Carlos E. R. wrote:

I hope that I can reduce the partition size a bit from the Windows side to install Linux internally.

Depending on what Linux is needed for, you could configure the Linux subsystem, and then run openSUSE later in hyper-V or use the Ubuntu shell. -- Per Jessen, Zürich (15.6°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On 9/4/20 6:15 AM, Carlos E. R. wrote:

if Windows is borked

If??? ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On 9/3/20 10:08 PM, Carlos E. R. wrote:

On Thursday, 2020-09-03 at 19:06 -0400, DennisG wrote:

...

On 9/3/20 6:51 PM, Carlos E. R. wrote:

...

   p1    260 MB  EFI    p2     16 MB  Microsoft reserved partition    p3    475 GiB Bitlocker Partition    p4      1 G   NTFS Partition

...

It's the Windows feature that encrypts an entire volume.  IIRC without the password or a recovery key, I'm not sure you can access it in any way from Windows (but I think you can wipe the whole disk though in Windows).  I've read that Linux can delete the partition, but never tried it.

I feared that.

Windows has not yet been initialized, there are no users so no passwords yet. I'm making now a dd image of the disk from Linux installed on an external disk before touching anything.

Well, this means I can not use partclone to backup the Windows side as I intended.

I hope that I can reduce the partition size a bit from the Windows side to install Linux internally.

Or tell your friend if they have any want for that windows install, they need to shell out another $55 for another 500G SSD to install to and put the windows bitlockered one in a drawer for later user :) -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Le 04/09/2020 à 12:19, Carlos E. R. a écrit :

Of course, I could image it all, then format it with a default Windows.

pipe dd through zip and save storage. any rescue system can do that jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On 04/09/2020 12.37, Carlos E. R. wrote:

On 04/09/2020 12.22, jdd@dodin.org wrote:

...

Le 04/09/2020 à 12:19, Carlos E. R. a écrit :

...

Of course, I could image it all, then format it with a default Windows.

pipe dd through zip and save storage. any rescue system can do that

heh heh :-)

The external disk has the big data partition formatted btrfs and mounted with compression :-D

Not a big ratio, though (p3 is the big one):

Rescate:~ # compsize --bytes /storage/Original/nvme0n1p1 Type       Perc     Disk Usage   Uncompressed Referenced TOTAL       98%     268566528    272629760    272629760 none       100%     268435456    268435456    268435456 zlib         3%     131072       4194304      4194304 Rescate:~ # compsize --bytes /storage/Original/nvme0n1p2 Type       Perc     Disk Usage   Uncompressed Referenced TOTAL      100%     16777216     16777216     16777216 none       100%     16777216     16777216     16777216 Rescate:~ # compsize --bytes /storage/Original/nvme0n1p3 Type       Perc     Disk Usage   Uncompressed Referenced TOTAL       99%     510765727744 510770806784 510770806784 none       100%     510765563904 510765563904 510765563904 zlib         3%     163840       5242880      5242880 Rescate:~ # compsize --bytes /storage/Original/nvme0n1p4 Type       Perc     Disk Usage   Uncompressed Referenced TOTAL      100%     1048576000   1048576000   1048576000 none       100%     1048576000   1048576000   1048576000 Rescate:~ #

I'm just running another test. Partition #3 took 90 minutes to copy with this line: time dd if=/dev/nvme0n1p3 of=nvme0n1p3 oflag=direct bs=16M 30444+1 records in 30444+1 records out 510770806784 bytes (511 GB, 476 GiB) copied, 5650.23 s, 90.4 MB/s real 94m10.230s user 0m0.305s sys 9m0.559s Now using: time dd if=/dev/nvme0n1p3 status=progress bs=16M | pigz > nvme0n1p3.gz it took 26 minutes! 510597791744 bytes (511 GB, 476 GiB) copied, 1583 s, 323 MB/s 30444+1 records in 30444+1 records out real 26m24.476s user 119m37.582s sys 8m49.707s The source media is internal nvme M2, while the destination is rotating rust (small factor) external disk over usb3. Processor is: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz Apparently 8 cores. Size is: nvme0n1p3 476 G GiB or 511G GB nvme0n1p3.gz 14 GiB or 15G This fits with the recommended size for the Windows created factory restore disk. Most of the partition most be zeroes. Then btrfs is compressing very badly, or compsize is wrong or... I don't know what. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)

On 9/3/20 7:23 PM, Ralph wrote:

On Fri, 4 Sep 2020 00:51:19 +0200 (CEST) "Carlos E. R." wrote:

...

