[SOLVED] Can't Boot Linux - No Option To Enable Legacy Boot

Diggs said:
I'm still coming to grips with the details of Bitlocker. Can the image be resized and put back on the same machine running Bitlocker or does it have to be a sector by sector clone?
Click to expand...
Probably sector by sector. Before you do work on a BitLocker drive you decrypt it. Turn it OFF! I don’t risk fraking it up.
 
nlinecomputers said:
Probably sector by sector. Before you do work on a BitLocker drive you decrypt it. Turn it OFF! I don’t risk fraking it up.
Click to expand...

Yes, but I usually pull the drive I am cloning/imaging and put it on a bench machine. I rarely if ever image in place.
 
Markverhyden said:
But if it's a failing drive and the customer wants the data then the fastest way is the best.
Click to expand...
..and also most profitable - assuming it works. Every job transferring data from a less-than-perfect drive is a judgement call. In an ideal world where time didn't matter - every one would go onto the linux machine where we could let ddrescue do its thing - but we don't live in an ideal world. Time does matter. As a result, you have to decide at the beginning how to proceed -
  • Boot the failing machine and backup the data to an external,
  • extract the drive & slave it to the customer's new machine and transfer the data directly
  • extract the drive & slave it to the Windows bench machine and copy the data to our own storage
  • extract the drive, mount it to the linux machine and copy the data to storage,
  • extract the drive, mount it to the linux machine and run ddrescue to make a clean image from which to get the data
  • Use fancier tools if you have them = rstudio, etc.
  • Do nothing beyond initial testing and send the drive to a data recovery company
The time spent on the process tends to go up (dramatically) as you proceed down that list - so to solve both variables in this equation (get the data successfully and profitably), you have to use your intuition and experience to pick the correct method at the beginning. The poorer your decision at the beginning, the less chance you have of a successful outcome for either goal.

If you are a data recovery specialist - this doesn't apply, of course (well, I'm guessing anyway) - in that case, getting the data successfully is the overriding goal for all jobs - plus human nature says that someone will have tried other methods unsuccessfully before sending the drive to you. In that case, use the fancier tools and charge accordingly to meet the profit goal. But for the rest of us, many data recovery attempts would not be approved at all if we took that approach. Ergo, back to the list. The key to being successful is to do more of these - haha. Having more experience gives you better intuition and you choose correctly more often = happy customer and more profit.
 
Diggs said:
Yes, but I usually pull the drive I am cloning/imaging and put it on a bench machine. I rarely if ever image in place.
Click to expand...
You will need to decrypt the drive in Windows before you pull it. Or use a WinPE disk or Windows based system that can decrypt the drive as you work on it.
 
Diggs said:
I'm still coming to grips with the details of Bitlocker. Can the image be resized and put back on the same machine running Bitlocker or does it have to be a sector by sector clone?
Click to expand...

That depends on the encryption tech used. Bitlocker device encryption doesn't actually encrypt the partition, it encrypts files but only in certain folders. The full bitlocker that does the entire disk does everything but just enough to let the system boot.

As to the specific procedure, it depends on your tools. Most imaging systems should be well versed in bitlocker by now, but we've all (and I'm including myself here) not imaged enough of these things to be comfortable yet.

I will say that in my lab testing I've not run into any major issues with Storagecraft, or Macrium based images, and I've never done the sector by sector. Who has time for that?
 
Sky-Knight said:
That depends on the encryption tech used. Bitlocker device encryption doesn't actually encrypt the partition, it encrypts files but only in certain folders. The full bitlocker that does the entire disk does everything but just enough to let the system boot.

As to the specific procedure, it depends on your tools. Most imaging systems should be well versed in bitlocker by now, but we've all (and I'm including myself here) not imaged enough of these things to be comfortable yet.

I will say that in my lab testing I've not run into any major issues with Storagecraft, or Macrium based images, and I've never done the sector by sector. Who has time for that?
Click to expand...
But Storagecraft and Macrium run in Windows or WinPE and to work with the partitions you will be prompted for the 25 digit key. If your cloning in Linux you will not be able to access the partition table or the files. The only option is a sector copy.
 
Markverhyden said:
My method is to use a bench top rig for everything as it'll have plenty of SATA ports.
Click to expand...

What follows is not meant as snark. This is lovely, if you have one and circumstances permit. Many of us don't, and often circumstances don't.

You're veering off into "what if land" every bit as much with the conjecture, "can't say that the rest of the patient machine is peachy-keen." I'd say that most of us here, including yourself, are pretty decent at determining this based on our observations and experiences and would change course, quickly, if we thought the machine as a whole were iffy. There's no evidence to support that one way or the other here, and my approach then is to assume OK unless identified otherwise.
 
nlinecomputers said:
ubuntu.com

Create a bootable USB stick with Rufus on Windows | Ubuntu

Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.
ubuntu.com ubuntu.com
Click to expand...

Did that with Ubuntu, Mint, Fedora, Puppy - none work. Tried different settings in Rufus.

Loaded Mint on another PC with no issues and transferred the data with no issue.

Love having immediate access to the files in C:/Users with Linux rather than waiting forever for Windows to change permissions to allow me to get into it.
 
Diggs said:
I'm still coming to grips with the details of Bitlocker. Can the image be resized and put back on the same machine running Bitlocker or does it have to be a sector by sector clone?
Click to expand...
An image obtained with in the mounted OS, say with Acronis or EaseUs, is a decrypted image. You can mount the drive as a slave on another MS OS machine (that supports BL), enter the BL password/key, and do the same thing. There's a Linux app, never used it, called dislocker that can handle BL. Both on the fly decryption as well as volume decryption.
 
Markverhyden said:
An image obtained with in the mounted OS, say with Acronis or EaseUs, is a decrypted image. You can mount the drive as a slave on another MS OS machine (that supports BL), enter the BL password/key, and do the same thing.
Click to expand...

I am not clear here if you are talking about two entirely separate things or not, though I suspect you are.

If, as you say, Acronis, EaseUS and the like is a decrypted image, there should be no need for a key to access the contents thereof. And this is precisely what I'd want out of imaging the machine before a nuke & pave. I don't want to have to deal with encryption, period, in the backup image.

I do know that you can do precisely as you say with a system drive from the encrypted machine, connecting it as a slave on another system that supports BitLocker, and get stuff off of it if you have the BitLocker key necessary to do so. It's that last part that's often the sticking point.
 
Appletax said:
Love having immediate access to the files in C:/Users with Linux rather than waiting forever for Windows to change permissions to allow me to get into it.
Click to expand...
In Windows you can:
- Use robocopy with /B (backup mode) to bypass permissions.
- Use a utility like TreeSize to bypass permissions
- Use Fabs AutoBackup which bypasses permissions.
 
britechguy said:
I am not clear here if you are talking about two entirely separate things or not, though I suspect you are.

If, as you say, Acronis, EaseUS and the like is a decrypted image, there should be no need for a key to access the contents thereof. And this is precisely what I'd want out of imaging the machine before a nuke & pave. I don't want to have to deal with encryption, period, in the backup image.

I do know that you can do precisely as you say with a system drive from the encrypted machine, connecting it as a slave on another system that supports BitLocker, and get stuff off of it if you have the BitLocker key necessary to do so. It's that last part that's often the sticking point.
Click to expand...
When you are booted into Windows your BitLocker drive is automatically decrypted. If you copy a file off the computer onto a floppy, USB key, upload to Dropbox, Box, OneDrive, whatever or email the file in stays decrypted. If you run a backup program IN WINDOWS the files are decrypted inside of whatever format/file/image used by said program. If you backup an entire image IN WINDOWS and restore the image that image will be decrypted and that system will boot up with a BitLocker error because the registry will have recorded the system was encrypted and it is suddenly now not.

Some backup programs have WinPE boot media. So if you run them and input the 25 digit key it’s just like running a the backup in Windows. See the above paragraph.

If you are not running a BitLocker aware boot disk, or can’t get the proper key,the disk is seen as RAW in my experience. A true sector copy would be the only method that would work. And the copy would obviously be still encrypted.
 
I'm going to add this in there as an option, as I used to do this lots of times and had success, but again, you have to make the judgement call on how bad a drive is and the specific circumstances. Paragon Partition Manager can image a drive to a Virtual Format, as in, VHD so you can import it in a virtual machine. I have not tested it on a BitLocker Volume, but Paragon DOES have a WinPE based recovery media, so it's possible it will allow you to decrypt the volume and transfer it to a VHD. Plus, the cool thing about VHD is that it's much like an ISO, in that it's almost certainly readable on any version of Windows, and tools like Fabs will detect and work with it just fine when mounted. Plus, if you are worried, VHD can be mounted Read Only. A very versatile format. Plus, because the client's machine is now VHD (and Paragon has the option to alter the install to allow it to boot in virtual) you can import it, run it and grab settings and other data that you can't easily get from a non live instance of Windows.
 
If you're going to boot into a Windows based PE, you may as well simply mount the disk, input the recovery key, and then use disk2vhdx if you're going that route.
 
Appletax said:
Was talking about using Ventoy, not Rufus.
Click to expand...
Okay, my mistake, but that's not how to use Ventoy, either.

After preparing the Ventoy USB stick, just copy the .iso image to it – no mounting the .iso; no extracting files – then use the stick to boot. Ventoy also supports Secure Boot, but it's disabled by default. Everything you need to know is in the docs.
 
britechguy said:
I am not clear here if you are talking about two entirely separate things or not, though I suspect you are.

If, as you say, Acronis, EaseUS and the like is a decrypted image, there should be no need for a key to access the contents thereof. And this is precisely what I'd want out of imaging the machine before a nuke & pave. I don't want to have to deal with encryption, period, in the backup image.

I do know that you can do precisely as you say with a system drive from the encrypted machine, connecting it as a slave on another system that supports BitLocker, and get stuff off of it if you have the BitLocker key necessary to do so. It's that last part that's often the sticking point.
Click to expand...
Technically the drive is not decrypted unless you specifically do that, which can take hours. Those back up programs are using on-the-fly decryption/encryption just like if you were using any other application, including opening files, explorer, etc. On demand. At least that's the way all FDE's, like FileVault, LUKS, Bitlocker, etc I've seen handle it. I do remember reading years ago where some so called FDE encryption didn't actually encrypt the entire drive, rather encrypting at the file level. Which is not how you want to do it.

A true FDE encrypts at the block level from beginning to end. When the bootloader/MBR starts and the key is injected it starts decrypting FAT which is when the OS starts booting. Each subsequent instruction instructs the system to decrypt files located according to FAT. Because file previews are common I'd bet that each window opened, say Explorer, will also decrypt all the files located inside.
 
You must log in or register to reply here.

Similar threads

LordX
Odd and Frustrating HP Laptop will NOT boot to Windows (But boots Linux)
Replies
7
Views
461
brandonkick
B
Appletax
Can't Boot from USB - HP EliteDesk 800 G2
Replies
2
Views
493
nlinecomputers
nlinecomputers
Appletax
[SOLVED] New HP Laptop Does Not Have WiFi During Win 11 Setup
2
Replies
27
Views
3K
Appletax
Appletax
HCHTech
Legacy boot, what did I ever do to you?
Replies
5
Views
3K
HCHTech
HCHTech
NJW
[SOLVED] Aspire ES-14 installation issues
Replies
1
Views
16K
NJW
NJW
Back
Top