[opensuse] Strange partition on new computer
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm preparing a new laptop for a friend. First thing, I'm installing Leap 15.2 on an external disk, which I will use to image the original disk. During install, I look at the internal disk (nvme), and I see: p1 260 MB EFI p2 16 MB Microsoft reserved partition p3 475 GiB Bitlocker Partition p4 1 G NTFS Partition The problem is p3. It can not be mounted, at least during install. What is that bitlocker thing? I will have to image it with dd as backup. Will I be able to resize it to install Linux on that disk later? - -- Cheers Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCX1FzaBwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVHBgAnRVZuwEPhiGGb0SR8mW/ DQR8iwrTAJ99UfbZFIZeWOdtwiW/6OHMgug1kQ== =t2XP -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 9/3/20 6:51 PM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
I'm preparing a new laptop for a friend. First thing, I'm installing Leap 15.2 on an external disk, which I will use to image the original disk. During install, I look at the internal disk (nvme), and I see:
p1 260 MB EFI p2 16 MB Microsoft reserved partition p3 475 GiB Bitlocker Partition p4 1 G NTFS Partition
The problem is p3. It can not be mounted, at least during install. What is that bitlocker thing?
I will have to image it with dd as backup. Will I be able to resize it to install Linux on that disk later?
- -- Cheers
It's the Windows feature that encrypts an entire volume. IIRC without the password or a recovery key, I'm not sure you can access it in any way from Windows (but I think you can wipe the whole disk though in Windows). I've read that Linux can delete the partition, but never tried it. --dg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thursday, 2020-09-03 at 19:06 -0400, DennisG wrote:
On 9/3/20 6:51 PM, Carlos E. R. wrote:
p1 260 MB EFI p2 16 MB Microsoft reserved partition p3 475 GiB Bitlocker Partition p4 1 G NTFS Partition
It's the Windows feature that encrypts an entire volume. IIRC without the password or a recovery key, I'm not sure you can access it in any way from Windows (but I think you can wipe the whole disk though in Windows). I've read that Linux can delete the partition, but never tried it.
I feared that. Windows has not yet been initialized, there are no users so no passwords yet. I'm making now a dd image of the disk from Linux installed on an external disk before touching anything. Well, this means I can not use partclone to backup the Windows side as I intended. I hope that I can reduce the partition size a bit from the Windows side to install Linux internally. -- Cheers, Carlos E. R. (from openSUSE 15.1 x86_64 at Telcontar)
Carlos E. R. wrote:
I hope that I can reduce the partition size a bit from the Windows side to install Linux internally.
Depending on what Linux is needed for, you could configure the Linux subsystem, and then run openSUSE later in hyper-V or use the Ubuntu shell. -- Per Jessen, Zürich (15.6°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/09/2020 08.03, Per Jessen wrote:
Carlos E. R. wrote:
I hope that I can reduce the partition size a bit from the Windows side to install Linux internally.
Depending on what Linux is needed for, you could configure the Linux subsystem, and then run openSUSE later in hyper-V or use the Ubuntu shell.
No, I want Linux there as an alternative system if Windows is borked, and in order to do backup/restore images of the Windows side. I intended to use partclone.ntfs for that purpose. If I can not see inside the partition, I'm left to use dd and clone the entire ~500 GB. I can make do with Linux installed in the external disk, of course. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On 9/3/20 10:08 PM, Carlos E. R. wrote:
On Thursday, 2020-09-03 at 19:06 -0400, DennisG wrote:
On 9/3/20 6:51 PM, Carlos E. R. wrote:
p1 260 MB EFI p2 16 MB Microsoft reserved partition p3 475 GiB Bitlocker Partition p4 1 G NTFS Partition
It's the Windows feature that encrypts an entire volume. IIRC without the password or a recovery key, I'm not sure you can access it in any way from Windows (but I think you can wipe the whole disk though in Windows). I've read that Linux can delete the partition, but never tried it.
I feared that.
Windows has not yet been initialized, there are no users so no passwords yet. I'm making now a dd image of the disk from Linux installed on an external disk before touching anything.
Well, this means I can not use partclone to backup the Windows side as I intended.
I hope that I can reduce the partition size a bit from the Windows side to install Linux internally.
Or tell your friend if they have any want for that windows install, they need to shell out another $55 for another 500G SSD to install to and put the windows bitlockered one in a drawer for later user :) -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/09/2020 08.24, David C. Rankin wrote:
On 9/3/20 10:08 PM, Carlos E. R. wrote:
Or tell your friend if they have any want for that windows install, they need to shell out another $55 for another 500G SSD to install to and put the windows bitlockered one in a drawer for later user :)
No, I can not ask that of her. I already convinced her for buying an external 2T hard disk for backups. It is me who will be using the Linux side to restore Windows eventually. And I do not want to open a machine that is not mine and altering the warranty. Of course, I could image it all, then format it with a default Windows. The idea of having the Windows partition encrypted is reasonable for a laptop, of course. It caught me by surprise, though. Altered my plans. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
Le 04/09/2020 à 12:19, Carlos E. R. a écrit :
Of course, I could image it all, then format it with a default Windows.
pipe dd through zip and save storage. any rescue system can do that jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/09/2020 12.22, jdd@dodin.org wrote:
Le 04/09/2020 à 12:19, Carlos E. R. a écrit :
Of course, I could image it all, then format it with a default Windows.
pipe dd through zip and save storage. any rescue system can do that
heh heh :-) The external disk has the big data partition formatted btrfs and mounted with compression :-D Not a big ratio, though (p3 is the big one): Rescate:~ # compsize --bytes /storage/Original/nvme0n1p1 Type Perc Disk Usage Uncompressed Referenced TOTAL 98% 268566528 272629760 272629760 none 100% 268435456 268435456 268435456 zlib 3% 131072 4194304 4194304 Rescate:~ # compsize --bytes /storage/Original/nvme0n1p2 Type Perc Disk Usage Uncompressed Referenced TOTAL 100% 16777216 16777216 16777216 none 100% 16777216 16777216 16777216 Rescate:~ # compsize --bytes /storage/Original/nvme0n1p3 Type Perc Disk Usage Uncompressed Referenced TOTAL 99% 510765727744 510770806784 510770806784 none 100% 510765563904 510765563904 510765563904 zlib 3% 163840 5242880 5242880 Rescate:~ # compsize --bytes /storage/Original/nvme0n1p4 Type Perc Disk Usage Uncompressed Referenced TOTAL 100% 1048576000 1048576000 1048576000 none 100% 1048576000 1048576000 1048576000 Rescate:~ # -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On 04/09/2020 12.37, Carlos E. R. wrote:
On 04/09/2020 12.22, jdd@dodin.org wrote:
Le 04/09/2020 à 12:19, Carlos E. R. a écrit :
Of course, I could image it all, then format it with a default Windows.
