Macbook Triple Booting Guide

Posted on February 3, 2020 by John

One of the biggest advantages to having a Macbook is the ability to have all three mainstream OSes on one device – invaluable if you work with a variety of tools, as is often the case in the DFIR world.

I’ve done this a couple of times in the past and found some very useful guides, but with the advent of APFS, GPT partitioning and newer versions of Mac/Windows, it’s a little different to doing this on a HFS+ drive.

It’s not particuarly hard, but can be fiddly. A huge failsafe here is having your Mac OS backed up on Time Machine – should the (absolute) worst happen, a system restore is painless.

Disclaimer – this does involve messing around with bootloaders. This could potentially lead to a situation where your system does not boot. While following this guide *should* give you a beautifully crafted triple booting Mac, it may also lead to a non-bootable laptop. Please ensure you have backed up all your data before proceeding!

I’ve curated this from a number of guides which covered some/most of the procedures and issues (listed at the end). This guide puts all the key issues I’ve encountered in one place for others!

What you’ll need:

A Macbook (obvs)

A Windows 10 ISO and licence key

A USB stick with your flavour of Linux install (I went for Mint) (I recommend using Rufus to make your USB installer, YMMV)

A download of Refind on your Mac OS. This is used to manage your multi-install system, getting the various bootloaders to work together.

Step 1: Bootcamp Your Mac

The first step (if you don’t already) is to get a Bootcamp installation of Windows. You can do this using the included Bootcamp Assistant on MacOS. All you need is a Windows ISO (either 8 or 10) and a correct licence key. The key thing you must have however, is a Bootcamp partition size big enough for both Windows and Linux.

For example, I wanted to split my 500GB drive as follows:

300GB Mac OS | 150GB Windows | 50GB Linux

In order to get this, I allocated 200GB to the Bootcamp partition; I’ll resize that later.

Before you start installing Windows, unzip the Refind application to somewhere relatively easy to find on your Mac (as you’ll need to get to it in console later). I suggest Downloads or Documents. Now you can fire up the Bootcamp Assistant and get installing!

Once you’ve got Windows installed, it’s time to create the partition for your Linux install.

Step 2: Make Space for Linux!

This is pretty straightforward. Firstly, right click on “This PC” from the list of devices on the left in Windows Explorer, select “Manage”. Then select “Disk Management” under “Storage” in the screen that pops up.

Here, you should see your drive that Windows is installed on. Right click and select “Shrink Volume”. Drop it down so you get the desired split between your Windows and Linux partitions.

You don’t need to format this new space, we’ll be doing that in Linux.

Step 3: Install Linux

This can always be a tricky step – Linux drive designations are very different to Windows or Mac and there can be confusion about how the install is configured: “mount points?” “swap partition?”

Firstly, plug in your Linux USB and boot to it using the Alt key. You’ll get an option to “try (linux variant) or “install (linux variant)”. Select the “try” option. Once Linux has booted up, select the “Install Linux” option from the desktop.

You will be presented with the option to let the installer set up Linux partitions for you. Don’t let it do this! It will undo all your hard work and you’ll have to start from scratch. Instead, select “Do something else” instead.

You’ll now be asked to configure the Linux installer. It can be a bit difficult to work out what’s going on here. The main bits you need to know:

  1. Make sure you select the empty space you made in Windows to install Linux to. It will be called something like /dev/sda5. You should be able to identify it as it’ll be the size you specified in Disk Management in Windows.
  2. When the “Edit Partition” pop up appears, select “Use as: Ext4 Journalling File System”
  3. You’ll also be asked where you want the mount point to be. Select “/” which is the root of the partition.
  4. You’ll also be asked to point at the “Device for Boot Loader Installation”. This will be /dev/sda1 which is the root of your disk. This lumps the Linux bootloader in with Mac & Windows. We’ll sort that out shortly….
  5. You can install a swap partition. This is used to supplement the RAM on your system. It’s completely optional, but you may get a warning if you don’t create one. As a rule of thumb, your swap partition should be around twice the size of your RAM (e.g. 8GB of RAM – 16GB swap). If you’ve got a decent amount of RAM, you shouldn’t need this.

