On 27/07/2022 17:52, Chris Murphy wrote:
On Wed, Jul 27, 2022, at 11:11 AM, Chris Adams wrote:
> Once upon a time, Neal Gompa <ngompa13(a)gmail.com> said:
>> My understanding is that Windows preloads are now blank-encrypted.
>> That is, there's a BitLocker volume wrapping the filesystem, even with
>> encryption turned off. It makes encrypting the disk later
>> significantly easier (it doesn't have to do filesystem resizing and
>> reallocation games).
>
> Huh, okay. It seems cryptsetup can't open it, but dislocker can.
You can do something like
dd if=/dev/nvme0n1p5 skip=1024000 count=2048 2>/dev/null | hexdump -C
And see if that 1MiB range looks like ciphertext (garbage) or plaintext. I wouldn't
be surprised if it's encrypted, and the encryption key itself isn't wrapped,
it's just exposed in the Bitlocker metadata in a way dislocker can discover and
cryptsetup can't (yet) - but I'm speculating.
> But this does mean that doing anything in anaconda based on detection of
> BitLocker being present should consider that...
Either libblkid or cryptsetup would need to learn how to differentiate between the two
kinds of Bitlocker volumes, in order for anaconda to have a chance of treating them
differently. I'm not sure what the consideration would be though.
If you report this as a bug for cryptsetup (with description how to create such Bitlocker
volume), we can check how to fix it.
Otherwise nothing happens :-)
The libblkid change will be perhaps simple once we understand metadata.
Milan