pipe dd through zip and save storage. any rescue system can do that
heh heh :-)
The external disk has the big data partition formatted btrfs and mounted with compression :-D
Not a big ratio, though (p3 is the big one):
Rescate:~ # compsize --bytes /storage/Original/nvme0n1p1 Type Perc Disk Usage Uncompressed Referenced TOTAL 98% 268566528 272629760 272629760 none 100% 268435456 268435456 268435456 zlib 3% 131072 4194304 4194304 Rescate:~ # compsize --bytes /storage/Original/nvme0n1p2 Type Perc Disk Usage Uncompressed Referenced TOTAL 100% 16777216 16777216 16777216 none 100% 16777216 16777216 16777216 Rescate:~ # compsize --bytes /storage/Original/nvme0n1p3 Type Perc Disk Usage Uncompressed Referenced TOTAL 99% 510765727744 510770806784 510770806784 none 100% 510765563904 510765563904 510765563904 zlib 3% 163840 5242880 5242880 Rescate:~ # compsize --bytes /storage/Original/nvme0n1p4 Type Perc Disk Usage Uncompressed Referenced TOTAL 100% 1048576000 1048576000 1048576000 none 100% 1048576000 1048576000 1048576000 Rescate:~ #
I'm just running another test. Partition #3 took 90 minutes to copy with this line: time dd if=/dev/nvme0n1p3 of=nvme0n1p3 oflag=direct bs=16M 30444+1 records in 30444+1 records out 510770806784 bytes (511 GB, 476 GiB) copied, 5650.23 s, 90.4 MB/s real 94m10.230s user 0m0.305s sys 9m0.559s Now using: time dd if=/dev/nvme0n1p3 status=progress bs=16M | pigz > nvme0n1p3.gz it took 26 minutes! 510597791744 bytes (511 GB, 476 GiB) copied, 1583 s, 323 MB/s 30444+1 records in 30444+1 records out real 26m24.476s user 119m37.582s sys 8m49.707s The source media is internal nvme M2, while the destination is rotating rust (small factor) external disk over usb3. Processor is: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz Apparently 8 cores. Size is: nvme0n1p3 476 G GiB or 511G GB nvme0n1p3.gz 14 GiB or 15G This fits with the recommended size for the Windows created factory restore disk. Most of the partition most be zeroes. Then btrfs is compressing very badly, or compsize is wrong or... I don't know what. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On Fri, 4 Sep 2020 00:51:19 +0200 (CEST)
"Carlos E. R."
I'm preparing a new laptop for a friend. First thing, I'm installing Leap 15.2 on an external disk, which I will use to image the original disk. During install, I look at the internal disk (nvme), and I see:
p1 260 MB EFI p2 16 MB Microsoft reserved partition p3 475 GiB Bitlocker Partition p4 1 G NTFS Partition
The problem is p3. It can not be mounted, at least during install. What is that bitlocker thing?
An encrypted Windows installation, most likely. Ralph -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 9/3/20 7:23 PM, Ralph wrote:
On Fri, 4 Sep 2020 00:51:19 +0200 (CEST) "Carlos E. R."
wrote: I'm preparing a new laptop for a friend. First thing, I'm installing Leap 15.2 on an external disk, which I will use to image the original disk. During install, I look at the internal disk (nvme), and I see:
p1 260 MB EFI p2 16 MB Microsoft reserved partition p3 475 GiB Bitlocker Partition p4 1 G NTFS Partition
The problem is p3. It can not be mounted, at least during install. What is that bitlocker thing? An encrypted Windows installation, most likely.
Ralph
Can you look at it and perhaps modify it with gparted? I just recently installed OpenSUSE-Tumbleweed on a new computer that came with Windows, and I don't recall such a partition--if I remember correctly, no partition had that name. I could open a very large partition and modify it with gparted and I shrunk it down to about 50 GiB, which allowed it to contain some small amount of Windows user space, and made the rest into ext4, on which I installed Linux. I did make two ext4 partitions, but the Suse installation did not like them for some reason and repartitioned that section, but kept the ext4 paradigm instead of the new format that Suse seems to like. I'm told that the Microsoft magic number is contained in the BIOS now, so if you screw up and have to reinstall Windows, it should not be a problem. Just to be sure, you might want to check with the source of your machine. (That's if you did not get a disk, with an installation number.) --doug -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 9/3/20 3:51 PM, Carlos E. R. wrote:
Hi,
I'm preparing a new laptop for a friend. First thing, I'm installing Leap 15.2 on an external disk, which I will use to image the original disk. During install, I look at the internal disk (nvme), and I see:
p1 260 MB EFI p2 16 MB Microsoft reserved partition p3 475 GiB Bitlocker Partition p4 1 G NTFS Partition
The problem is p3. It can not be mounted, at least during install. What is that bitlocker thing?
I will have to image it with dd as backup. Will I be able to resize it to install Linux on that disk later?
