Introduction
In this article I will explain how I got Fedora 15 KDE installed alongside Windows 7 with Sophos Bootloader and fully encrypted Windows 7 partitions. Bypassing Sophos still does not seem possible, the reason is because the Windows partitions only get decrypted through Sophos which resides in the MBR. I have therefore chosen to use the Windows 7 boot manager in order to boot Fedora.Beware that this is not a step by step tutorial, and should not be taken as such. This is more like a collection of my personal notes taken during this project. Please be careful en make sure you understand the risks of a certain technique before using it, as missteps could very well lead to complete data loss and not being able to boot your machine (from the harddisk at least). Some machines have recovery options which rely on an image on a separate partition from which Windows can be re-installed. This could also get compromised if things go wrong, make sure you understand if this applies to you and the possible consequences of a mistake.
My setup looks like this right now:
- Sophos boot loader in the MBR
- Sophos Encrypted Windows 7 with custom boot manager and Grub4Dos
- Fedora 15 KDE (Linux) Grub on the same partition
Backup
It is wise to have a complete backup of the hard disk. Because the partitions are encrypted, Windows does not boot without the Sophos bootloader in the MBR, which easily could be caused by making a mistake while installing Fedora. There are more disaster scenarios conceivable, so backup is something worth thinking about it. The backup method must be able to restore the MBR, work with encrypted partitions, and work even if the Windows installation on the machine is unusable.I have done the backup from the Fedora liveusb using the dd-command, which does bytewise raw data copying. Dd will copy entire harddisks or partitions with complete disregard for its contents, which makes it suitable to restoring your system to a previous state byte for byte. This is especially important since the windows partitions are encrypted, and because Sophos resides on the MBR. For me it was useful because I often was experimenting and taking corrective actions, but I can not really recommend it to everyone because you can quickly make a mistake and loose everything.
Partitioning
The first condition is that non-partitioned space on the machine must exist to install Fedora on. This is achieved by reducing existing Windows partitions, which can easily be done from a Fedora liveusb as long as they are not yet encrypted (sophos usually encrypts the drives on first boot).
Creating the Fedora partition had to be done from Windows, because when I tried it with a Linux partition manager (gparted) Windows would not boot afterwards. I used the Partition Wizard tool instead, which can format EXT4. Assigning a drive letter in Windows was not necessary, so I skipped that. My partitions look like this now:
Windows Modifications
In order to start the Fedora partition from the Windows 7 boot manager I installed Grub4Dos, a port of Grub for the DOS/Windows platform. I have simply followed this guide. Remember to copy grldr.mbr, grldr and menu.lst to the root of the C drive.Additionally, you must edit the menu.lst to boot Fedora. This is my menu.lst:
# This is a sample
menu.lst file. You should make some changes to it.
# The old install
method of booting via the stage-files has been removed.
# Please install
GRLDR boot strap code to MBR with the bootlace.com
# utility under
DOS/Win9x or Linux.
color blue/green
yellow/red white/magenta white/magenta
timeout 0
default /default
title
Fedora
root
(hd0,2)
chainloader +1 The last section tells Grub4Dos to boot whatever is on the third partition of the hard disk. In this partition I have a (Linux) Grub installation, which in turn starts Fedora. This is useful for kernel updates or when you change Linux distributions later, such changes would have no impact on the Windows part.
Sophos launches Windows 7 and, after a moment, this screen follows:
The entry 'Grub' brings me in Fedora and is set as default ;-). One thing I have ensured is that the timeout for choosing an OS not zero, because this would probably lead to a situation where booting into Windows is impossible.
Fedora Installation
Installing Fedora from a liveusb is largely automatic up to the point when a type of installation must be selected:
You must select 'Create Custom Layout' here. In the next screen select the partition created with Partition Wizard and click Edit. Use as a mount point '/'. The following warning regarding swap can be ignored.
You could also make an additional partition (from Windows!) and set it as swap, but I have not tried that. I have currently a swap file, which I have setup by following these instructions.
Follow the installer until the time comes to choose where to install Grub. Here it is important to make sure that Grub is installed on the Fedora partition by choosing 'Change Device'. This is because by default Grub is installed on the MBR which will remove Sophos and render Windows unusable.
Conclusion
Fedora is now alongside Windows 7 in its own partition so that both operating systems can have the entire system resources. The Fedora partition is not encrypted though, but that should be possible without much trouble.One little drawback is that you must login into Fedora in addition to Sophos, for which I have unfortunately no solution.
Fedora hibernate does not work because I have no swap partition, but here is explained how to do hibernating with a swap file. I myself have not tried it and use sleep instead. On wake up, you do not need to login into Sophos again.
If you have any further questions, tips or improvements please leave a comment. And if you are going to try it yourself: get a good backup solution.