I'm preparing a new laptop for a friend. First thing, I'm installing Leap 15.2 on an external disk, which I will use to image the original disk. During install, I look at the internal disk (nvme), and I see:

p1 260 MB EFI p2 16 MB Microsoft reserved partition p3 475 GiB Bitlocker Partition p4 1 G NTFS Partition

The problem is p3. It can not be mounted, at least during install. What is that bitlocker thing? An encrypted Windows installation, most likely.

Ralph

Can you look at it and perhaps modify it with gparted? I just recently installed OpenSUSE-Tumbleweed on a new computer that came with Windows, and I don't recall such a partition--if I remember correctly, no partition had that name. I could open a very large partition and modify it with gparted and I shrunk it down to about 50 GiB, which allowed it to contain some small amount of Windows user space, and made the rest into ext4, on which I installed Linux. I did make two ext4 partitions, but the Suse installation did not like them for some reason and repartitioned that section, but kept the ext4 paradigm instead of the new format that Suse seems to like. I'm told that the Microsoft magic number is contained in the BIOS now, so if you screw up and have to reinstall Windows, it should not be a problem. Just to be sure, you might want to check with the source of your machine. (That's if you did not get a disk, with an installation number.) --doug -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On 04/09/2020 06.00, Lew Wolfgang wrote:

On 9/3/20 3:51 PM, Carlos E. R. wrote:

...

Hi,

I'm preparing a new laptop for a friend. First thing, I'm installing Leap 15.2 on an external disk, which I will use to image the original disk. During install, I look at the internal disk (nvme), and I see:

  p1    260 MB  EFI   p2     16 MB  Microsoft reserved partition   p3    475 GiB Bitlocker Partition   p4      1 G   NTFS Partition

The problem is p3. It can not be mounted, at least during install. What is that bitlocker thing?

I will have to image it with dd as backup. Will I be able to resize it to install Linux on that disk later?

Carlos, someone must have activated Bitlocker encryption on purpose, it doesn't come like that on a new computer.  If whoever set it up doesn't remember the key, there might be ways to recover it.  Check here:

It is a new computer, I did the purchasing. A «Lenovo ThinkPad E15 Intel Core i5-10210U/8GB/512GB SSD/15.6"». Factory state.

https://support.microsoft.com/en-us/help/4530477/windows-10-finding-your-bit...

Another thought, perhaps the Bitlocker key is being kept in a TPM module on the motherboard.  Does the laptop boot up without having to enter a key?  If so, maybe you could boot into Windows and possibly recover the key somehow there?

It certainly boots and prompts for the initial Windows setup. Not for a password.

Note that Linux doesn't care what it is, it will happily allow you to move things around.  Of course, that might break Windows.

I can not risk breaking Windows.

You could also boot into Leap's ram-resident rescue system, mount an external disk, and use dd to make an image of the whole laptop disk.

Which is what I did. But I can not use partclone.ntfs as I intended.

You could then use the laptop disk for a Leap install. The saved image could then be moved back to the laptop in the future if necessary.  I've done this before too.

No, the owner needs Windows, it is me who also wants Linux there, for emergencies. I will do the maintenance.

Also note that there's a Bitlocker package for Linux called "dislocker". I've used it myself a time or two, but you need to know the encryption key.

Ah! This is interesting.

https://linux.die.net/man/1/dislocker

I will have to find out when the encryption key is created. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)

Am 07.09.20 um 15:15 schrieb Adam Majer:

...

No, the owner needs Windows, it is me who also wants Linux there, for emergencies. I will do the maintenance.

Have you considered to leave Windows as-is and install openSUSE in Windows?

  https://en.opensuse.org/openSUSE:WSL

- Adam

As a rescue system? not a good idea... simoN -- www.becherer.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

El 2020-09-07 a las 09:53 -0400, James Knott escribió:

On 9/7/20 9:46 AM, Simon Becherer wrote:

...

As a rescue system? not a good idea...

For a rescue system, you want to boot from something else.  You can create an openSUSE rescue USB stick or do similar with SystemRescueCd, which has more tools than openSUSE rescue. https://www.system-rescue-cd.org

I also have a 2 TB external disk, with a bootable openSUSE, plus a large btrfs partition, encrypted and compressed :-) There are two types of emergencies I consider. One, some fatal problem in Windows. Well, the user can still boot Linux that lives in the same machine, and keep working, with some guidance over the phone. The other emergency is "bring me the machine", and I overwrite with the saved image. Or I instruct someone over the phone to do it. Oh, and a third type is "can you do (whatever) for me?". I then can choose to do it on Windows or Linux. -- Cheers Carlos E. R. (from openSUSE Leap 15.1 x86_64 (Minas Tirith))

On 04/09/2020 06.00, Lew Wolfgang wrote:

On 9/3/20 3:51 PM, Carlos E. R. wrote:

Also note that there's a Bitlocker package for Linux called "dislocker". I've used it myself a time or two, but you need to know the encryption key.

https://linux.die.net/man/1/dislocker

That's a man page. Where does one get the package? There is no wikipedia page on "dislocker", which I find very strange. Googling, I see references to a fuse rpm, a fedora package... Nothing for openSUSE. Wait. openSUSE search finds nothing, but google "install dislocker opensuse" finds a home repo. Well, I installed dislocker from a home repo. Let's see if it works. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)

On 04/09/2020 12.53, Ariez Vachha - openSUSE wrote:

Hi,

Try this can't remember where I got it from but it works for me.

I found you can leave the password blank if you did not set one up at install time.

  * Install dislocker

  * Make mount points e.g.:       o mkdir /mnt/bitlocker       o mkdir /mnt/bitlockermount

  * Unlock the filesystem with dislocker (/see man page for full details/)       o dislocker <partition> -u<password> -- /mnt/bitlocker           + Filesystem will be unlocked as a file             /mnt/bitlocker/dislocker-file

Bad luck: Rescate:~ # dislocker -v -v /dev/nvme0n1p3 -- /mnt/bitlocker Sat Sep 5 13:33:52 2020 [ERROR] Failed to read in #3: Bad address Sat Sep 5 13:33:52 2020 [ERROR] get_eow_information::Error, not all bytes read: -1, -8 expected (2). Sat Sep 5 13:33:52 2020 [ERROR] Getting EOW information at offset caef000 failed Sat Sep 5 13:33:52 2020 [ERROR] EOW volume GUID not supported. Sat Sep 5 13:33:52 2020 [CRITICAL] Cannot parse volume header. Abort. Rescate:~ # Oh, well... -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)

On 05/09/2020 13.57, Patrick Shanahan wrote:

* Carlos E. R. <> [09-05-20 07:39]:

...

Oh, well...

I see several different packages available, perhaps you might try another:

07:52 crash:~ > opi dislocker Searching... 1. dislocker 2. libdislocker0_7 3. dislocker-devel Choose a number(0 to quit): 1 You have selected package name: dislocker 1. home:bmanojlovic ! | 0.7.1 | x86_64 2. home:sohraun ! | 0.7.1 | x86_64 3. home:GroverChouT ! | git.1574246216.339733f | x86_64 4. home:belphegor_belbel ! | git.1564125596.bc513ab | x86_64 5. home:sohraun ! | 0.7.1 | i586 6. home:GroverChouT ! | git.1574246216.339733f | i586 7. home:belphegor_belbel ! | git.1564125596.bc513ab | i586

but the search was on Tw.

On Leap 15.2 there are two, they seem the same version. Anyway, I expect that when I actually initialize the Windows side it should create a password and a recovery key. Perhaps it fails because it has not been initialized. The owner does not like passwords, she will not be thrilled to find she has to learn another one. I did not anticipate this bitlocker thing. At worst, she may ask me to remove it some day. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)

On 05/09/2020 18.27, Lew Wolfgang wrote:

On 9/5/20 5:22 AM, Carlos E. R. wrote:

...

On Leap 15.2 there are two, they seem the same version.

Anyway, I expect that when I actually initialize the Windows side it should create a password and a recovery key. Perhaps it fails because it has not been initialized.

The owner does not like passwords, she will not be thrilled to find she has to learn another one. I did not anticipate this bitlocker thing. At worst, she may ask me to remove it some day.

Be sure to report what you find, Carlos.  While I'm not that familiar with Windows I really don't think that a partition is encrypted by default on a new system.  Someone has to proactively do it.  I don't even think the full version comes with the Windows 10 Home Edition.

It is Windows 10 Pro, this model is aimed at the enterprise, or in this case, work at home. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)

On Sat, 5 Sep 2020 23:06:25 +0300 Andrei Borzenkov wrote:

05.09.2020 19:27, Lew Wolfgang пишет:

...

Be sure to report what you find, Carlos.  While I'm not that familiar with Windows I really don't think that a partition is encrypted by default on a new system.

In the whole thread there was no single evidence that something was actually encrypted.