Carlos, someone must have activated Bitlocker encryption on purpose, it doesn't come like that on a new computer. If whoever set it up doesn't remember the key, there might be ways to recover it. Check here: https://support.microsoft.com/en-us/help/4530477/windows-10-finding-your-bit... Another thought, perhaps the Bitlocker key is being kept in a TPM module on the motherboard. Does the laptop boot up without having to enter a key? If so, maybe you could boot into Windows and possibly recover the key somehow there? Note that Linux doesn't care what it is, it will happily allow you to move things around. Of course, that might break Windows. You could also boot into Leap's ram-resident rescue system, mount an external disk, and use dd to make an image of the whole laptop disk. You could then use the laptop disk for a Leap install. The saved image could then be moved back to the laptop in the future if necessary. I've done this before too. Also note that there's a Bitlocker package for Linux called "dislocker". I've used it myself a time or two, but you need to know the encryption key. https://linux.die.net/man/1/dislocker Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/09/2020 06.00, Lew Wolfgang wrote:
On 9/3/20 3:51 PM, Carlos E. R. wrote:
Hi,
I'm preparing a new laptop for a friend. First thing, I'm installing Leap 15.2 on an external disk, which I will use to image the original disk. During install, I look at the internal disk (nvme), and I see:
p1 260 MB EFI p2 16 MB Microsoft reserved partition p3 475 GiB Bitlocker Partition p4 1 G NTFS Partition
The problem is p3. It can not be mounted, at least during install. What is that bitlocker thing?
I will have to image it with dd as backup. Will I be able to resize it to install Linux on that disk later?
Carlos, someone must have activated Bitlocker encryption on purpose, it doesn't come like that on a new computer. If whoever set it up doesn't remember the key, there might be ways to recover it. Check here:
It is a new computer, I did the purchasing. A «Lenovo ThinkPad E15 Intel Core i5-10210U/8GB/512GB SSD/15.6"». Factory state.
https://support.microsoft.com/en-us/help/4530477/windows-10-finding-your-bit...
Another thought, perhaps the Bitlocker key is being kept in a TPM module on the motherboard. Does the laptop boot up without having to enter a key? If so, maybe you could boot into Windows and possibly recover the key somehow there?
It certainly boots and prompts for the initial Windows setup. Not for a password.
Note that Linux doesn't care what it is, it will happily allow you to move things around. Of course, that might break Windows.
I can not risk breaking Windows.
You could also boot into Leap's ram-resident rescue system, mount an external disk, and use dd to make an image of the whole laptop disk.
Which is what I did. But I can not use partclone.ntfs as I intended.
You could then use the laptop disk for a Leap install. The saved image could then be moved back to the laptop in the future if necessary. I've done this before too.
No, the owner needs Windows, it is me who also wants Linux there, for emergencies. I will do the maintenance.
Also note that there's a Bitlocker package for Linux called "dislocker". I've used it myself a time or two, but you need to know the encryption key.
Ah! This is interesting.
I will have to find out when the encryption key is created. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
No, the owner needs Windows, it is me who also wants Linux there, for emergencies. I will do the maintenance.
Have you considered to leave Windows as-is and install openSUSE in Windows? https://en.opensuse.org/openSUSE:WSL - Adam -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am 07.09.20 um 15:15 schrieb Adam Majer:
No, the owner needs Windows, it is me who also wants Linux there, for emergencies. I will do the maintenance.
Have you considered to leave Windows as-is and install openSUSE in Windows?
https://en.opensuse.org/openSUSE:WSL
- Adam
As a rescue system? not a good idea... simoN -- www.becherer.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 9/7/20 9:46 AM, Simon Becherer wrote:
As a rescue system? not a good idea...
For a rescue system, you want to boot from something else. You can create an openSUSE rescue USB stick or do similar with SystemRescueCd, which has more tools than openSUSE rescue. https://www.system-rescue-cd.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
El 2020-09-07 a las 09:53 -0400, James Knott escribió:
On 9/7/20 9:46 AM, Simon Becherer wrote:
As a rescue system? not a good idea...
For a rescue system, you want to boot from something else. You can create an openSUSE rescue USB stick or do similar with SystemRescueCd, which has more tools than openSUSE rescue. https://www.system-rescue-cd.org
I also have a 2 TB external disk, with a bootable openSUSE, plus a large btrfs partition, encrypted and compressed :-) There are two types of emergencies I consider. One, some fatal problem in Windows. Well, the user can still boot Linux that lives in the same machine, and keep working, with some guidance over the phone. The other emergency is "bring me the machine", and I overwrite with the saved image. Or I instruct someone over the phone to do it. Oh, and a third type is "can you do (whatever) for me?". I then can choose to do it on Windows or Linux. -- Cheers Carlos E. R. (from openSUSE Leap 15.1 x86_64 (Minas Tirith))
El 2020-09-07 a las 15:15 +0200, Adam Majer escribió:
No, the owner needs Windows, it is me who also wants Linux there, for emergencies. I will do the maintenance.
Have you considered to leave Windows as-is and install openSUSE in Windows?
Interesting :-) I know about it, but I never remember the name. But the main purpose of this Linux partition is for emergencies, so I need a real system. -- Cheers Carlos E. R. (from openSUSE Leap 15.1 x86_64 (Minas Tirith))
On 04/09/2020 06.00, Lew Wolfgang wrote:
On 9/3/20 3:51 PM, Carlos E. R. wrote:
Also note that there's a Bitlocker package for Linux called "dislocker". I've used it myself a time or two, but you need to know the encryption key.
That's a man page. Where does one get the package? There is no wikipedia page on "dislocker", which I find very strange. Googling, I see references to a fuse rpm, a fedora package... Nothing for openSUSE. Wait. openSUSE search finds nothing, but google "install dislocker opensuse" finds a home repo. Well, I installed dislocker from a home repo. Let's see if it works. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
Hi, Try this can't remember where I got it from but it works for me. I found you can leave the password blank if you did not set one up at install time. * Install dislocker * Make mount points e.g.: o mkdir /mnt/bitlocker o mkdir /mnt/bitlockermount * Unlock the filesystem with dislocker (/see man page for full details/) o dislocker <partition> -u<password> -- /mnt/bitlocker + Filesystem will be unlocked as a file /mnt/bitlocker/dislocker-file * Now mount the filesystem file in the usual way o mount /mnt/bitlocker/dislocker-file /mnt/bitlockermount * To unmount o umount /mnt/bitlockermount o umount /mnt/bitlocker Cheers, Ariez ajv@opensuse.org On 04/09/2020 06:51, Carlos E. R. wrote:
Hi,
I'm preparing a new laptop for a friend. First thing, I'm installing Leap 15.2 on an external disk, which I will use to image the original disk. During install, I look at the internal disk (nvme), and I see:
p1 260 MB EFI p2 16 MB Microsoft reserved partition p3 475 GiB Bitlocker Partition p4 1 G NTFS Partition
The problem is p3. It can not be mounted, at least during install. What is that bitlocker thing?