At this point, you now technically have a triple install. Hooray! However, Windows will now refuse to boot as the Linux install has just overwritten the Windows bootloader. Boo! Time to sort this out!

Step 4 – Fix The Windows Install

Once you have Linux installed, you’ll need to remake the Windows bootloader as Linux has overwritten it!

This is simply done from within the Linux install, open up a terminal and type:

sudo gdisk /dev/sda (if this doesn’t work, you may need to install gdisk with the command: sudo apt-get install gdisk

Type p to view the partition table. This should show you the /dev/sda1 disk.

Type x to bring up the expert menu

Type n to create an empty MBR. You don’t get a confirmation of this being created, but you should just get another expert prompt.

Type w to save your changes, confirm and exit.

This should now fix the Windows bootloader and you can now boot into any of the three OSes by rebooting and selecting the desired partition. However, you can use the Refind app to have a neat bootloader.

Step 5- Install the Refind bootloader

Refind is the graphical interface for your bootloader, which will give you the option of which OS to boot into everytime you restart. This saves you having to remember to hold down the Alt key everytime!

This can be relatively easy or a bit of a pain, depending on your vintage of Mac. Refind will sort your bootloader out, but Apple have added SIP (System Integrity Protection) to Macs and this means that Refind can’t make the changes to the Apple bootloader to get up and running.

To check if you have SIP enabled, boot back into your Mac partition using Alt and bring up a terminal window. Type:

csrutil status

to see if SIP is enabled. If it says “disabled” then it’s simply a matter of double clicking on the refind-install file in your Refind folder. If this is the case, you now have a working Refind install. Skip ahead to Step 6!

If it says “enabled” (which it probably will on most systems) then you’ll need to install Refind from the Recovery Mode, which neatly bypasses SIP. It is also possible to do this by disabling and re-enabling SIP from terminal, but I found this method works for me.

Reboot your Mac and hold down Command + R to boot into recovery mode. From here, select “Utilites”, then “Terminal” from the top menu.

Now you’ll need to get into the directory where you unzipped Refind. Hopefully you remember where it is! The command for this is cd followed by the directory path to the Refind folder.

For me, the directory path was Volumes/Macintosh\ HD/Users/John/Downloads/refind-bin-0.11.4/. Remember that tab will autocomplete valid folders (so you can just type refind then press tab to have the terminal autocomplete the folder name).

Once you’re in the refind directory, simply type:

./refind-install

Which will install Refind. You may then get a warning about SIP, but it won’t block the installation. You now can exit out of Recovery mode, which should now boot straight into Refind!

Step 6 – Customise Refind (optional)

Now everything is up and running, you can fiddle about with the look and feel of Refind to make it look exactly how you wanted – different icons for the OSes, whole new themes and so forth. I found one handy thing to do is to remove the boot partitions from the list. You can do this by selecting the recycling icon on the second row and removing unwanted icons. If the wrong icon is hidden (I did this with Windows!) go back into this option to unhide it!

You should now (hopefully!) have a Refind controlled triple booting Mac. Enjoy!

Resources

As stated, I used a number of resources to get my installation working. Here’s a list of the most useful pages:

https://www.innoq.com/en/blog/triple-booting-a-mac/

https://github.com/aroman/elementary-on-a-mac

https://robpickering.com/triple-boot-macbook-pro-macos-windows-10-linux/

http://www.rodsbooks.com/refind/configfile.html

Posted in Uncategorized | Tagged , , , , | Leave a comment

Open Rights Group Conference 2019

Posted on July 17, 2019 by John

I popped my ORGcon cherry on Saturday – lured by the promise of an Edward Snowden keynote, I popped up to the beautiful Friends House in Euston to hear talks on a range of digital privacy issues.

I was impressed by the range of panelists and speakers – from all ends of the privacy spectrum; Big Brother Watch to GCHQ were represented and met with not with fire and fury, but a mutual respect and a wish to make our digital lives better.

I’ve noted which speakers were at each talk – their bios can be found on the ORGcon website here.

I’ve jotted down a brief summary of my impressions from each talk – hopefully they’ll give a little glimpse into each session I attended. ORG livestreamed all the main stage talks (including the Snowden keynote) – you can find the recording here. I understand that they’ll have more recordings on their YouTube channel soon.

