2

I am using Clonezilla from Parted Magic - which I am booting from live USB - because it contains VeraCrypt and Clonezilla. I want to create a backup image of one of the partitions on the hard disk of my laptop, and save it to USB connected external HDD, which have one encrypted partition.

When I start Clonezilla I select device-imgage and then local_dev, but when it shows the list of partitions to chose for location, and I select the external HDD partition, it shows error like: mount: /home/partimg: wrong fs type, bad option, bad superblock ...
And if I use VeraCrypt to mount the encrypted partition to /home/partimg before starting Clonezilla, then, when I start Clonezilla and select the encrypted partition it shows that the partition is already mounted or the mount point is busy.

Is it possible to make Clonezilla to mount encrypted with VeraCrypt partition?

fra-san
  • 9,931
  • 2
  • 21
  • 42
Brent Alonso
  • 21
  • 4

2 Answers2

2

Unlike the header of a LUKS-encrypted partition, the header of a TrueCrypt/VeraCrypt-encrypted partition is also encrypted. So without knowing the encryption key, you should not be able to tell it from random noise, at least not without advanced statistical analysis.

As a result, automatic detection of VeraCrypt partitions is not possible.

Clonezilla can do a dd-style raw copy from one disk/partition/image file to another, or a smarter filesystem-aware copy that can avoid copying any blocks that are currently marked as "free" in the filesystem. But the smarter methods need to be pointed at a recognizable filesystem, not at pseudo-random encrypted noise.

When you mount a VeraCrypt partition, two things happen.

First, a device like /dev/mapper/veracrypt1 is created. This is the actual encryption/decryption layer: anything you write into it gets encrypted and stored in the actual VeraCrypt encrypted partition, which is probably something like /dev/sdX1. When you read it, the corresponding location in the encrypted partition is read and decrypted. As a result, you can use the /dev/mapper/veracrypt1 device just like a real disk/partition device and set up a normal filesystem on it. VeraCrypt does exactly that when you create a VeraCrypt-encrypted volume.

Second, the VeraCrypt tool will automatically mount the /dev/mapper/veracrypt1 device to the place you specify, e.g. /home/partimg.

When you want to use Clonezilla with a VeraCrypt-encrypted partition, that second step is actually something you don't want. You'd need VeraCrypt to just activate the /dev/mapper/veracrypt1 device, and leave the actual filesystem unmounted so that Clonezilla can freely manipulate it. Apparently you can achieve it like this:

veracrypt -tc -t --filesystem=none <encrypted thing> <mountpoint>

By specifying --filesystem=none, the actual mount step will be skipped.

Then you can just point Clonezilla to /dev/mapper/veracrypt1 just as if it was a regular unencrypted partition.

telcoM
  • 87,318
  • 3
  • 112
  • 232
  • I run this command `veracrypt --filesystem=none /dev/sdc1 /home/partimg` (sdc1 is my encrypted partition) but how to point Clonezilla to `/dev/mapper/veracrypt1`? Because when it start listing the partitions it shows `sdc1` and if i select it, it shows the error that the partition is already mounted. Here is a screenshot: https://i.imgur.com/c4UK7ji.png – Brent Alonso Apr 09 '19 at 21:53
0

I think i found a solution.

First i type this command: veracrypt --filesytem=none /dev/sdx1 which mounts the encrypted partition without file system.

After that i start Clonezilla and after i select device-image, instead of selecting local_dev i select enter shell and then i type this command: mount -t auto -o noatime,nodiratime /dev/mapper/veracrypt1 /home/partimg. This mounts the encrypted partition to /home/partimg and make Clonezilla skip asking for selecting a partition for saving location.

After that i type exit, to exit command shell, and continue with default Clonezilla steps that follow.

Brent Alonso
  • 21
  • 4