I'm not sure what you're looking for, Andrei? The thread staretd with Carlos asking about a 'Bitlocker' partition, which the first hit on google and numerous comments in the thread say is an encrypted partition used by Windows. Are you suggesting that the partition tools are reporting a 'Bitlocker Partition' wrongly, or that contrary to all available evidence a Bitlocker Partition does not contain encrypted data? And to what possible end? Does it matter whether the data is or is not actually encrypted? How do you mount it, or resize it? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On 9/5/20 1:41 PM, Patrick Shanahan wrote:

* Dave Howorth [09-05-20 16:30]:

...

On Sat, 5 Sep 2020 23:06:25 +0300 Andrei Borzenkov wrote:

...

In the whole thread there was no single evidence that something was actually encrypted. I'm not sure what you're looking for, Andrei? The thread staretd with Carlos asking about a 'Bitlocker' partition, which the first hit on google and numerous comments in the thread say is an encrypted partition used by Windows. Are you suggesting that the partition tools are reporting a 'Bitlocker Partition' wrongly, or that contrary to all available evidence a Bitlocker Partition does not contain encrypted data? And to what possible end? Does it matter whether the data is or is not actually encrypted? How do you mount it, or resize it? or perhaps a container encryption would be and not yet activated as such.

Carlos originally said:   I'm preparing a new laptop for a friend. First thing, I'm installing Leap   15.2 on an external disk, which I will use  to image the original disk.   During install, I look at the internal disk (nvme), and I see:   p1    260 MB  EFI   p2     16 MB  Microsoft reserved partition   p3    475 GiB Bitlocker Partition   p4      1 G   NTFS Partition   The problem is p3. It can not be mounted, at least during install. What is   that bitlocker thing?   I will have to image it with dd as backup. Will I be able to resize it to install   Linux on that disk later? So the partition can't be mounted, which implies that something is going on. It certainly wouldn't be resizable with Linux.  I wonder what that 1-GB NTFS partition is for?  Have you tried mounting p4, Carlos? Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

06.09.2020 05:08, Carlos E. R. пишет:

On 05/09/2020 22.06, Andrei Borzenkov wrote:

...

05.09.2020 19:27, Lew Wolfgang пишет:

...

Be sure to report what you find, Carlos.  While I'm not that familiar with Windows I really don't think that a partition is encrypted by default on a new system.

In the whole thread there was no single evidence that something was actually encrypted.

And how can I know if it is encrypted or not? I only know the name I see in the partition list, and the fact that Linux is unable to mount it.

But it happens that you are right, it is an encrypted partition that has not yet been encrypted... Windows tells me that they will tell me the key after I create a Microsoft account (something I hate, I created some local accounts only, before hitting on this information). I can post tomorrow a photo with the messages, in Spanish, with my translation. Now I'm going to bed ;-)

It seems that today Windows always creates bitlocker container by default (if system meets certain prerequisites), it is just not active (i.e. encrypted). It is called Bitlocker Device Encryption. And it can also automatically encrypt it later ... https://docs.microsoft.com/en-us/windows/security/information-protection/bit... https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/... The first URL also describes how to disable automatic encryption. Still it means that drive layout is not compatible and content may not be accessible by external software. To completely remove bitlocker you would need to first complete activation (i.e. encrypt it), obtain recovery key and disable bitlocker. That should remove it completely leaving normal partition.

06.09.2020 09:59, Andrei Borzenkov пишет:

...

It seems that today Windows always creates bitlocker container by default (if system meets certain prerequisites), it is just not active (i.e. encrypted). It is called Bitlocker Device Encryption. And it can also automatically encrypt it later ...

https://docs.microsoft.com/en-us/windows/security/information-protection/bit...

https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/...

I tried to test it in QEMU with software emulated TPM, unfortunately almost all prerequisites failed, and I do not know whether this is simply not implemented or just qemu invocation was wrong.

The first URL also describes how to disable automatic encryption.

Still it means that drive layout is not compatible and content may not be accessible by external software. To completely remove bitlocker you would need to first complete activation (i.e. encrypt it), obtain recovery key and disable bitlocker. That should remove it completely leaving normal partition.

Bitlocker volume is actually NTFS with different superblock (where only some fields are changed). When you disable it for a drive, superblock is reverted back to NTFS. bor@bor-Latitude-E5450:~/src/util-linux$ ./blkid --probe --offset $[512*239616] ~/vm/w10/hd0.raw /home/bor/vm/w10/hd0.raw: VERSION="2" TYPE="BitLocker" USAGE="crypto" bor@bor-Latitude-E5450:~/src/util-linux$ ./blkid --probe --offset $[512*239616] ~/vm/w10/hd0.raw /home/bor/vm/w10/hd0.raw: BLOCK_SIZE="512" UUID="08BC45ACBC4594DA" TYPE="ntfs" USAGE="filesystem" bor@bor-Latitude-E5450:~/src/util-linux$ It should be relatively easy to get read access to not-yet-encrypted container by overlaying the first sector with valid NTFS superblock. I do not know how to manually create such container so I cannot test it. Of course, writing to such partition would be highly discouraged as it could overwrite bitlocker metadata.