I will have to image it with dd as backup. Will I be able to resize it to install Linux on that disk later?
-- Cheers
Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/09/2020 12.53, Ariez Vachha - openSUSE wrote:
Hi,
Try this can't remember where I got it from but it works for me.
I found you can leave the password blank if you did not set one up at install time.
* Install dislocker
* Make mount points e.g.: o mkdir /mnt/bitlocker o mkdir /mnt/bitlockermount
* Unlock the filesystem with dislocker (/see man page for full details/) o dislocker <partition> -u<password> -- /mnt/bitlocker + Filesystem will be unlocked as a file /mnt/bitlocker/dislocker-file
Bad luck: Rescate:~ # dislocker -v -v /dev/nvme0n1p3 -- /mnt/bitlocker Sat Sep 5 13:33:52 2020 [ERROR] Failed to read in #3: Bad address Sat Sep 5 13:33:52 2020 [ERROR] get_eow_information::Error, not all bytes read: -1, -8 expected (2). Sat Sep 5 13:33:52 2020 [ERROR] Getting EOW information at offset caef000 failed Sat Sep 5 13:33:52 2020 [ERROR] EOW volume GUID not supported. Sat Sep 5 13:33:52 2020 [CRITICAL] Cannot parse volume header. Abort. Rescate:~ # Oh, well... -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
* Carlos E. R.
On 04/09/2020 12.53, Ariez Vachha - openSUSE wrote:
Hi,
Try this can't remember where I got it from but it works for me.
I found you can leave the password blank if you did not set one up at install time.
* Install dislocker
* Make mount points e.g.: o mkdir /mnt/bitlocker o mkdir /mnt/bitlockermount
* Unlock the filesystem with dislocker (/see man page for full details/) o dislocker <partition> -u<password> -- /mnt/bitlocker + Filesystem will be unlocked as a file /mnt/bitlocker/dislocker-file
Bad luck:
Rescate:~ # dislocker -v -v /dev/nvme0n1p3 -- /mnt/bitlocker Sat Sep 5 13:33:52 2020 [ERROR] Failed to read in #3: Bad address Sat Sep 5 13:33:52 2020 [ERROR] get_eow_information::Error, not all bytes read: -1, -8 expected (2). Sat Sep 5 13:33:52 2020 [ERROR] Getting EOW information at offset caef000 failed Sat Sep 5 13:33:52 2020 [ERROR] EOW volume GUID not supported. Sat Sep 5 13:33:52 2020 [CRITICAL] Cannot parse volume header. Abort. Rescate:~ #
Oh, well...
I see several different packages available, perhaps you might try another: 07:52 crash:~ > opi dislocker Searching... 1. dislocker 2. libdislocker0_7 3. dislocker-devel Choose a number(0 to quit): 1 You have selected package name: dislocker 1. home:bmanojlovic ! | 0.7.1 | x86_64 2. home:sohraun ! | 0.7.1 | x86_64 3. home:GroverChouT ! | git.1574246216.339733f | x86_64 4. home:belphegor_belbel ! | git.1564125596.bc513ab | x86_64 5. home:sohraun ! | 0.7.1 | i586 6. home:GroverChouT ! | git.1574246216.339733f | i586 7. home:belphegor_belbel ! | git.1564125596.bc513ab | i586 but the search was on Tw. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/09/2020 13.57, Patrick Shanahan wrote:
* Carlos E. R. <> [09-05-20 07:39]:
Oh, well...
I see several different packages available, perhaps you might try another:
07:52 crash:~ > opi dislocker Searching... 1. dislocker 2. libdislocker0_7 3. dislocker-devel Choose a number(0 to quit): 1 You have selected package name: dislocker 1. home:bmanojlovic ! | 0.7.1 | x86_64 2. home:sohraun ! | 0.7.1 | x86_64 3. home:GroverChouT ! | git.1574246216.339733f | x86_64 4. home:belphegor_belbel ! | git.1564125596.bc513ab | x86_64 5. home:sohraun ! | 0.7.1 | i586 6. home:GroverChouT ! | git.1574246216.339733f | i586 7. home:belphegor_belbel ! | git.1564125596.bc513ab | i586
but the search was on Tw.
On Leap 15.2 there are two, they seem the same version. Anyway, I expect that when I actually initialize the Windows side it should create a password and a recovery key. Perhaps it fails because it has not been initialized. The owner does not like passwords, she will not be thrilled to find she has to learn another one. I did not anticipate this bitlocker thing. At worst, she may ask me to remove it some day. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On 9/5/20 5:22 AM, Carlos E. R. wrote:
On Leap 15.2 there are two, they seem the same version.
Anyway, I expect that when I actually initialize the Windows side it should create a password and a recovery key. Perhaps it fails because it has not been initialized.
The owner does not like passwords, she will not be thrilled to find she has to learn another one. I did not anticipate this bitlocker thing. At worst, she may ask me to remove it some day.
Be sure to report what you find, Carlos. While I'm not that familiar with Windows I really don't think that a partition is encrypted by default on a new system. Someone has to proactively do it. I don't even think the full version comes with the Windows 10 Home Edition. There are plenty of reference for running Bitlocker, this is but one: https://www.windowscentral.com/how-use-bitlocker-encryption-windows-10 I don't remember where I found the dislocker package, but I'm fairly sure it wasn't in any of the openSUSE repositories. I seem to recall it was written by a French guy. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/09/2020 18.27, Lew Wolfgang wrote:
On 9/5/20 5:22 AM, Carlos E. R. wrote:
On Leap 15.2 there are two, they seem the same version.
Anyway, I expect that when I actually initialize the Windows side it should create a password and a recovery key. Perhaps it fails because it has not been initialized.
The owner does not like passwords, she will not be thrilled to find she has to learn another one. I did not anticipate this bitlocker thing. At worst, she may ask me to remove it some day.
Be sure to report what you find, Carlos. While I'm not that familiar with Windows I really don't think that a partition is encrypted by default on a new system. Someone has to proactively do it. I don't even think the full version comes with the Windows 10 Home Edition.
