0

I recently bought a laptop from Dell with pre-installed Windows 10 Pro. As i'm used to, i shrank the default Windows partition, created another (NTFS) for my data and then installed Ubuntu (18.04) into the remaining space.

However after installation i found that i can't mount the user data NTFS partition. It doesn't appear in the graphical file manager and running sudo mount -t ntfs-3g /dev/sda4 /media/UserData results in error:

NTFS signature is missing.
Failed to mount '/dev/sd4': Invalid argument
The device '/dev/sd4' doesn't seem to have a valid NTFS.

After a hour of googling and analyzing the problem, i found that it's because the partitions created by Windows are encrypted by BitLocker and therefore standard Ubuntu drivers can't recognize it. I learned that there are tools like Dislocker or bdemount that can mount the BitLocker encrypted partitions, but they require an encryption key.

However i don't have any such key as i didn't setup the encryption by myself, it came enabled from the factory settings. So i went to Windows and opened the BitLocker manager, but to my confusion it showed me it's not activated. enter image description here However thanks to this Q&A i learned that even when not activated, it is still encrypting, just not storing the key in a secure way.

Now i'm stuck at the point, where i need to extract the encryption key that i can then supply to the Linux mounting tools, but i can't find how or where the key is. Windows seem to require me to activate the BitLocker and setup a password or USB key drive, which i don't want, because then i will have to enter the password or insert the USB disk everytime on boot.

So my (hopefully) final question is: How does one extract the encryption key from Windows BitLocker, that can be then supplied to Linux mounting tools? Windows official documentation doesn't state anything about the key location or how to get it.

Youda008
  • 214
  • 1
  • 4
  • 12
  • Your screenshot indicates encryption, is simply suspended, which means the data is still encrypted. So the solution to your problem is to "Turn on Bitlocker" then go through the process of decrypting the entire HDD. In your case, the key is currently stored in the TPM, Linux tool should be able to access it. Might be easier to just disable BitLocker in your case, since you want to use Linux, and honestly LInux does a horrible job with Bitlocker. – Ramhound Sep 20 '18 at 17:57
  • @Ramhound: May i ask you to explain me, what is the difference between the "suspended" encryption i have now and the "activated" encryption i get when i click on Turn on BitLocker and finish the process? I'm very confused from all this drive encryption stuff, never used it before. – Youda008 Sep 20 '18 at 18:56
  • Do you need/want the data volume encrypted? – I say Reinstate Monica Sep 20 '18 at 19:39
  • Well first i liked that idea of additional security by the encryption, but the more i read about it and about people having issues with it, the more i'm thinking about actually disabling the encryption for the user data. If i at least knew how reliable is the Dislocker and how much troubles i will have with using BitLocker encrypted partition in Ubuntu, that would help me with deciding. – Youda008 Sep 20 '18 at 20:09
  • How BitLocker works, and what it means to suspend it, is well documented but way to complex to explain in a comment. Likewise, I have no idea if the Linux BitLocker tools can communicate with the TPM and get the BitLocker key stored there. Solution is simple, resume BitLocker, then turn BitLocker off. This will decrypt all data, you can then enable it again, when you know more or can verify the tool will work with a TPM (since your not willing to use the alternative by not using the TPM) – Ramhound Sep 20 '18 at 21:42
  • @Ramhound the FVEK the OP is after isn't stored in the TPM; only *key protectors* are stored in the TPM. As explained [here](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-key-management-faq#where-are-the-encryption-keys-stored) *The full volume encryption key is encrypted by the volume master key and stored in the encrypted drive. The volume master key is encrypted by the appropriate key protector and stored in the encrypted drive.* – I say Reinstate Monica Sep 21 '18 at 00:26
  • @Youda008 Finding out if BitLocker is suitable for use from Ubuntu is outside the scope of this question. I can't help you gain access to an encrypted disk from that OS, but if you decide you're willing to disable the encryption I can post an answer on how to do that. – I say Reinstate Monica Sep 21 '18 at 00:29
  • Linked reference from your link confirmed the TPM stores the private key. Which should be what those tools require to decrypt the drive since only the private key can be used to decrypt data when there is a private/public pair. – Ramhound Sep 21 '18 at 00:31
  • So now i understand it. My key must be stored in TPM, is makes sense, otherwise it would ask me to insert something (password, USB drive, ...) during boot. Well in that case it becomes even more difficult to mount this partition in Ubuntu, so i will simply disable the encryption and mount it like i already know. Thank you guys @TwistyImpersonator and Ramhound for explanation and links. – Youda008 Sep 21 '18 at 07:41
  • @Youda008 No, Ramhound is incorrect in this case. I'm not going to get into an extended discussion about it in the comments. The text I quoted in my last comment clearly states the FVEK is stored on the drive. If it were stored in the TPM, then it would be impossible to take the drive to another computer and access the data, yet with a recovery key one can do exactly that. (Think about it...how does that work given that data can be encrypted with only **one** key?) – I say Reinstate Monica Sep 21 '18 at 11:11
  • For people coming here with the same setup but not wishing bitlocker to be active in the first place, the windows command to disable bitlocker and decrypt the drive in this state is "manage-bde c: -off" from an administrator command prompt. – Remember Monica Jun 22 '23 at 06:30

0 Answers0