I switched from TrueCrypt to VeraCrypt (forked version with security fixes) and decided to encrypt my external usb hard drive. But how do I mount the drive unencrypted while running Clonezilla from a live cd? I see where others have used tcplay with TrueCrypt; I may be wrong, but I imagine that it would not be compatible with VeraCrypt. Has anyone successfully done this, and if so what steps did you take?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Just to have something usable I reformatted the drive with two partitions, one encrypted using VeraCrypt and one left un-encrypted. When running Clonezilla I select the un-encrypted partition to store the backup image file. Once the backup is complete I exit the Clonezilla Live CD, reboot into Windows, un-encrypt the VeraCrypt encrypted partition, and then move the image file from the un-encrypted partition to the VeraCrypt partition.
I would still like to see an updated version of tcplay for VeraCrypt (vcplay I would imagine), so I don't have to go through all these extra steps.
Last edit: pjc123 2015-01-27
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
With a suggestion from the folks at VeraCrypt to run the Linux version of VeraCrypt (I didn't even know that existed) from a usb pendrive, I was able to un-encrypt the drive and mount it to /home/partimg from directly within Clonezilla Live using the command line option. So, no more moving files around. Sweet! As a side note, VeraCrypt has developed a patch for tcplay to support VeraCrypt volumes and are just waiting to hear back from the tcplay people. Furthermore there will be a vcplay in the future.
Last edit: pjc123 2015-01-27
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I've been using clonezilla 2.6.1-25 to back up a veracrypt system disk, and used 2.6.5-21 to copy it back, and I choose options to make sure I keep the same partition sizes, don't resize, and I notice that clonezilla says it deletes first 8 bytes of first partition, a couple of other bytes on the other partitions, and I'm not sure why. I know that in the Veracrypt changelog, it said that by 1.24Update6, the corrupted headers was fixed. I'm just not sure why Clonezilla is deleting bytes. I recently wrote back an image of a hard disk using 2.6.5-21, and found that the Veracrypt system passed the password test, but couldn't access the partition, saying it was unsupported, so I think there was some corruption somewhere.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
"clonezilla says it deletes first 8 bytes of first partition, a couple of other bytes on the other partitions" -> Did you mean Clonezilla cleans the file system before it restores an image? If so, it's normal since it's better to be empty before the image is restored so it won't confuse the OS.
Steven
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I've used clonezilla 2.6.7.28-amd64 to make an image of a windows system encrypted with Veracrypt, but when I write the image back, the Veracrypt password no longer works. So far in my testing, it seems to just be a problem with EFI/GPT systems - my Veracrypt Master Boot Record systems are being written back okay.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Sorry, I don't have a cellphone. I should have been more specific - sorry. I meant, that when I boot my computer and I get the Veracrypt password prompt, when I enter it, it says it's invalid, wrong, not working. However, when I access the system using Veracrypt on another running system, I can access the files. It's just that the password is somehow wrong when trying to boot, so I'm guessing that Clonezilla is not making an exact image or not writing the image back exactly right. I think it wouldn't be hard to test it on your end - just create a GPT/EFI system, like Windows 10 of some sort, small, just 70 GB and make an image, then write the image back.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Veracrypt 1.24update7. GPT/EFI, not MBR. I installed Veracrypt while running Windows, encrypted it, thankfully created the rescue disk. You want to know all the options I select for Veracrypt? Isn't it the same? Veracrypt writes a bootloader, and the main system volume shows up as RAW.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Please give Clonezilla live >= 2.7.2-27 or 20210505-* a try: https://clonezilla.org/downloads.php
We have improved it to save and restore 512 bytes data for Verycrypt in the GPT disk.
Steven
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I recently tried with a small windows 20h2 system, only about 23 GB, plus boot partition, 16 MB partition, and the recovery partition, using both 2.6.7.28-amd64 and 2.7.1.22-amd64, encrypting the system partition, making an image and then writing it back, with no problems. I'm not sure why it didn't work for at least that one system that used up the whole hard drive space, and I think I've had this problem, before, too.
Oh my gosh, why didn't Clonezilla save this 512 bytes data before? I mean, it's Clonezilla, right? I'm disappointed. I'm glad at least that I had created a rescue disk, which I'm not sure if it would have saved my butt, and also made an image using Macrium Reflect, just in case the Clonezilla image didn't work, because I had a vague recollection that it had made my password not work, before, too. But thank you for at least looking at this issue and trying to make it work better. Maybe one thing I could try is writing another image to the hard disk that messes up the partitions before writing my clonezilla image back?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If you have rescue disk, it's easy to do that. Just find that 512 byte file, say it's vc.bin. Assume your restored disk is /dev/sda, then use Clonezilla live >= 2.7.2-27:
sudo ocs-restore-veracrypt-vh vc.bin /dev/sda
Veracrypt is not supported before, it's only after you reported this issue, we studied more and find it. Thank you very much.