It is Windows 10 Pro, this model is aimed at the enterprise, or in this case, work at home. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
05.09.2020 19:27, Lew Wolfgang пишет:
Be sure to report what you find, Carlos. While I'm not that familiar with Windows I really don't think that a partition is encrypted by default on a new system.
In the whole thread there was no single evidence that something was actually encrypted. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, 5 Sep 2020 23:06:25 +0300
Andrei Borzenkov
05.09.2020 19:27, Lew Wolfgang пишет:
Be sure to report what you find, Carlos. While I'm not that familiar with Windows I really don't think that a partition is encrypted by default on a new system.
In the whole thread there was no single evidence that something was actually encrypted.
I'm not sure what you're looking for, Andrei? The thread staretd with Carlos asking about a 'Bitlocker' partition, which the first hit on google and numerous comments in the thread say is an encrypted partition used by Windows. Are you suggesting that the partition tools are reporting a 'Bitlocker Partition' wrongly, or that contrary to all available evidence a Bitlocker Partition does not contain encrypted data? And to what possible end? Does it matter whether the data is or is not actually encrypted? How do you mount it, or resize it? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Dave Howorth
On Sat, 5 Sep 2020 23:06:25 +0300 Andrei Borzenkov
wrote: 05.09.2020 19:27, Lew Wolfgang пишет:
Be sure to report what you find, Carlos. While I'm not that familiar with Windows I really don't think that a partition is encrypted by default on a new system.
In the whole thread there was no single evidence that something was actually encrypted.
I'm not sure what you're looking for, Andrei? The thread staretd with Carlos asking about a 'Bitlocker' partition, which the first hit on google and numerous comments in the thread say is an encrypted partition used by Windows. Are you suggesting that the partition tools are reporting a 'Bitlocker Partition' wrongly, or that contrary to all available evidence a Bitlocker Partition does not contain encrypted data? And to what possible end? Does it matter whether the data is or is not actually encrypted? How do you mount it, or resize it?
or perhaps a container encryption would be and not yet activated as such. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 9/5/20 1:41 PM, Patrick Shanahan wrote:
* Dave Howorth
[09-05-20 16:30]: On Sat, 5 Sep 2020 23:06:25 +0300 Andrei Borzenkov
wrote: In the whole thread there was no single evidence that something was actually encrypted. I'm not sure what you're looking for, Andrei? The thread staretd with Carlos asking about a 'Bitlocker' partition, which the first hit on google and numerous comments in the thread say is an encrypted partition used by Windows. Are you suggesting that the partition tools are reporting a 'Bitlocker Partition' wrongly, or that contrary to all available evidence a Bitlocker Partition does not contain encrypted data? And to what possible end? Does it matter whether the data is or is not actually encrypted? How do you mount it, or resize it? or perhaps a container encryption would be and not yet activated as such.
Carlos originally said: I'm preparing a new laptop for a friend. First thing, I'm installing Leap 15.2 on an external disk, which I will use to image the original disk. During install, I look at the internal disk (nvme), and I see: p1 260 MB EFI p2 16 MB Microsoft reserved partition p3 475 GiB Bitlocker Partition p4 1 G NTFS Partition The problem is p3. It can not be mounted, at least during install. What is that bitlocker thing? I will have to image it with dd as backup. Will I be able to resize it to install Linux on that disk later? So the partition can't be mounted, which implies that something is going on. It certainly wouldn't be resizable with Linux. I wonder what that 1-GB NTFS partition is for? Have you tried mounting p4, Carlos? Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/09/2020 22.06, Andrei Borzenkov wrote:
05.09.2020 19:27, Lew Wolfgang пишет:
Be sure to report what you find, Carlos. While I'm not that familiar with Windows I really don't think that a partition is encrypted by default on a new system.
In the whole thread there was no single evidence that something was actually encrypted.
And how can I know if it is encrypted or not? I only know the name I see in the partition list, and the fact that Linux is unable to mount it. But it happens that you are right, it is an encrypted partition that has not yet been encrypted... Windows tells me that they will tell me the key after I create a Microsoft account (something I hate, I created some local accounts only, before hitting on this information). I can post tomorrow a photo with the messages, in Spanish, with my translation. Now I'm going to bed ;-) I was able to reduce its size by 80 GiB from inside Windows instantly, no problem. One fear removed. I also have to take a calm read of the machine documentation, which claims to be in Spanish but is in English. If you are bored, here is the link: https://support.lenovo.com/es/es/manuals/e14_e15 (the print button prints only the current page :-/ ) -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
06.09.2020 05:08, Carlos E. R. пишет:
On 05/09/2020 22.06, Andrei Borzenkov wrote:
05.09.2020 19:27, Lew Wolfgang пишет:
Be sure to report what you find, Carlos. While I'm not that familiar with Windows I really don't think that a partition is encrypted by default on a new system.
In the whole thread there was no single evidence that something was actually encrypted.
And how can I know if it is encrypted or not? I only know the name I see in the partition list, and the fact that Linux is unable to mount it.
But it happens that you are right, it is an encrypted partition that has not yet been encrypted... Windows tells me that they will tell me the key after I create a Microsoft account (something I hate, I created some local accounts only, before hitting on this information). I can post tomorrow a photo with the messages, in Spanish, with my translation. Now I'm going to bed ;-)
It seems that today Windows always creates bitlocker container by default (if system meets certain prerequisites), it is just not active (i.e. encrypted). It is called Bitlocker Device Encryption. And it can also automatically encrypt it later ... https://docs.microsoft.com/en-us/windows/security/information-protection/bit... https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/... The first URL also describes how to disable automatic encryption. Still it means that drive layout is not compatible and content may not be accessible by external software. To completely remove bitlocker you would need to first complete activation (i.e. encrypt it), obtain recovery key and disable bitlocker. That should remove it completely leaving normal partition.
On 06/09/2020 08.59, Andrei Borzenkov wrote:
06.09.2020 05:08, Carlos E. R. пишет:
On 05/09/2020 22.06, Andrei Borzenkov wrote:
05.09.2020 19:27, Lew Wolfgang пишет:
Be sure to report what you find, Carlos. While I'm not that familiar with Windows I really don't think that a partition is encrypted by default on a new system.
