When I recently got a new notebook on which I had to have a Windows 10 partition I had a bit of a fun time to make an Ubuntu / Windows 10 Dual Boot system out of it because Bitlocker wasn’t really happy about the change in the boot sequence. As I took quite some precautions before installing Ubuntu alongside Windows, I was able to wiggle out of the situation. Read on for a fun story how how to get dual boot right.
Backup, Backup, Backup
I got this new notebook with Windows 10 Pro pre-installed with the system partition encrypted with Bitlocker by default. Fine, I like security but I smelled trouble. So the first thing I did before proceeding was to use Clonezilla to make a backup of the 256 GB SSD. As the Windows partition is encrypted, the whole 256 GB had to be backed up which took a bit of time. During the backup I had a look if there is any trouble with Bitlocker and Linux dual boot and found the good advice to generate a ‘recovery key’, just in case. Also I created a Windows 10 recovery USB stick, just in case…
Bitlocker and Secure Boot
One more thing I wanted to do after the backup was complete was to disable secure boot in the BIOS. Bitlocker wouldn’t let me do it, however, as the notebook then refused to boot into Windows with Bitlocker enabled. O.k. so I left Secureboot enabled for the time being. In the next step I reduced the size of the Windows Bitlocker encrypted partition by 60 GB with the Windows on-board disk tool so I could install Ubuntu alongside. This worked well, took just a few seconds (to my surprise) and Windows kept booting normally.
Dual Boot Installation
And finally I ran Ubuntu 16.04.4 LTE from a USB stick to create a dual boot system. I also ran Ubuntu 17.10 on the notebook from a USB stick but Firefox kept crashing for some strange reasons while 16.04.4 was stable and, due to its 4.13 kernel, supported the notebook’s rather up to date hardware (Kaby Lake CPU and corresponding Intel Wifi).
As is normal with an Ubuntu installation, things are done in just a few minutes. The setup even informed me that due to secure boot being enabled I would not be able to install kernel drivers that are not in the repository. Fine, one thing at a time…
Bitlocker Is Not Happy With Dual Boot
Once the Ubuntu installation was done I rebooted into Ubuntu a few times just to make sure things are all right, which they were. When booting into Windows, however, Bitlocker complained that the boot process was changed and that I had to type in the recovery key. Imagine how glad I was that I created the recovery key before I started. While I was hoping that this was a one time thing and that this was the end of the story, that wasn’t quite so. Unfortunately, Bitlooker kept asking for the recovery key whenever I rebooted As the key is quite long that was not really an option. So as secure boot would have gotten in the way anyway at some point and there doesn’t seem to be a GUI option to run Bitlocker without Secure Boot and a TPM (Trusted Platform Module), I decided to disable Bitlocker and de-crypt the system partition. Perhaps I should try to change the local group policy to enable Bitlocker with a password instead of TPM and secure boot use as described here but that’s for another day. Once the partition was decrypted, dual booting both operating systems worked fine.
Summary
To make a long story short, I didn’t find a cool and straight forward way to run Ubuntu and Windows alongside each other with Bitlocker enabled. Ubuntu runs fine with Secure Boot enabled which is a good thing to know. But since every now and then I install kernel modules I disabled secure boot and both Ubuntu and Windows (without Bitlocker) were fine with that.