc-mbr.bin bs=512 count=1 skip=0 # (Linux) dd if=/dev/sda of=tc-code.bin bs=512 count=61 skip=1 # (Linux) dd.exe if=\\?\Device\Harddisk0\DR0 of=tc-mbr.bin bs=512 count=1 skip=0 # (Windows) dd.exe if=\\?\Device\Harddisk0\DR0 of=tc-code.bin bs=512 count=61 skip=1 # (Windows)You should see 0x55aa mark at end of tc-mbr.bin and two mirrored sections in tc-code.bin. For your convenience you may also wish to backup headers (
skip=62 count=2
)
title Boot Win (truecrypt) root (hd0,X) chainloader /boot/tc-mbr.bin
dd if=tc-code.bin of=/dev/sda bs=512 seek=1grub setup command usually overwites first track with stage1.5.
If you are unsure, you can skip this step and repeat it if truecrypt was overwritten.
grub-install --root-directory=/mnt /dev/sda