In the whole thread there was no single evidence that something was actually encrypted.
And how can I know if it is encrypted or not? I only know the name I see in the partition list, and the fact that Linux is unable to mount it.
But it happens that you are right, it is an encrypted partition that has not yet been encrypted... Windows tells me that they will tell me the key after I create a Microsoft account (something I hate, I created some local accounts only, before hitting on this information). I can post tomorrow a photo with the messages, in Spanish, with my translation. Now I'm going to bed ;-)
It seems that today Windows always creates bitlocker container by default (if system meets certain prerequisites), it is just not active (i.e. encrypted). It is called Bitlocker Device Encryption. And it can also automatically encrypt it later ...
https://docs.microsoft.com/en-us/windows/security/information-protection/bit...
https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/...
The first URL also describes how to disable automatic encryption.
Still it means that drive layout is not compatible and content may not be accessible by external software. To completely remove bitlocker you would need to first complete activation (i.e. encrypt it), obtain recovery key and disable bitlocker. That should remove it completely leaving normal partition.
Ah, thanks for finding that out :-) Yes, this laptop has W10 Pro and is aimed at the enterprise. It makes sense to have disk encryption, but it makes maintenance more difficult. Do they mean full drive encryption, ie, the security ATA feature mentioned in "man hdparm"? That would destroy the feasibility of a Linux partition. [...] No, apparently not. See paragraph "Encrypted hard drive support" in your first link. The second link says: «Note: BitLocker automatic device encryption starts during Out-of-box (OOBE) experience. However, protection is enabled (armed) only after users sign in with a Microsoft Account or an Azure Active Directory account. Until that, protection is suspended and data is not protected. BitLocker automatic device encryption is not enabled with local accounts, in which case BitLocker can be manually enabled using the BitLocker Control Panel.» So maybe I can do without a M$ account. These are the photos I mentioned (text is Spanish): https://photos.app.goo.gl/dggenvMWt4ZHdNHBA [first photo] (large) Device encription The device encryption allows you to protect the files and folders of your device against non authorized access in case of loss or theft. (in red) You need a Microsoft account to finish the encryption of this device. (in blue) Start session with a Microsoft account instead Deactivate (large) Related configuration options (in blue) Bitlocker configurations --> second photo (in blue) obtain help (in blue) send comments [second photo] (large) Encryption of Bitlocker unit (drive?) Protect your files and folders from non authorized access protecting your drives with BitLocker (large) Operating system drive (in blue) Windows (C:) BitLocker waiting for activation Fixed data drives Removable data drives: BitLocker To Go insert a removable USB flash unit for using BitLocker To Go -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
06.09.2020 09:59, Andrei Borzenkov пишет:
It seems that today Windows always creates bitlocker container by default (if system meets certain prerequisites), it is just not active (i.e. encrypted). It is called Bitlocker Device Encryption. And it can also automatically encrypt it later ...
https://docs.microsoft.com/en-us/windows/security/information-protection/bit...
https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/...
I tried to test it in QEMU with software emulated TPM, unfortunately almost all prerequisites failed, and I do not know whether this is simply not implemented or just qemu invocation was wrong.
The first URL also describes how to disable automatic encryption.
Still it means that drive layout is not compatible and content may not be accessible by external software. To completely remove bitlocker you would need to first complete activation (i.e. encrypt it), obtain recovery key and disable bitlocker. That should remove it completely leaving normal partition.
Bitlocker volume is actually NTFS with different superblock (where only some fields are changed). When you disable it for a drive, superblock is reverted back to NTFS. bor@bor-Latitude-E5450:~/src/util-linux$ ./blkid --probe --offset $[512*239616] ~/vm/w10/hd0.raw /home/bor/vm/w10/hd0.raw: VERSION="2" TYPE="BitLocker" USAGE="crypto" bor@bor-Latitude-E5450:~/src/util-linux$ ./blkid --probe --offset $[512*239616] ~/vm/w10/hd0.raw /home/bor/vm/w10/hd0.raw: BLOCK_SIZE="512" UUID="08BC45ACBC4594DA" TYPE="ntfs" USAGE="filesystem" bor@bor-Latitude-E5450:~/src/util-linux$ It should be relatively easy to get read access to not-yet-encrypted container by overlaying the first sector with valid NTFS superblock. I do not know how to manually create such container so I cannot test it. Of course, writing to such partition would be highly discouraged as it could overwrite bitlocker metadata.
On 06/09/2020 14.09, Andrei Borzenkov wrote:
06.09.2020 09:59, Andrei Borzenkov пишет:
It seems that today Windows always creates bitlocker container by default (if system meets certain prerequisites), it is just not active (i.e. encrypted). It is called Bitlocker Device Encryption. And it can also automatically encrypt it later ...
https://docs.microsoft.com/en-us/windows/security/information-protection/bit...
https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/...
I tried to test it in QEMU with software emulated TPM, unfortunately almost all prerequisites failed, and I do not know whether this is simply not implemented or just qemu invocation was wrong.
Pity.
The first URL also describes how to disable automatic encryption.
Still it means that drive layout is not compatible and content may not be accessible by external software. To completely remove bitlocker you would need to first complete activation (i.e. encrypt it), obtain recovery key and disable bitlocker. That should remove it completely leaving normal partition.
Bitlocker volume is actually NTFS with different superblock (where only some fields are changed). When you disable it for a drive, superblock is reverted back to NTFS.
Ah, good. The command "file" did not recognize it as a bitlocked unit, but as a normal ntfs one.
bor@bor-Latitude-E5450:~/src/util-linux$ ./blkid --probe --offset $[512*239616] ~/vm/w10/hd0.raw /home/bor/vm/w10/hd0.raw: VERSION="2" TYPE="BitLocker" USAGE="crypto" bor@bor-Latitude-E5450:~/src/util-linux$ ./blkid --probe --offset $[512*239616] ~/vm/w10/hd0.raw /home/bor/vm/w10/hd0.raw: BLOCK_SIZE="512" UUID="08BC45ACBC4594DA" TYPE="ntfs" USAGE="filesystem" bor@bor-Latitude-E5450:~/src/util-linux$
It should be relatively easy to get read access to not-yet-encrypted container by overlaying the first sector with valid NTFS superblock. I do not know how to manually create such container so I cannot test it. Of course, writing to such partition would be highly discouraged as it could overwrite bitlocker metadata.
