Decrypting Bitlocker partiiton

entodoays · April 28, 2022, 4:30pm

I just installed Fedora 35 alongside Windows 11 and am trying to mount the “C:” drive that on Linux is /dev/nvmen10p3. I’m trying with Disks and it asks for the passphrase which I don’t have. I do have the recovery code though and this is what I was using on my previous Linux distro with dislocker.

I want to mount this partition when the system boots and in the past I had used two entries in fstab to achieve this. However, if I’m not able to decrypt manually, I doubt it will be possible to do so from fstab.

I’m trying to run the following command:

sudo dislocker /dev/nvme0n1p3 -pxxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx -- /mnt/OS

but I’m getting the following error:

[CRITICAL] No BitLocker volume path given. Abort.
free(): double free detected in tcache 2
Aborted

I’m sure the partition is the correct one.

Any clues on what I’m doing wrong?

computersavvy · April 28, 2022, 4:46pm

Is the windows partition actually locked with bitlocker?

If not then you should be able to mount it with the command sudo mount -t ntfs /dev/nvme0n1p3 /mnt/OS.
That message seems to indicate that either the command line structure is incorrect or the partition is not actually locked.

I don’t use bitlocker in any form but the message seems clear.

entodoays · April 28, 2022, 7:40pm

Gnome Disks shows the partition as encrypted.

vtrefny · April 29, 2022, 4:36am

You can use the recovery passphrase, just copy it in the passphrase entry when prompted.

You can also use cryptsetup directly with the recovery key saved in a key file (this needs to be a file with just the recovery passphrase without trailing newline, the recovery key file from Windows won’t work).

sudo cryptsetup bitlkOpen /dev/nvme0n1p3 <name> --key-file <file>

and then mount the ntfs filesystem “inside” using mount

sudo mount /dev/mapper/<name> /mnt/OS

entodoays · April 29, 2022, 6:25am

This worked perfectly. Now I wish to make this drive mount on every boot. How do I do this? How to include this drive in fstab?

entodoays · April 29, 2022, 12:28pm

I tried using this guide as inspiration by creating the /etc/crypttab file and add the following line:

nvme0n1p3 /dev/disk/by-uuid/<UUID-from-blkid> /home/user/<file containing recovery key> bitlkOpen

and then adding the following line to /etc/fstab:

/dev/mapper/nvme0n1p3 /mnt/OS auto defaults

I ended up in emergency mode after rebooting with both commands stuck and had to reverse the commands.

I tried modifying the files as follows:

Windows UUID=<UUID-from-blkid> /home/user/<file containing recovery key> bitlk

and

/dev/mapper/Windows /mnt/OS auto defaults

When I tried sudo mount -a I got the following error:

mount: /mnt/OS: special device /dev/mapper/Windows does not exist.

Any ideas what am I doing wrong?

vtrefny · April 29, 2022, 5:01pm

You can’t use UUID for BitLocker in /etc/crypttab because blkid doesn’t support parsing BitLocker UUID. You can use PARTUUID=, you can use sudo blkid -p /dev/nvme0n1p3 to get it (it’s called PART_ENTRY_UUID in blkid output). This is how it looks on my system with a BitLocker USB flash drive I use for testing:

$ sudo blkid -p /dev/sdb1
/dev/sdb1: VERSION="2" TYPE="BitLocker" USAGE="crypto" PART_ENTRY_SCHEME="dos" PART_ENTRY_UUID="b999ce8b-01" PART_ENTRY_TYPE="0x7" PART_ENTRY_NUMBER="1" PART_ENTRY_OFFSET="2048" PART_ENTRY_SIZE="204800" PART_ENTRY_DISK="8:16"

$ sudo tail -1 /etc/crypttab
bitlocker PARTUUID=b999ce8b-01 /home/vojta/bitlk-keyfile bitlk

Your /etc/fstab entry looks good, but for future testing I’d recommend adding the nofail option – without it the system won’t boot if the device doesn’t exist (it’s also handy for removable devices).

jakfrost · April 29, 2022, 7:22pm

Glad you got your solution, could you pick the actual comment that was the solution so others experiencing this same task can find the solution too?

entodoays · April 29, 2022, 10:31pm

Changing the UUID with PARTUUID solved the problem. Partition is mounting at boot. Thanks.

So in summary:

Get the partition’s PARTUUID with sudo blkid -p /dev/<partition>
Run sudo nano /etc/crypttab and add a line with

label PARTUUID=<your_part_uuid_here> <path_to_key_file_here> bitlk

Edit /etc/fstab adding a line

/dev/mapper/label <mount_point_here>  ntfs defaults,nofail

Test with sudo mount -a

anishjp · May 10, 2022, 10:21pm

Hi Entodo

Is your “fast startup” in windows11 ON or OFF?

entodoays · May 11, 2022, 4:49am

It is off.

Topic		Replies	Views
Full disk encryption: How can I automatically unlock via a USB key on Silverblue? Project Discussion silverblue-team	7	7589	August 7, 2023
FIDO and Fedora: crypttab disk (LUKS) nomenclature - F37 [Q R4.2] with Nitrokey 3 Ask Fedora f37	6	184	December 1, 2023
Fedora Encrypted Root With Automatic USB Key Unlocking? Ask Fedora gnome	0	235	August 10, 2023
Unlock Silverblue LUKS at boot with USB drive Project Discussion silverblue-team	1	887	April 7, 2022
Windows with encrypted disks (Bitlocker) can't be booted from the GRUB boot menu Common Issues f36 , f37 , f38 , dual-boot , boot , windows , grub , f39 , f40	0	10553	March 17, 2022

Decrypting Bitlocker partiiton

Related Topics