Skip to content

Instantly share code, notes, and snippets.

@csghone
Last active December 6, 2020 19:42
Show Gist options
  • Save csghone/7c0c756a179cda0ae4afe1deb50d5a07 to your computer and use it in GitHub Desktop.
Save csghone/7c0c756a179cda0ae4afe1deb50d5a07 to your computer and use it in GitHub Desktop.
Enabling Dual Boot on Dell Laptop

Summary

  • This is a collection of resources used when trying to setup Windows 10 + Ubuntu dual-boot system on Dell Inspiron 7501
  • Windows 10 was pre-installed
  • This was written in Dec 2020 (LUKS vs ecryptfs, LUKS1 vs LUKS2, Intel RST problems)
  • First section list requirements/choices/problems faced in this process
  • Middle sections give details of steps used to solve different problems
  • The last section gives the actual steps used by me.

Considerations

  • Basic requirements
    • Encrypted disk for both Windows 10 and Ubuntu
    • Ability to mount Windows partition on Ubuntu
    • Final system will boot by default into Ubuntu
    • Ability to reboot Ubuntu remotely (provide key over SSH)
  • Does BIOS support legacy mode or UEFI only (newer DELL laptops are UEFI only)
    • If Legacy BIOS mode can be enabled, nothing special is needed.
  • How much diskspace to allocate to Linux
  • If Bitlocker is used for encryption, do you want access to Windows drive in Linux.
    • Based on whether you use (TPM + PIN) or Password for encryption in Bitlocker some steps in decryption on Linux change
  • Disable Windows Fast Startup (to avoid un-safe mount error when mounting on Linux, might not be needed)
    • Probably gets disabled when you disable Intel RST (see below)
    • Maybe you can keep Intel RST and disable Fast Startup (not sure if this works)
  • Do you want Linux drive to be encrypted.
    • Use full disk encryption or home folder only
      • ecryptfs for home folder encryption is not recommended as it is buggy/less maintained
    • If using full disk encryption, how do you reboot and login remotely, specifically over wifi ?
  • Do you want hibernate/suspend in Linux - if yes, you will need to create swap space
  • Is RAID enabled on your default disk and Intel RST is active
    • Ubuntu installations might throw error for some cases and this need to be disabled.
    • Maybe Disabling Windows Fast Startup can avoid this error (did not try this)
  • Create another drive for sharing data across Windows/Linux instead of mounting OS drive

References

Dislocker to mount Windows drive

sudo apt-get update
sudo apt-get install dislocker ntfs-3g exfat-fuse
  • If using dislocker from git (not needed for Ubuntu 20.04)
sudo apt-get install cmake git libfuse-dev libmbedtls-dev
git clone https://github.com/Aorimn/dislocker
cd dislocker ; mkdir build ; cd build ; cmake ../ ; make ; sudo make install
# Possibly some more steps needed for dislocker fuse driver to work.
  • If Bitlocker is encrypted with TPM+PIN (Change -t ntfs-3g as needed)
sudo mkdir -p /media/bitlocker
sudo mkdir -p /media/bitlockermount
sudo dislocker <partition> -p<recovery_key> -- /media/bitlocker
sudo mount -o loop /media/bitlocker/dislocker-file /media/bitlockermount -t ntfs-3g
  • If Bitlocker is encrypted with plain password (Change -t ntfs-3g as needed)
sudo mkdir -p /media/bitlocker
sudo mkdir -p /media/bitlockermount
sudo dislocker <partition> -u<password> -- /media/bitlocker
sudo mount -o loop /media/bitlocker/dislocker-file /media/bitlockermount -t ntfs-3g
  • Add to /etc/fstab for auto mount with recovery-key (Change ntfs-3g if needed)
<partition> /media/bitlocker fuse.dislocker recovery-password=<recovery_key>,nofail 0 0
/media/bitlocker/dislocker-file /media/bitlockermount ntfs-3g nofail 0 0
  • Add to /etc/fstab for auto mount with user-password (Change ntfs-3g if needed)
<partition> /media/bitlocker fuse.dislocker user-password=<password>,nofail 0 0
/media/bitlocker/dislocker-file /media/bitlockermount -t ntfs-3g nofail 0 0