I'm now going to do an image of the disk, using the Linux I installed for the purpose on an external hard disk, then I'll try to activate then remove bitlocker inside Windows, if it allows me. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
04.09.2020 01:51, Carlos E. R. пишет:
Hi,
I'm preparing a new laptop for a friend. First thing, I'm installing Leap 15.2 on an external disk, which I will use to image the original disk. During install, I look at the internal disk (nvme), and I see:
p1 260 MB EFI p2 16 MB Microsoft reserved partition p3 475 GiB Bitlocker Partition p4 1 G NTFS Partition
The problem is p3. It can not be mounted, at least during install. What is that bitlocker thing?
Can you show output of manage-bde -status from Windows? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 06/09/2020 16.35, Andrei Borzenkov wrote:
04.09.2020 01:51, Carlos E. R. пишет:
Hi,
I'm preparing a new laptop for a friend. First thing, I'm installing Leap 15.2 on an external disk, which I will use to image the original disk. During install, I look at the internal disk (nvme), and I see:
p1 260 MB EFI p2 16 MB Microsoft reserved partition p3 475 GiB Bitlocker Partition p4 1 G NTFS Partition
The problem is p3. It can not be mounted, at least during install. What is that bitlocker thing?
Can you show output of
manage-bde -status
from Windows?
Attached :-) Huh-oh... It is in Spanish. I'll try a "DeepL" translation: Ignore unit D:, it is an USB stick. PS C:\WINDOWS\system32> manage-bde -status BitLocker Drive Encryption: Configuration Tool Version 10.0.19041 Copyright (C) 2013 Microsoft Corporation. All rights reserved. Disc Volumes that can be protected with Drive Encryption BitLocker: Volume C: [Windows] Operating System Volume]. Size: 392.68 GB BitLocker Version: 2.0 Conversion status: Encryption of used space only Encrypted percentage: 100.0% Encryption method: XTS-AES 128 Protection status: Protection disabled Locked status: Unlocked Identification field: Unknown Key protectors: none Volume D: [] Data Volume]. Size: 14,39 GB BitLocker version: None Conversion status: Decryption complete Encrypted percentage: 0.0% Encryption method: None Protection status: Protection disabled Locked status: Unlocked Identification field: None Automatic unlocking: Disabled Key protectors: none PS C:\WINDOWS\system32> Amazing. The translations of DeepL English/Spanish are amazingly good. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
06.09.2020 18:41, Carlos E. R. пишет:
On 06/09/2020 16.35, Andrei Borzenkov wrote:
04.09.2020 01:51, Carlos E. R. пишет:
Hi,
I'm preparing a new laptop for a friend. First thing, I'm installing Leap 15.2 on an external disk, which I will use to image the original disk. During install, I look at the internal disk (nvme), and I see:
p1 260 MB EFI p2 16 MB Microsoft reserved partition p3 475 GiB Bitlocker Partition p4 1 G NTFS Partition
The problem is p3. It can not be mounted, at least during install. What is that bitlocker thing?
Can you show output of
manage-bde -status
from Windows?
Attached :-)
Huh-oh... It is in Spanish. I'll try a "DeepL" translation:
Ignore unit D:, it is an USB stick.
PS C:\WINDOWS\system32> manage-bde -status BitLocker Drive Encryption: Configuration Tool Version 10.0.19041 Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Disc Volumes that can be protected with Drive Encryption BitLocker: Volume C: [Windows] Operating System Volume].
Size: 392.68 GB BitLocker Version: 2.0 Conversion status: Encryption of used space only Encrypted percentage: 100.0% Encryption method: XTS-AES 128 Protection status: Protection disabled
OK, so it means it is actually encrypted but key is not protected and stored in the clear somewhere in metadata.
Locked status: Unlocked Identification field: Unknown Key protectors: none
When protection is enabled you will see here how keys are protected. It could be TPM, or password or PIN etc. This is actually the worst state. While it does not actually protect anything, it makes it impossible to work with partition without going via bitlocker layer. It is intended as temporary measure so you can move drive between systems without re-encrypting everything. I still ask myself how access to key is guarded while in this state - because if you manage to obtain it, you have offline access to data even after protection *is* activated.And because key must be somewhere in metadata, it is enough to have raw access to partition. If you do not plan to actually use bitlocker encryption, consider turning bitlocker off. If GUI does not offer it, manage-bde -off C: will convert partition back to normal NTFS. This /should/ be safe in-place conversion which preserves existing data.
On 06/09/2020 18.02, Andrei Borzenkov wrote:
06.09.2020 18:41, Carlos E. R. пишет:
On 06/09/2020 16.35, Andrei Borzenkov wrote:
...
Can you show output of
manage-bde -status
from Windows?
Attached :-)
Huh-oh... It is in Spanish. I'll try a "DeepL" translation:
Ignore unit D:, it is an USB stick.
PS C:\WINDOWS\system32> manage-bde -status BitLocker Drive Encryption: Configuration Tool Version 10.0.19041 Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Disc Volumes that can be protected with Drive Encryption BitLocker: Volume C: [Windows] Operating System Volume].
Size: 392.68 GB BitLocker Version: 2.0 Conversion status: Encryption of used space only Encrypted percentage: 100.0% Encryption method: XTS-AES 128 Protection status: Protection disabled
OK, so it means it is actually encrypted but key is not protected and stored in the clear somewhere in metadata.
Ah.
Locked status: Unlocked Identification field: Unknown Key protectors: none
When protection is enabled you will see here how keys are protected. It could be TPM, or password or PIN etc.
Maybe in the configuration screen, which I have not dared to enter yet, I can get the key.
This is actually the worst state. While it does not actually protect anything, it makes it impossible to work with partition without going via bitlocker layer.
Right.
It is intended as temporary measure so you can move drive between systems without re-encrypting everything. I still ask myself how access to key is guarded while in this state - because if you manage to obtain it, you have offline access to data even after protection *is* activated.And because key must be somewhere in metadata, it is enough to have raw access to partition.
protection by obscurity?
