Originally Posted by
tea for one
Mine too, but it does not indicate enabled or disabled.
My TPM is disabled
It will in the Bios under Patform
Originally Posted by
tea for one
I doubt if a BitLocker key is stored in an Ubuntu folder
True but you can see them from a Linux Machine:Or, You can access the BitLocker partition under Linux using Dislocker, an open-source driver that is using FUSE (or not).
Note: You need the file on a USB key (the one with the .bek extension) or the recovery password.
More on Dislocker:
Code:
dislocker
dislocker by Romain Coltel, v0.7.2 (compiled for Linux/x86_64)
Compiled version: master:8d42bdd
Usage: dislocker [-hqrsv] [-l LOG_FILE] [-O OFFSET] [-V VOLUME DECRYPTMETHOD -F[N]] [-- ARGS...]
with DECRYPTMETHOD = -p[RECOVERY_PASSWORD]|-f BEK_FILE|-u[USER_PASSWORD]|-k FVEK_FILE|-K VMK_FILE|-c
Options:
-c, --clearkey decrypt volume using a clear key (default)
-f, --bekfile BEKFILE
decrypt volume using the bek file (on USB key)
-F, --force-block=[N] force use of metadata block number N (1, 2 or 3)
-h, --help print this help and exit
-k, --fvek FVEK_FILE decrypt volume using the FVEK directly
-K, --vmk VMK_FILE decrypt volume using the VMK directly
-l, --logfile LOG_FILE
put messages into this file (stdout by default)
-O, --offset OFFSET BitLocker partition offset, in bytes (default is 0)
-p, --recovery-password=[RECOVERY_PASSWORD]
decrypt volume using the recovery password method
-q, --quiet do NOT display anything
-r, --readonly do not allow to write on the BitLocker volume
-s, --stateok do not check the volume's state, assume it's ok to mount it
-u, --user-password=[USER_PASSWORD]
decrypt volume using the user password method
-v, --verbosity increase verbosity (CRITICAL errors are displayed by default)
-V, --volume VOLUME volume to get metadata and keys from
-- end of program options, beginning of FUSE's ones
ARGS are any arguments you want to pass to FUSE. You need to pass at least
the mount-point.
Or the Man Page:
Code:
DISLOCKER-FUSE(1) DISLOCKER-FUSE DISLOCKER-FUSE(1)
NAME
Dislocker fuse - Read/write BitLocker encrypted volumes under Linux, OSX and FreeBSD.
SYNOPSIS
dislocker-fuse [-hqrsv] [-l LOG_FILE] [-O OFFSET] [-V VOLUME DECRYPTMETHOD -F[N]] [--
ARGS...]
Where DECRYPTMETHOD = {-p[RECOVERY_PASSWORD] | -f BEK_FILE | -u[USER_PASSWORD] | -k
FVEK_FILE | -K VMK_FILE | -c}
DESCRIPTION
Given a decryption mean, the program is used to read or write BitLocker encrypted volumes.
Technically, the program will create a virtual NTFS partition that you can mount as any
other NTFS partition.
The virtual partition is linked to the underlying BitLocker volume, so any write to this
volume is put on the BitLocker volume as well. However, you can use dd(1) to get rid of this
limitation -- if it's a limitation for you. An example is provided in the EXAMPLES section
of this man page.
OPTIONS
Program's options are described below:
-c, --clearkey
decrypt volume using a clear key which is searched on the volume (default)
-f, --bekfile BEK_FILE
decrypt volume using the bek file (present on a USB key)
-F, --force-block=[N]
force use of metadata block number N (1, 2 or 3). Without N, the first block is
forced. Without this option, the program will try each block until a valid one is
found
-h print the help and exit
-k, --fvek FVEK_FILE
decrypt volume using the FVEK directly. See the FVEK FILE section below to under‐
stand what is to be put into this FVEK_FILE
-K, --vmk VMK_FILE
decrypt volume using the VMK directly. See the VMK FILE section below to understand
what is to be put into this VMK_FILE
-l, --logfile LOG_FILE
put messages into this file (stdout by default)
-O, --offset OFFSET
BitLocker partition offset, in bytes, in base 10 (default is 0). Protip: in your
shell, you probably can pass -O $((0xdeadbeef)) if you have a 16-based number and are
too lazy to convert it in another way.
-p, --recovery-password=[RECOVERY_PASSWORD]
decrypt volume using the recovery password method. If no recovery-password is pro‐
vided, it will be asked afterward; this has the advantage that the program will vali‐
date each block one by one, on the fly, as you type it and not to leak the password
on the commandline
-q, --quiet
do NOT display any information. This option has priority on any previous ‘-v'. One
probably wants to check the return value of the program when using this option
-r, --readonly
do not allow to write on the BitLocker volume (read only mode)
-s, --stateok
do not check the volume's state, assume it's ok to mount it. Do not use this if you
don't know what you're doing
-u, --user-password=[USER_PASSWORD]
decrypt the volume using the user password method. If no user-password is provided,
it will be asked afterward; this has the advantage not to leak the password on the
commandline
-v, --verbosity
increase verbosity (CRITICAL level by default), see also ‘-q'
-V, --volume VOLUME
volume to get metadata and encrypted keys from
-- mark the end of program's options and the beginning of FUSE's ones (useful if you
want to pass something like -d to FUSE)
ARGS are any arguments you want to pass to FUSE. Note that you need to pass at least the
mount-point.
FVEK FILE
The FVEK file option expects a specific format from the file. The file is split into two ma‐
jor parts:
- 2 bytes describing the encryption in use, from 0x8000 to 0x8003 for AES 128 or 256
bits, with or without diffuser.
- 64 bytes (512 bits) which are the FVEK as in the FVEK key protector once decrypted.
The file is therefore 66 bytes long, not more nor less. Note that you may have to deal with
endianness.
EXAMPLES
These are examples you can run directly. First, you may want to copy the BitLocker volume:
% dd if=/dev/sda2 of=encrypted.bitlocker
This will copy the entire volume located into /dev/sda2 to encrypted.bitlocker.
You're not forced to do this step, but this will ensure no write whatsoever is per‐
formed on the BitLocker volume.
Then dislock it:
% dislocker -V encrypted.bitlocker -f /path/to/usb/file.BEK -- /mnt/ntfs
This will create a file into /mnt/ntfs named dislocker-file.
To mount partitions once decrypted, use this sort of line:
% mount -o loop /mnt/ntfs/dislocker-file /mnt/clear
--
It seems that you have to unmount the NTFS partition and the dislocker one before halting
the system, or you will run into unexpected behaviour. In order to do so, you may run these
commands (replacing your mount points):
% umount /mnt/clear && umount /mnt/ntfs/dislocker-file
--
Note that these are examples and, as such, may need to be modified. For instance, you may
want to change the decryption method used in them.
AUTHOR
This tool is developed by Romain Coltel on behalf of HSC (http://www.hsc.fr/)
Feel free to send bugs report to <dislocker __AT__ hsc __DOT__ fr>
Linux 2011-09-07 DISLOCKER-FUSE(1)
Please Note:
Code:
It seems that you have to unmount the NTFS partition and the dislocker one before halting
the system, or you will run into unexpected behaviour. In order to do so, you may run these
commands (replacing your mount points):
% umount /mnt/clear && umount /mnt/ntfs/dislocker-file
Originally Posted by
tea for one
+1 To all the above