How to set up a fully encrypted dual boot PC

I planned to reinstall my (old) laptop with a fully encrypted hard drive and dual boot (Windows and linux).
Unfortunately, I couldn't find a (free) software solution that supports this. So I'll use different systems for Windows and linux. A hardware based full disk encryption might do the trick, but this must be supported by your PC hardware.
For the encryption of the Windows system partition I will use TrueCrypt.
The linux encryption will use dmcrypt / LUKS.

Disclaimer : This article is intended for advanced computer users. Please don't try any of this if :

• you never installed Windows or Linux before
• you are not comfortable with encrypting your hard drive
• you don't know why you should encrypt your hard drive
• you don't know how encryption works 
• it is not legal to use encryption in your country

If you do something wrong you might loose all data on your hard drive, or your PC might not start up. I am not responsible for data loss, in case you try what's described below.

If you are not comfortable with all this, please don't try what I have described below. This article is intended for people who want to try creating a fully encrypted hard drive, and have the experience, skills and knowledge to make it work or to restore a PC if something goes wrong.
It is advised to make a backup of your harddrive before starting.

First step : install Windows

I'm installing Windows XP SP3, but this should work with future versions as well. (TrueCrypt supports XP, Vista and Windows 7)

Insert the Windows installation CD and create a partition with a size suitable for you (leave some space on the hard drive for Linux and the shared data partition : I chose 20 GB for Windows, 7 GB for linux and the rest for the shared data partition).
Install Windows on the created partition.

Second step : install Linux

For installation of linux with hard drive encryption, I would like to refer to an excellent manual (with Ubuntu 8.04). But make sure you change the location of the bootloader, otherwise your Windows system partition will not be available anymore :

• Click the Advanced button in the last screen of the installation process and select to install the boot loader on the Linux partition (in my case /dev/sda3), in stead of MBR (/dev/sda). 
  
  TrueCrypt uses the first sector of the hard drive to load a small program to decrypt the hard drive on boot, so a boot loader like GRUB should be installed in the first sector of a partition, not in MBR.

Last step : Encrypt hard drive

1. Download and install TrueCrypt.
   
2. Setup hard drive encryption :
   
   • Start TrueCrypt (in Windows)
     
   • In System -> Encrypt System Partition/Drive
   • In the window that opens, select Normal and click Next
   • Select Encrypt system partition and click Next
     
   • Answer No on the question to encrypt the Host Protected Area and click Next. (This is the safe answer to continue using diagnostic tools, ... that are installed by the manufacturer of your PC)
   • Choose Multi-boot and click Next. 
   • Confirm that you want to use the Multi-boot option.
   • Answer Yes on the question if the OS is on the same disk as the bootloader.
   • Choose the number of drives. In my case this is 1. But you have to choose 2 or more if you have more than one physical drives in your PC.
   • Answer No on the question if you use a non-Windows bootloader (f.e. GRUB, LILO) on the MBR (if you followed instructions your linux bootloader should not be in MBR)
   • Read the remarks about Multi-boot and click Next
   • Confirm the question about Windows Vista SP1.
   • Choose the desired encryption algorithm. Consider the strength of the desired encryption and the legal use of this type of encryption in your country. I choose AES (Rijndael). More info on the other encryption algorithms : Twofish, Serpent
   • Choose a password and confirm (Keep in mind, that it is adviced to use a strong password. Don't forget this password otherwise it is virtualy impossible to get your data on the encrypted hard drive back.)
   • Create random data by moving your mouse in the window. (The more random, the better the encryption)
   • Create a rescue-disk to be able to restore a damaged boot sector, save it to a disk (different from the one you are encrypting) and burn it to CD or DVD. The encryption process will not contibue unless you do so.
   • Choose the wipe mode, I chose 3-pass. You can choose another value if you are more or less paranoid.
   • Now your setup, computer, the bootloader and your password is tested. Your PC will reboot to do this. Nothing is encrypted at the moment. 
3. Reboot your PC and test all setting before encryption:
   
   • When rebooting, you will notice the normal bootloader was replaced by the one of Truecrypt. You have to enter the password you submitted in order to boot Windows
   • After reboot, TrueCrypt will start. If the test was succesfull, the encryption will start. The encryption process can be cancelled, paused or reverted at any time.
   • The encryption took little over an hour in my case (20GB partition size, 3-pass wipe mode)
     

Finally : booting your system

When your PC boots the TrueCrypt bootloader starts and asks you for a password to encrypt your harddrive. If you provide the correct password, Windows boots.
When you start TrueCrypt, you will notice the C-drive is already there (it was loaded at boot).

If you want to start linux, just press ESC in the TrueCrypt boot loader. This will take you to the linux boot loader (GRUB in my case).