Steven
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You're welcome. If I had known that Veracrypt had to be explicitly supported, I would have mentioned issues a long time ago. I guess I thought that if it was CLONEzilla, there would be no issues. After all, it's Clonezilla, not Clonewimpa. I tried out 2.7.2-27, and when I create an image of my Veracrypt-encrypted system, then write it back, it works with no issues, but I only tested once.
When I booted 2.7.2-27, both of the KMS to RAM modes got stuck on "Configuring Keyboard", but they did allow the system to reboot when I pressed ctrl-alt-del. So, I didn't choose the "to RAM" mode until I saw that there was a VGA to RAM mode, which I then chose and used with no issue.
I should also point out that when I used 2.7.2-27 to write back an image to my system, that previously had caused my Veracrypt password to fail, that now the password works, although it always boots into Automatic Startup Repair mode. I had to put in my Veracrypt rescue disk. Option m to restore the Veracrypt loader didn't work. Option c to restore the loader config didn't work. Option r to restore the loader binaries didn't work. Option v to boot the Veracrypt loader from the rescue disk didn't help. However, option k to restore the OS header keys worked, and the system could now boot properly.
However, when using Clonezilla, when I press Cancel at the savedisk, restoredisk etc menu, it doesn't do anything helpful. If I press Exit, then choose rerun2, Clonezilla will still ask me for the repository, and not show the disk that I had initially chosen for the repository, but now it won't show that anymore unless I choose to start at the beginning. If I choose rerun2, then I think Clonezilla shouldn't even ask me for the repository. If it does, it should show all the options. If I choose Cancel at that screen, Clonezilla will say that I have to choose some sort of repository, instead of just cancelling, bringing me to the rerun1 rerun2 etc menu. Also, going through expert mode, when I come to the compression menu, then select Cancel, the next menus still come up sequentially, even though I am selecting Cancel at every one! If I click Cancel, then let it Cancel, go to the rerun1 rerun2 selection menu.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I switched from TrueCrypt to VeraCrypt (forked version with security fixes) and decided to encrypt my external usb hard drive. But how do I mount the drive unencrypted while running Clonezilla from a live cd? I see where others have used tcplay with TrueCrypt; I may be wrong, but I imagine that it would not be compatible with VeraCrypt. Has anyone successfully done this, and if so what steps did you take?
Just to have something usable I reformatted the drive with two partitions, one encrypted using VeraCrypt and one left un-encrypted. When running Clonezilla I select the un-encrypted partition to store the backup image file. Once the backup is complete I exit the Clonezilla Live CD, reboot into Windows, un-encrypt the VeraCrypt encrypted partition, and then move the image file from the un-encrypted partition to the VeraCrypt partition.
I would still like to see an updated version of tcplay for VeraCrypt (vcplay I would imagine), so I don't have to go through all these extra steps.
Last edit: pjc123 2015-01-27
Thanks for sharing that.
It's nice to know you have found the solution.
Steven.
With a suggestion from the folks at VeraCrypt to run the Linux version of VeraCrypt (I didn't even know that existed) from a usb pendrive, I was able to un-encrypt the drive and mount it to /home/partimg from directly within Clonezilla Live using the command line option. So, no more moving files around. Sweet! As a side note, VeraCrypt has developed a patch for tcplay to support VeraCrypt volumes and are just waiting to hear back from the tcplay people. Furthermore there will be a vcplay in the future.
Last edit: pjc123 2015-01-27
What commands did you use to mount the encrypted external drive to /home/partimg from the command line? I am having the same issue.
Cool!
For the time being veracrypt is not in Debian repository.
Someday when it is, definitely we will include that in Clonezilla live.
Steven.
That would be great.
Last edit: pjc123 2015-01-27
SOLVED.
I wrote a tutorial on how to access a VeraCrypt encrypted volume from inside Clonezilla. You can find it here:
http://www.flaminghellmet.com/tech-stuff/linux/
Last edit: pjc123 2015-02-10
Thanks for sharing that.
Steven.
I've been using clonezilla 2.6.1-25 to back up a veracrypt system disk, and used 2.6.5-21 to copy it back, and I choose options to make sure I keep the same partition sizes, don't resize, and I notice that clonezilla says it deletes first 8 bytes of first partition, a couple of other bytes on the other partitions, and I'm not sure why. I know that in the Veracrypt changelog, it said that by 1.24Update6, the corrupted headers was fixed. I'm just not sure why Clonezilla is deleting bytes. I recently wrote back an image of a hard disk using 2.6.5-21, and found that the Veracrypt system passed the password test, but couldn't access the partition, saying it was unsupported, so I think there was some corruption somewhere.
"clonezilla says it deletes first 8 bytes of first partition, a couple of other bytes on the other partitions" -> Did you mean Clonezilla cleans the file system before it restores an image? If so, it's normal since it's better to be empty before the image is restored so it won't confuse the OS.
Steven
yes that's it - Clonezilla cleans the filesystem. I thought maybe that was causing me some problems, but it's probably something else.
