Whole disk encryption, HP laptops, and other shenanigans

I use an HP tm2-1070ca convertible tablet laptop as my primary machine, and have one hell of a love-hate relationship with it.

I adore the convertible tablet format; being able to annotate PDFs in Xournal /Acrobat / Windows Journal, “think on paper” by sketching out a design or a circuit, or flip the screen around to show something on it to the person across the table from you are all at this point part of how I use computers and I find I hate having to go back to using machines I can’t poke.

But as I’ll detail below, it’s got some downright weird stuff going on when it comes to hardware compatibilities.

Given all the ridiculosity around HP’s hardware business at the moment, my next machine is virtually certain to be another brand.  I’m currently eyeing some Fujitsus, but would love to hear about other convertibles folks have had good experiences with, particularly with running multiple OSs on them.

Ubuntu lessons

For 11.04, I needed acpi=off to get the installer to work. It turned out that disabling VT in the BIOS made it work alright with acpi on, but things were otherwise just sort of flaky – the touchscreen in particular would just sometimes work, and sometimes not.  I made a bunch of changes at the same time which lead to confusion about what was actually going on here; it turns out my shiny new SSD was not the problem, but it was a 11.04 regression against this particular BIOS, which I worked around by disabling VT.  Many thanks to Matthew Garrett for spending a bunch of time helping me troubleshoot this.

I used the Ubuntu alternate installer and the built-in whole disk encryption, and it performed very nicely on the SSD, benchmarking at nearly the same speed as the drive running in plaintest.  Sorry I don’t have the numbers handy :/

This isn’t specific to this laptop, but took me some time to figure out so I’m recording it for the convenience of those searching for this error:  if you try to mount your old luks/lvm encrypted system drive on another luks/lvm encrypted machine which happens to have the same hostname, you’ll get an error saying that it’s “not a valid file system,” which is obviously not at all what’s going on.  lvm simply can’t deal with volumes with the same name, and your volumes are named after the hostname you set on install.  lvs and lvrename are the relevant commands here.

Also, if you try to mount a luks/lvm encrypted drive on a machine which has not had luks/lvm applied on install, you’ll need to install the libraries which it uses – cryptsetup and lvm2.  This seems obvious in retrospect but non-specific error messages lead to me stressing out that I’d hosed my drive, which hadn’t been backed up in a few days.

HP laptops + MBR-based whole disk encryption = 😦

The above VT issue ended up being the dealbreaker for me running Ubuntu as the host OS on this machine – I need VMs to do a bunch of things, so now I’m running Win7, with Ubuntu in a VM (along with various other things).

Search for “hp laptop truecrypt” and you will see that I am not the first to venture into this particular valley of fail.  I’ve seen threads where people report that PGP’s WDE also doesn’t work.  Given that Ubuntu’s WDE worked just fine, I suspect that it’s something with MBR-based WDE rather than the way it’s done with luks/lvm; the other thing that makes me suspect this is that the way you know it’s failing is that the laptop will blink the capslock key, in my case 5 times indicating a “general system board failure”.  There’s no blink code for “hard drive problem” and it’s different from the error you get when you boot without a hard drive installed, so my guess is that the 5-blink code covers hard drive errors too.

I don’t have any workaround for this one.  I’ve tried truecrypt WDE on a couple of different drives, to no avail.  I’ve even bugged HP on the twitters but they haven’t gotten back to me.  Oh well.  I’ll eventually put Win7 Ultimate on it and try Bitlocker… after making a whole disk backup because I am really, really tired of reinstalling, heh.

Hopefully someone will find the above useful.  It’s been an adventure.

10 thoughts on “Whole disk encryption, HP laptops, and other shenanigans

  1. You might consider a Thinkpad tablet for your next machine. I have a non-convertible Thinkpad X61s and I love it, but it’s getting old and I’m considering replacing it with an X220 Tablet. (Or I might get a non-tablet version, or maybe even a MacBook, but I really like the convertible idea.)

  2. I feel your pain, I own an HP Mini 1010nr.
    Between the closed drivers for some of the hardware *cough*wireless*cough* and the encrypted volume issues I’ve ran into with it in the past, I’m sold on never owning another HP ever again.

  3. there are known issues with PGP WDE and latest SandyBridge chipset. Check that.

    Also, I’ve heard of the PGP WDE affecting machines that used Quick Format’s vs full formats in the Windows NTFS world. Maybe doing a mkfs -c (checking for badblocks) on all partitions including swap will ensure that you don’t encounter any flaky blocks.

    1. I was using truecrypt and a c2d myself, so it’s not the Sandy Bridge issue in my case.

      Thanks for the tip about quick format though, maybe I’ll give that a try when I have some cycles.

  4. I didn’t know 11.04 had WDE built-in. I am eager to upgrade but am avoiding it like the plague until they fix that kernel power regression. I bought a netbook mainly for the purpose of saving power.

    Sorry to hear you had to VM your way into Linux via Win7. Sounds very annoying.

    1. I worry that that won’t work with my janky BIOS either… but it’s worth a try. I’ll see if I can borrow one from someone to test it or perhaps acquire one when I’m less impecunious 🙂

      Also I just saw the Pasaffe post on your blog, awesomesauce!

Comments are closed.