How to access a BitLocker-encrypted drive in Linux?

windows linux encryption bitlocker

I have a laptop running Windows 7 Ultimate. I have encrypted my drives using BitLocker. Now I have also installed Lubuntu along with Windows. But my encrypted drives are not visible in Linux. How can I fix this?


Solution 1:

You can access BitLocker partition under Linux using Dislocker, an opensource driver which is using FUSE (or not).

For that, you need the file on a USB key (the one with the .bek extension) or the recovery password.

Solution 2:

Thanks to Aorimn, his solution worked for me. I'm fairly unexperienced with Unix, so it cost a few hours to figure it out. I thought I would describe the steps I took while my backup is running :)

My problem was that I could not boot Windows, and I needed a way to access my files on a Bitlocked partition. In order to do this, you need a bitlocker recovery password (8 groups of digits) and the ability to boot your system from USB.

  1. Download and install LiLi on an other Windows machine (Linux Live USB Creator)
  2. Start LiLi and have it download a lightweight ubuntu image. I chose Xubuntu.
  3. Install the image to your USB stick.
  4. Boot the problematic machine with the USB stick
  5. When you see the ubuntu boot screen, press a key.
  6. Under F6, set the following options: nomodeset, acpi=off, noacpi and nolacpi
  7. Boot ubuntu.
  8. Make a folder /media/windows and /media/mount.
  9. Download and extract dislocker
  10. sudo apt-get install libfuse-dev libmbedtls-dev
  11. change directory to the dislocker/src folder
  12. sudo make
  13. sudo make install
  14. change directory to /usr/bin
  15. sudo fdisk -l
  16. identify the partition which is bitlocked. Mine was /dev/sda1.
  17. sudo dislocker -r -V /dev/sda1 -p315442-000000-000000-000000-000000-000000-000000-000000 -- /media/windows (replace your own bitlocker key and source partition)
  18. change dir to /media/windows (use sudo -i if you can't access it)
  19. mount -o loop dislocker-file /media/mount
  20. You should now see your files in a mounted drive of the file manager.

Backups are fairly slow, but it might save some trouble if you do end up reinstalling windows. Good luck!

Solution 3:

I just worked out a way to update Kali Linux and install dislocker.

Using Kali Linux 1.0.9a i386 bootable DVD

Edit "/etc/apt/sources.list" and add:

deb http://us.archive.ubuntu.com/ubuntu trusty main universe

Install programs using Terminal:

apt-get update"
apt-get install git libfuse-dev libpolarssl-dev # Continue through update text, allow services to restart if needed
git clone git://github.com/Aorimn/dislocker.git
cd /dislocker/src
make
make install

Find drive Bitlocker volume:

fdisk -l

Make folders in /mnt: tmp, dis.

Run dislocker:

dislocker -v -V /dev/<volume name> -p<Bitlocker key> -- /mnt/tmp

Check if file exists to confirm proper Bitlocker key:

ls /mnt/tmp

Should return dislocker-file if correct.

Mount volume:

mount -o loop,ro /mnt/tmp/dislocker-file /mnt/dis

Browse to /mnt/dis for access to files.

Solution 4:

CryptSetup has added experimental support for BitLocker as of version 2.3.0 (February 2020), which is available in Ubuntu's repos for 20.10 Groovy onwards, although support will likely improve in later versions.

To open a BitLocker device with a password, use:

sudo cryptsetup open --type=bitlk <device> <name>

or:

sudo cryptsetup bitlkOpen <device> <name>

To open the device with a key file, use:

sudo cryptsetup open --type=bitlk --key-file=/etc/cryptsetup-keys.d/<name>.key <device> <name>

To open the device at boot time, add the following to /etc/crypttab:

<name> PARTUUID=<part_uuid> /etc/cryptsetup-keys.d/<name>.key bitlk

Note:

If a keyfile is not specified, systemd-cryptsetup(8) will automatically try to load it from /etc/cryptsetup-keys.d/name.key and /run/cryptsetup-keys.d/name.key (Source).

So you may replace the path to the key file with - or none.

Possible parameter values:

  • device - /dev/sda1
  • name - windows
  • part_uuid - aaaaaaaa-1111-bbbb-2222-cccccccccccc (find PARTUUID with sudo blkid | grep BitLocker)

Now you can mount the device with the following command:

sudo mount /dev/mapper/windows /path/to/mount/point

Important note:

When setting up BitLocker on a device choose the option that encrypts the whole device (requires more time). The other option uses Encrypt-On-Write conversion model that makes sure that any new disk writes are encrypted as soon as you turn on BitLocker (data that existed on the device before encryption began can still be read and written without encryption) and is not supported by Cryptsetup.

You will get the following error when you try to open the device with Encrypt-On-Write conversion model:

BITLK devices with type 'encrypt-on-write' cannot be activated.

Cryptsetup Manual

Crypttab Manual

Cryptsetup 2.3.0 Release Notes

BitLocker configuration: known issues

Cryptsetup bitlk.c

Related

Create an alias in Windows XP
Disadvantages of partitioning an SSD?
How do you easily add equation numbers to Microsoft Word 2010 equations?
Battery not charging, laptop only works when plugged
Beaglebone Black filesystem resize - incorrect information? "just delete the partition and make a new one"
Repair grub mbr and /boot using ubuntu 9.04 live CD
"Failed to Configure" restart loop with Windows 7 Updates
How to fix UNMOUNTABLE_BOOT_VOLUME (0x000000ED) on my Windows XP Dell laptop?
Windows 7: File In Use when deleting file [duplicate]
How to Check RAM Size without Looking at Motherboard
How to recover folders from formatted drive
How do I transpose data in columns to rows?