06.09.2020 18:41, Carlos E. R. пишет:

On 06/09/2020 16.35, Andrei Borzenkov wrote:

...

04.09.2020 01:51, Carlos E. R. пишет:

...

Hi,

I'm preparing a new laptop for a friend. First thing, I'm installing Leap 15.2 on an external disk, which I will use to image the original disk. During install, I look at the internal disk (nvme), and I see:

   p1    260 MB  EFI    p2     16 MB  Microsoft reserved partition    p3    475 GiB Bitlocker Partition    p4      1 G   NTFS Partition

The problem is p3. It can not be mounted, at least during install. What is that bitlocker thing?

Can you show output of

manage-bde -status

from Windows?

Attached :-)

Huh-oh... It is in Spanish. I'll try a "DeepL" translation:

Ignore unit D:, it is an USB stick.

PS C:\WINDOWS\system32> manage-bde -status BitLocker Drive Encryption: Configuration Tool Version 10.0.19041 Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Disc Volumes that can be protected with Drive Encryption BitLocker: Volume C: [Windows] Operating System Volume].

    Size: 392.68 GB     BitLocker Version: 2.0     Conversion status: Encryption of used space only     Encrypted percentage: 100.0%     Encryption method: XTS-AES 128     Protection status: Protection disabled

OK, so it means it is actually encrypted but key is not protected and stored in the clear somewhere in metadata.

    Locked status: Unlocked     Identification field: Unknown     Key protectors: none

When protection is enabled you will see here how keys are protected. It could be TPM, or password or PIN etc. This is actually the worst state. While it does not actually protect anything, it makes it impossible to work with partition without going via bitlocker layer. It is intended as temporary measure so you can move drive between systems without re-encrypting everything. I still ask myself how access to key is guarded while in this state - because if you manage to obtain it, you have offline access to data even after protection *is* activated.And because key must be somewhere in metadata, it is enough to have raw access to partition. If you do not plan to actually use bitlocker encryption, consider turning bitlocker off. If GUI does not offer it, manage-bde -off C: will convert partition back to normal NTFS. This /should/ be safe in-place conversion which preserves existing data.

06.09.2020 19:22, Carlos E. R. пишет:

If I deactivate it, can somebody or something activate it again, and lock the owner out?

Of course it is possible to activate it if something manages to run manage-bde with sufficient privileges. Do not work as root applies to Windows just as well, and UAC is annoying but adds extra protection requiring interactive confirmation. I just destroyed my test VM by testing what happens if I boot using removable medium. Well, good thing is Windows does not unlock drive automatically. Bad thing is it insisted on recovery key even after I removed removable medium and of course I did not preserve it. While Windows will not allow to store recovery key on encrypted drive, it will allow you to print it into file on the same drive ...

El 2020-09-06 a las 19:01 +0200, Carlos E. R. escribió:

On 06/09/2020 18.31, Andrei Borzenkov wrote:

...

06.09.2020 19:22, Carlos E. R. пишет:

...

- installing Linux on small internal partition (for my use and maybe emergencies) - taking an image of it all - booting windows again and trying to deactivate bitlocker. - taking an image of it all, again (symlink to Linux side perhaps)

Just to mention that the conversion on the Windows side was easy and fast. I have photos if wanted, but the text is in Spanish. The interface wants to proceed using a M$ account, but there is a click below to access the administration of BitLocker. I did that. Then I clicked on activate. It prompted me to save the key on a M$ account (no!), and/or print it: I did both, but print to pdf. The file is text, but I had problems reading it in Linux. Each char seemed double or something. The PDF is clear enough. Then I clicked on activate the disk. It said it would take a few seconds. Correct. And then the configuration window displayed some different options, and the last one was "deactivate BitLocker". I did that; It said it could take some long minutes, but it actually finished in less than 5, perhaps 3. I saw disk activity at 414MB/s. Back on Linux, I could finally mount and see the Windows partition. This solves my problem :-) -- Cheers Carlos E. R. (from openSUSE Leap 15.1 x86_64 (Minas Tirith))