TransWikia.com

Ubuntu 20.04 + WIndows 10 Pro + disk encryption

Ask Ubuntu Asked by obe on October 21, 2020

I would like to use dual-boot with Windows 10 + BitLocker next to Ubuntu 20.04 + encryption (what is the full-disk encryption software that comes with Ubuntu 20.04 called?).

I don’t need (or want) Ubuntu or Windows to access each other’s partitions.

I installed Windows 10 and enabled BitLocker.
I started the Ubuntu installation, and, when asking to install side-by-side with Windows, I received a prompt that sent me to here: https://discourse.ubuntu.com/t/ubuntu-installation-on-computers-running-windows-and-bitlocker-turned-on/15338/5

I’m a bit unsure how to proceed.

  1. When I installed Windows, I intentionally left an unallocated partition at the end of the disk.
    Now I’m thinking to just "manually" tell the installer to install Ubuntu on it, but I’m not sure if I’ll get the dual-boot screen this way.

  2. My second thought was to disable BitLocker, install Ubuntu, and then re-enable BitLocker. Will that work? Is that better?

  3. My last concern is about encryption at the Ubuntu side. Will Ubuntu be able to encrypt only its own partition, and thus not affect my Windows installation, with the tool that comes with it? If not – perhaps someone can suggest an alternative tool that would allow that? (a commercial tool is also acceptable).

One Answer

I have done a similar setup with Windows 10 and Ubuntu 18.04, following the instructions provided by Paddy Landau (https://help.ubuntu.com/community/ManualFullSystemEncryption). Mike Kasberg provides similar instructions for Ubuntu 20.04 (https://www.mikekasberg.com/blog/2020/04/08/dual-boot-ubuntu-and-windows-with-encryption.html).

In outline, the steps are:

  1. Install Windows 10 in a suitably-sized partition, or, if already installed, shrink the Windows partition to create space for Linux.
  2. Create two new partitions: a) boot, b) Linux system & data.
  3. Encrypt the Linux system & data partition using LUKS. You'll need to provide a disc-encryption passphrase.
  4. Set up an LVM within the encrypted partition, to include a root filespace and a swap space.
  5. Install Ubuntu using the standard installer. Configure the partitions to point to the existing boot partition, root filespace and swap space.
  6. Set up /etc/crypttab and run update-initramfs so that the system will know how to decrypt the LUKS partition the next time you boot.

Having done this, when you boot the machine, you'll be taken to the grub menu. If you choose Ubuntu, you'll be prompted for the disc-encryption passphrase. If you're not using BitLocker on your Windows partition, then you can alternatively boot into Windows from the grub menu. If you are using BitLocker, then you wont be able to go via grub - instead you'll need to go directly into booting Windows from the BIOS, typcially by pressing F12 when you start up.

This arrangement gives you encrypted Linux system & data and swap partitions. The boot partition is not encrypted.

When switching between the two operating systems, you must ensure you do a proper shut down. If you just do a hibernate (from Ubuntu), and then boot into Windows, you will find that the boot partition gets corrupted. Beware! The corruption can be fixed, but requires booting Ubuntu from a USB stick, and entering a dozen or so commands.

If you have Windows 10 already installed, you may run into problems when attempting to shrink the partition. The Windows 10 Disk Management tool is liable to tell you there are "unmovable files", and it may limit how much you can shrink the partition. If you want to shrink the partition more than this, you need to disable System Protection. Then you'll find you can shrink the partition some more. You may need to do it in several small steps. When you're done, re-enable System Protection.

This is just an outline. For full details, see the links at the top.

Correct answer by David-o on October 21, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP