Thursday, 29 December 2011

Dual-Booting McAfee Endpoint Encryption

I've just spent the best part of two days getting my laptop back up and running. I foolishly installed Kubuntu 11.10, which overwrote the MBR and then I could not boot to Windows, which is what I use at work and because the Windows partition was encrypted there was little I could do to get back in.

After a bit of time wasting with the help desk, I decided to bite the bullet and reinstall everything to get back my dual-boot setup, hoping that I had backed up everything of importance.

In essence the process is fairly simple:
  1. Install Windows
  2. Install Kubuntu (Linux)
  3. Ensure that you can boot to both OSs
  4. Install McAfee Endpoint Encryption
Once all that is done, I get the Endpoint Encryption logon prompt, before the Grub menu, so that I can now boot to either Windows or Kubuntu.

We use McAfee Endpoint Encryption 5.2 so I don't know whether this will work for other versions.

Today I found this post which provides a good tip on how to back up the MBR, using the trusted DD command in Linux ( and a different (better?) way of doing the dual boot dance with McAfee EE):
dd if=/dev/sda of=/your_usb_drive/safeboot.mbr bs=512 count=1
If only I've read this before I started.

Note to restore MBR copy safeboot.mbr to /boot from Linux and then you'll need to add an entry to the grub menu, see this how-to for instructions.


  1. I think that the 'better' instructions you link to leave you with an encrypted Windows partition and unencrypted Linux partition - meaning that you can't read the Windows partition from Linux.

    With the method you used, can you mount the Windows partition from Linux?

    1. You can't mount the windows partition from Linux if it's encrypted, as far as I know.

      I'm fine with this solution as it's my work laptop and I just wanted to have a separate OS for personal use without the need to lug around two laptops.

  2. Did you get login options for Windows and Linux on Endpoint prompt after installing win -> Linux -> Endpoint encryption?