On Wed, Jul 27, 2022, at 1:17 PM, Milan Broz wrote:
On 27/07/2022 17:52, Chris Murphy wrote:
> On Wed, Jul 27, 2022, at 11:11 AM, Chris Adams wrote:
>> Once upon a time, Neal Gompa <ngompa13(a)gmail.com> said:
>>> My understanding is that Windows preloads are now blank-encrypted.
>>> That is, there's a BitLocker volume wrapping the filesystem, even with
>>> encryption turned off. It makes encrypting the disk later
>>> significantly easier (it doesn't have to do filesystem resizing and
>>> reallocation games).
>>
>> Huh, okay. It seems cryptsetup can't open it, but dislocker can.
>
> You can do something like
>
> dd if=/dev/nvme0n1p5 skip=1024000 count=2048 2>/dev/null | hexdump -C
>
> And see if that 1MiB range looks like ciphertext (garbage) or plaintext. I
wouldn't be surprised if it's encrypted, and the encryption key itself isn't
wrapped, it's just exposed in the Bitlocker metadata in a way dislocker can discover
and cryptsetup can't (yet) - but I'm speculating.
>
>
>> But this does mean that doing anything in anaconda based on detection of
>> BitLocker being present should consider that...
>
> Either libblkid or cryptsetup would need to learn how to differentiate between the
two kinds of Bitlocker volumes, in order for anaconda to have a chance of treating them
differently. I'm not sure what the consideration would be though.
>
If you report this as a bug for cryptsetup (with description how to
create such Bitlocker volume), we can check how to fix it.
Otherwise nothing happens :-)
Yeah that's what I meant by "(yet)" :D
--
Chris Murphy