If you do not plan to actually use bitlocker encryption, consider turning bitlocker off. If GUI does not offer it,
Yes, that is what I'll try. It makes seeing the files from Linux impossible. And harder maintenance for me. As for protection, the owner hates passwords, says she has nothing interesting in the computer, no secrets.
manage-bde -off C:
will convert partition back to normal NTFS. This /should/ be safe in-place conversion which preserves existing data.
Ah, good. I will, before that, create an image, then try the GUI way. One thing I'd hate would be someone using her computer and activating encryption and leaving her without access. Hey! Would that be a possibility for malware? If I deactivate it, can somebody or something activate it again, and lock the owner out? -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
06.09.2020 19:22, Carlos E. R. пишет:
If I deactivate it, can somebody or something activate it again, and lock the owner out?
Of course it is possible to activate it if something manages to run manage-bde with sufficient privileges. Do not work as root applies to Windows just as well, and UAC is annoying but adds extra protection requiring interactive confirmation. I just destroyed my test VM by testing what happens if I boot using removable medium. Well, good thing is Windows does not unlock drive automatically. Bad thing is it insisted on recovery key even after I removed removable medium and of course I did not preserve it. While Windows will not allow to store recovery key on encrypted drive, it will allow you to print it into file on the same drive ...
On 06/09/2020 18.31, Andrei Borzenkov wrote:
06.09.2020 19:22, Carlos E. R. пишет:
If I deactivate it, can somebody or something activate it again, and lock the owner out?
Of course it is possible to activate it if something manages to run manage-bde with sufficient privileges. Do not work as root applies to Windows just as well, and UAC is annoying but adds extra protection requiring interactive confirmation.
Sorry, what is UAC? I suposse it is https://en.wikipedia.org/wiki/User_Account_Control Certainly, I have created a "normal user" for the owner and I will try to convince her to use only that one. But I also created an administrator account for her, in case she needs to install something or do something. Besides my own account as administrator. Unfortunately, Windows users are not accustomed to using a normal unprivileged account and are pissed by the extra nuisance as they see it. Although... I have seen software (specially installs) that when run by an unprivileged user that clicks "run as administrator" fail in strange ways that do not hint at the reason. I think it happened to me with the software for the TomTom GPS navigator.
I just destroyed my test VM by testing what happens if I boot using removable medium. Well, good thing is Windows does not unlock drive automatically. Bad thing is it insisted on recovery key even after I removed removable medium and of course I did not preserve it. While Windows will not allow to store recovery key on encrypted drive, it will allow you to print it into file on the same drive ...
Good to know... Well, now for my next steps: - installing Linux on small internal partition (for my use and maybe emergencies) - taking an image of it all - booting windows again and trying to deactivate bitlocker. - taking an image of it all, again (symlink to Linux side perhaps) This laptop works perfectly in Linux, by the way. Well, no idea about the fingerprint sensor. That's a nice feature in Windows, for those users that hate passwords and ask us to remove it. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
El 2020-09-06 a las 19:01 +0200, Carlos E. R. escribió:
On 06/09/2020 18.31, Andrei Borzenkov wrote:
06.09.2020 19:22, Carlos E. R. пишет:
...
- installing Linux on small internal partition (for my use and maybe emergencies) - taking an image of it all - booting windows again and trying to deactivate bitlocker. - taking an image of it all, again (symlink to Linux side perhaps)
Just to mention that the conversion on the Windows side was easy and fast. I have photos if wanted, but the text is in Spanish. The interface wants to proceed using a M$ account, but there is a click below to access the administration of BitLocker. I did that. Then I clicked on activate. It prompted me to save the key on a M$ account (no!), and/or print it: I did both, but print to pdf. The file is text, but I had problems reading it in Linux. Each char seemed double or something. The PDF is clear enough. Then I clicked on activate the disk. It said it would take a few seconds. Correct. And then the configuration window displayed some different options, and the last one was "deactivate BitLocker". I did that; It said it could take some long minutes, but it actually finished in less than 5, perhaps 3. I saw disk activity at 414MB/s. Back on Linux, I could finally mount and see the Windows partition. This solves my problem :-) -- Cheers Carlos E. R. (from openSUSE Leap 15.1 x86_64 (Minas Tirith))
El 2020-09-04 a las 00:51 +0200, Carlos E. R. escribió:
Hi,
I'm preparing a new laptop for a friend. First thing, I'm installing Leap 15.2 on an external disk, which I will use to image the original disk. During install, I look at the internal disk (nvme), and I see:
I'm delayed by disk trouble on my main desktop. Meanwhile, I noticed the list of UEFI boot entries on the laptop, and it is quite large: Rescate:~ # efibootmgr BootCurrent: 0020 Timeout: 0 seconds BootOrder: 0005,0002,0000,0019,001A,001B,001C,001D,001E,001F,0020,0021 Boot0000* Windows Boot Manager Boot0002* linux-os-int-secureboot Boot0005* rescate-ext-secureboot Boot0010 Setup Boot0011 Boot Menu Boot0012 Diagnostic Splash Screen Boot0013 Lenovo Diagnostics Boot0014 Regulatory Information Boot0015 ThinkShield Secure Wipe Boot0016 Startup Interrupt Menu Boot0017 Rescue and Recovery Boot0018 MEBx Hot Key Boot0019* USB CD Boot001A* USB FDD Boot001B* NVMe0 Boot001C* NVMe1 Boot001D* ATA HDD0 Boot001E* ATA HDD1 Boot001F* ATA HDD2 Boot0020* USB HDD Boot0021* PXE BOOT Boot0022* IDER BOOT CDROM Boot0023* IDER BOOT Floppy Boot0024* ATA HDD Boot0025* ATAPI CD Rescate:~ # Wow :-) -- Cheers Carlos E. R. (from openSUSE Leap 15.1 x86_64 (Minas Tirith))
participants (15)
-
Adam Majer
-
Andrei Borzenkov
-
Ariez Vachha - openSUSE
-
Carlos E. R.
-
Dave Howorth
-
David C. Rankin
-
DennisG
-
Doug McGarrett
-
James Knott
-
jdd@dodin.org
-
Lew Wolfgang
-
Patrick Shanahan
-
Per Jessen
-
Ralph
-
Simon Becherer