However, my end goal involves the following:
- The first installation should be set to boot automatically as the default in whatever boot loader I am using and require NO pre-boot authentication.
- The second install should be on a partition encrypted with TrueCrypt using pre-boot authentiction.
- booting from removable devices will be disabled in BIOS in the final configuration - solution should not rely on keys or bootloaders on USB drives except those needed during initial install
- HP Pavillion w/Insyde BIOS
- single 240GB SSD
- no optical / floppy
- Stock Windows 7 bootloader in the MBR
- 100MB Windows 7 primary partition (system/boot)
- 32GB Windows 7 primary partition with OS installed
- 192GB Windows 7 primary partition with OS installed
If I simply install TrueCrypt while booted into the second operating system and configure it to encrypt only the 192GB partition, it will replace the bootloader on the MBR. According to the warnings in the installer, it will then require pre-boot authentication regardless of whether the target operating system is on an encrypted partition or not.
I believe grub4dos (or perhaps just grub?) can help me get around this but I'm not sure how to proceed.
My plan:
- Use TrueCrypt to encrypt the second operating system (192GB), letting it replace the bootloader in the MBR with it's own.
- Boot a live CD and save the TrueCrypt MBR to a file*.
- install grub4dos to the MBR
- configure grub4dos to have a menu behaving as described above. not sure how to do this yet.
- configure first option to boot first Windows 7**
- configure second option to chainload to the TrueCrypt mbr file which performs PBA and then boots the second Windows 7
- Is grub4dos the right tool or could/should I use grub/grub2?
- * Can I put the truecrypt mbr file in on the 100MB Windows partition or do I need to create a new boot partition for grub4dos to find the truecrypt boot loader on?
- ** Can grub4dos boot Windows 7 or must it chainload to a Windows boot loader?