I've used clonezilla 2.6.7.28-amd64 to make an image of a windows system encrypted with Veracrypt, but when I write the image back, the Veracrypt password no longer works. So far in my testing, it seems to just be a problem with EFI/GPT systems - my Veracrypt Master Boot Record systems are being written back okay.
"the Veracrypt password no longer works." -> Where did it fail? Please describe more, or take some photos and post them. Thanks.
Steven
Sorry, I don't have a cellphone. I should have been more specific - sorry. I meant, that when I boot my computer and I get the Veracrypt password prompt, when I enter it, it says it's invalid, wrong, not working. However, when I access the system using Veracrypt on another running system, I can access the files. It's just that the password is somehow wrong when trying to boot, so I'm guessing that Clonezilla is not making an exact image or not writing the image back exactly right. I think it wouldn't be hard to test it on your end - just create a GPT/EFI system, like Windows 10 of some sort, small, just 70 GB and make an image, then write the image back.
How did you install and configure Veracrypt for your windows? Please let us know so that it's easier to reproduce this issue.
Steven
Veracrypt 1.24update7. GPT/EFI, not MBR. I installed Veracrypt while running Windows, encrypted it, thankfully created the rescue disk. You want to know all the options I select for Veracrypt? Isn't it the same? Veracrypt writes a bootloader, and the main system volume shows up as RAW.
OK, I will find some time to test that.
Steven
"You want to know all the options I select for Veracrypt?" -> Oh, yes. Please show that. Thanks.
Steven
Please give Clonezilla live >= 2.7.2-27 or 20210505-* a try:
https://clonezilla.org/downloads.php
We have improved it to save and restore 512 bytes data for Verycrypt in the GPT disk.
Steven
I recently tried with a small windows 20h2 system, only about 23 GB, plus boot partition, 16 MB partition, and the recovery partition, using both 2.6.7.28-amd64 and 2.7.1.22-amd64, encrypting the system partition, making an image and then writing it back, with no problems. I'm not sure why it didn't work for at least that one system that used up the whole hard drive space, and I think I've had this problem, before, too.
Oh my gosh, why didn't Clonezilla save this 512 bytes data before? I mean, it's Clonezilla, right? I'm disappointed. I'm glad at least that I had created a rescue disk, which I'm not sure if it would have saved my butt, and also made an image using Macrium Reflect, just in case the Clonezilla image didn't work, because I had a vague recollection that it had made my password not work, before, too. But thank you for at least looking at this issue and trying to make it work better. Maybe one thing I could try is writing another image to the hard disk that messes up the partitions before writing my clonezilla image back?
If you have rescue disk, it's easy to do that. Just find that 512 byte file, say it's vc.bin. Assume your restored disk is /dev/sda, then use Clonezilla live >= 2.7.2-27:
sudo ocs-restore-veracrypt-vh vc.bin /dev/sda
Veracrypt is not supported before, it's only after you reported this issue, we studied more and find it. Thank you very much.
Steven
You're welcome. If I had known that Veracrypt had to be explicitly supported, I would have mentioned issues a long time ago. I guess I thought that if it was CLONEzilla, there would be no issues. After all, it's Clonezilla, not Clonewimpa. I tried out 2.7.2-27, and when I create an image of my Veracrypt-encrypted system, then write it back, it works with no issues, but I only tested once.
When I booted 2.7.2-27, both of the KMS to RAM modes got stuck on "Configuring Keyboard", but they did allow the system to reboot when I pressed ctrl-alt-del. So, I didn't choose the "to RAM" mode until I saw that there was a VGA to RAM mode, which I then chose and used with no issue.
I should also point out that when I used 2.7.2-27 to write back an image to my system, that previously had caused my Veracrypt password to fail, that now the password works, although it always boots into Automatic Startup Repair mode. I had to put in my Veracrypt rescue disk. Option m to restore the Veracrypt loader didn't work. Option c to restore the loader config didn't work. Option r to restore the loader binaries didn't work. Option v to boot the Veracrypt loader from the rescue disk didn't help. However, option k to restore the OS header keys worked, and the system could now boot properly.
However, when using Clonezilla, when I press Cancel at the savedisk, restoredisk etc menu, it doesn't do anything helpful. If I press Exit, then choose rerun2, Clonezilla will still ask me for the repository, and not show the disk that I had initially chosen for the repository, but now it won't show that anymore unless I choose to start at the beginning. If I choose rerun2, then I think Clonezilla shouldn't even ask me for the repository. If it does, it should show all the options. If I choose Cancel at that screen, Clonezilla will say that I have to choose some sort of repository, instead of just cancelling, bringing me to the rerun1 rerun2 etc menu. Also, going through expert mode, when I come to the compression menu, then select Cancel, the next menus still come up sequentially, even though I am selecting Cancel at every one! If I click Cancel, then let it Cancel, go to the rerun1 rerun2 selection menu.
Thank you again for researching this issue and supporting Veracrypt-encrypted volumes.