There were also two amazing artists who were sketching a summary of each talk – here’s a sample of a few of them, incredible talent to do this on the fly all day on a hot Saturday!

Snowden Keynote

Speakers: Edward Snowden & Martin Bright

State surveillance which now targets journalists, political minorities and immigrants protects “state security” rather than “public security”. Mass surveillance is not just a failure of privacy, but a failure of democracy.

When asked if his personal politics had shifted from the right while at NSA to the left as he leaked their data, he replied that he had never been about left or right – he was more concerned with the “up and down” of the powers governments held.

We now think so little of politicians that we expect the worst from them in any situation…

Great question from the audience – how do children deal with corporations predating on their personal data? Snowden noted that most younger users don’t really care about giving up privacy in return for convenience.

We should instead be building towards technology that doesn’t require people to read patch notes, tech advisories and pages of user agreements to engage securely

He finished on an upbeat note – there is hope for the future – society will shape the regulations, change can be effected!

The Personal is the Political – How your data defines your personal ads

Panel: Reema Patel, Ravi Nalik, Rose Acton, Steve Wood

Political ads learning from Facebook etc on how to present ads – A/B testing, scaling etc. Very economical to reach large numbers and tweak adverts based on feedback.

Lots of concern about regulation – ads need to be archived and transparency as to who commissioned them. Big issue around third parties putting forward ads without ties to the parent party. Regulation is fining non-compliance, but third parties will be harder to pin down.

One gentleman asked about mind control – the audience getting a dopamine rush from their laptops and smart devices rather than engaging with the talk going on. How will this be regulated? The panel did not have an answer….

Can tech be truly ethical?

Panel: Paul Dourish, Lillian Edwards, Ann Light, Gina Neff

Is this a matter of design or regulation?

Lots of discussion around process vs people. Concerns about biases in algorithms, e.g Amazon tech hiring algorithm prioritising men over women due to the bias of the programmers…

Most of the panel felt change will be a mix of regulation and design. One question from the audience was how to deal with the “charging bulls” (e.g. Facebook). More intense regulation definitely required – but other monolithic companies can “be better”; Microsoft as a good example of a company doing the right thing.

Companies should change from “Move fast and break stuff” to “Move slowly and grow stuff”

“Tech isn’t good, isn’t bad, but it’s not neutral either”

Facial Recognition

Panel: Silkie Carlo, Dr. Suzanne Shale, Sian Berry, Madhumita Murgia

General concern that the Metropolitan Police Service had been running LFR (Live Facial Recognition) trials since 2014 and that match rates were extremely low (80%+ mismatch rate). Officers are supposed to be performing QA on matches, but Big Brother Watch noted examples where people had been stopped regardless of the quality of the match.

Also of concern that LFR struggles with BME/female matching – algorithm bias introduced by engineers?

I was impressed to see MPs/Government attending and engaging on this subject (amongst others)

Solving the encryption dilemma

Interesting choice of speakers – Nate Cardoza (Privacy Policy Manager for Facebook) and Mark Daly (NCSC/GCHQ). Neither got booed! Cori Crider was an excellent moderator, with some penetrating questions.

Facebook Messenger currently not end-to-end encrypted, this is due to change in next 2 years.

Talked about the “Ghost Proposal” where government agencies would have key escrow on end-to-end encrypted communication . Mark Daly stated that the govt wasn’t interested in this currently…

Nate spoke about his shift from EFF to Facebook, wants to ensure that privacy is at forefront of FB policies. If he leaves, be concerned about what they’re up to… Hopefully a shift away from harvesting metadata.

A safeguarding dystopia

Panel: Jim Killock, Josianne Galea Baron, Vinous Ali

How do we go about protecting children online?

Thorough summary of UNICEF’s mission to protect children by Josianne. Children have numerous rights enshrined in law to safeguard them (similar to Human Rights Act)

Technology can empower children, but is it being used in the right way to keep them safe?

Are the age verification measures being put in place suitable, workable? – concerns around privacy of data (breaches, who holds the data). Mindgeek are aiming to be the AgeID gatekeepers – they’re also the owners of one of the biggest porn sites on the Web.

Little thought given to educating parents on how to keep children safe online. Definitely a key issue and one given very little weight by the government!

Legislation- issues with sexting in underage but age-appropriate relationships (although Outcome 21 not mentioned)

Vulnerability – many children in vulnerable situations (care homes etc). Harder to protect them.

Thanks to Owen Blacker, who live tweeted this discussion and reminded me of some of the talking points!

Final Thoughts

This was a really interesting convention – I was genuinely surprised with the breadth of speakers attending. Getting representatives from Parliament and the big data companies is essential if we want to enact the changes discussed and they seemed engaged and receptive to criticisms of policy and law within their respective organisations.

I was slightly disappointed not to be able to get into the Action Space, which was looking at the data held on mobile phones and how companies hide their tracking of users and pull that data out. Obviously a popular topic!

I think the conference was just on the verge of needing a second day – I had to choose between two different talks a couple of times, but it would require a few more main stage talks to fill out a second day (which I’m sure they could have arranged).

All in all, I really enjoyed my first ORGcon, see you there next year!

Posted in Conferences | Leave a comment

London CryptoParty 2017

Posted on April 30, 2017 by John

Thought I’d put out a short writeup from the London CryptoParty, held last Friday at IDEALondon (https://www.cryptoparty.in/london)

First of all, massive thanks to IDEALondon for making the space available for the event (and the drinks!). Also thanks to Leonie Tanczer (@leotanczt) for organising and leading the evening.

After a brief introduction by Leonie and a run through of a selection of suggested topics that generated some great debate, each table took some time to talk about what they wanted to look at during the evening. What was great to see is that there was a real diversity of knowledge in the room, from cybersecurity experts to people who didn’t know what HTTPS was! It’s very encouraging to see people who don’t have a huge amount of experience coming to these events – it can often be very daunting for the newcomer.

Our table decided to discuss (amongst many other things) VPNs and TOR. A great comparison site was put forward – https://thatoneprivacysite.net/ which looks to be a fairly definite list of VPN providers. I shall definitely be checking some of them out. Ironically, many of the VPN sites were blocked on the local network…..

We also spent some time talking about TOR, why its use is justified, the risks in using it (given that ISPs can see that you’re using TOR unless you take extra steps to mask yourself) and a little rundown on how it works Check out https://www.torproject.org/about/overview for an overview.

I briefly moved over to one of the other tables, where they had moved onto more advanced discussions… machine learning in IDS was one – a little over my head! But it was interesting to hear about what the guys on the frontline are into in regards to security.

Unfortunately, that was all we had time for – a few moved on for the usual post-meeting beers, while I meandered back to Moorgate.

There were quite a few other topics posted up for discussion which we just didn’t get time for, including:

Disk Encryption (Veracrypt http://veracrypt.codeplex.com/, Filevault, etc)

Password Managers (Keepass, Lastpass, etc) – this was briefly discussed at the start of the meeting, with people in favour and against their use. As someone who doesn’t use one, it was interesting to hear what the other side thinks – it definitely made me consider using one in the future.

HTTPS (Ghostery, HTTPS Everywhere)

Email Encryption (GPG, Thunderbird, etc) – again, this was talked about. The main issue with this is the genuine difficulty in setting up signed email, which limits the amount of other users to send to… Most people seemed to be happier using Whatsapp or Signal!

Overall, I thought it was a great session. I liked the open discussion at the start of the evening – it gave everyone a good idea of what was worth discussing, as well as being able to have a wider discussion about the proposed topics. While I didn’t spend too much time doing anything practical (although I did finally install VeraCrypt), I found it particularly useful to hear about the latest trends in encryption, especially when it comes to VPNs. It can often be more useful to take a few notes, come home and do a bit of research rather than try to install and get a new program running at the event (especially when it’s PGP mail…..)

I’d definitely recommend this to any tech newbies (or even tech oldies!) – there was no judgement about people’s abilities and everyone was more than happy to spend time explaining the fundamentals and help get programs up and running. If you’re considering coming to a CryptoParty in the future, but you’re worried about not knowing what’s going on, don’t worry!

 

 

Posted in Uncategorized | Tagged , , | Leave a comment