Installing Encrypted Ubuntu

# Setup encryption with passphrase for root partition
cryptsetup luksFormat --type=luks1 /dev/sda6
cryptsetup open /dev/sda6 sda6_crypt
# Verify drive unlocked
ls /dev/mapper/
  • Setup LVM
pvcreate /dev/mapper/sda6_crypt
vgcreate ubuntu-vg /dev/mapper/sda6_crypt
# Optionally create swap
#lvcreate -L 8G -n swap_1 ubuntu-vg 
# Create root
lvcreate -l 100%FREE -n root ubuntu-vg
  • Launch the Install Ubuntu shortcut and install Ubuntu
    • Select Something else mode for disk
    • For /boot use /dev/sda6
    • For /, use /dev/mapper/ubuntu--vg-root
    • You can use base device for bootloader (eg: /dev/sda or /dev/nvme0)
    • Continue installation as usual
    • Don't reboot after installation
  • Setup /etc/crypttab in the newly installed Ubuntu
    • Chroot to the newly installed Ubuntu
# Get UUID of root partition
sudo blkid /dev/sda6
mkdir /target
sudo mount /dev/mapper/ubuntu--vg-root /target
sudo mount /dev/sda5 /target/boot
for n in proc sys dev etc/resolv.conf; do mount --rbind /$n /target/$n; done 
chroot /target
  • Setup crypttab
mount -a
echo 'sda6_crypt UUID=abcdefgh-1234-5678-9012-abcdefghijklm none luks,discard' >> /etc/crypttab
update-initramfs -k all -c

Setting up LUKS decryption in initramfs using dropbear SSH

apt-get install -yy dropbear-initramfs cryptsetup-initramfs lvm2

echo 'DROPBEAR_OPTIONS="-RFEsjk -c /bin/cryptroot-unlock"' > /etc/dropbear-initramfs/config

# Add your local SSH public keys to dropbear's authorized_keys file to allow password-less logins
echo '<YOUR_PUBLIC_KEY>' > /etc/dropbear-initramfs/authorized_keys

# Check if /etc/crypttab contains an entry like below;
# LUKS volume and device names vary depending on your configuration and hardware.
sda2_crypt /dev/sda2 none luks,initramfs

# Add network support to the initramfs; replace variables with your server's network configuration
# It's important to select the right network interface name.

# For static IP:
#echo 'IP="${ip_address}::${gw_ip}:${netmask}:${optional_fqdn}:${interface_name}:none"' >  /etc/initramfs-tools/conf.d/ip
#echo 'ip="${ip_address}::${gw_ip}:${netmask}:${optional_fqdn}:${interface_name}:none"' >> /etc/initramfs-tools/conf.d/ip

# For DHCP
echo 'ip=::::${optional_fqdn}:${device}:dhcp' >  /etc/initramfs-tools/conf.d/ip
echo 'IP=::::${optional_fqdn}:${device}:dhcp' >> /etc/initramfs-tools/conf.d/ip

update-initramfs -k all -u
  • Disable dropbear for normal system
echo 'NO_START=1' >> /etc/default/dropbear

Enabling Wifi in initramfs

# !/bin/sh
set -e
PREREQ=""
prereqs()
{
    echo "${PREREQ}"
}
case "${1}" in
    prereqs)
        prereqs
        exit 0
        ;;
esac

. /usr/share/initramfs-tools/hook-functions

# CHANGE HERE for your correct modules.
manual_add_modules iwlwifi iwlmvm
copy_exec /sbin/wpa_supplicant
copy_exec /sbin/wpa_cli
copy_file config /etc/initramfs-tools/wpa_supplicant.conf /etc/wpa_supplicant.conf
  • Create /etc/initramfs-tools/wpa_supplicant.conf
# Sample /etc/initramfs-tools/wpa_supplicant.conf
# note that this is independent of the system /etc/wpa_supplicant.conf (if any)
# only add the network you need at boot time. **And keep the ctrl_interface** !!
ctrl_interface=/tmp/wpa_supplicant

network={
    ssid="MyNetwork"
    psk="network passphrase"
}
  • Copy latest wifi firmware
git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git
cd linux-firmware
sudo cp iwlwifi-* /lib/firmware/
  • Create /etc/initramfs-tools/scripts/init-premount/a_enable_wireless (Change interface name here)
#!/bin/sh
PREREQ=""
prereqs()
{
    echo "$PREREQ"
}

case $1 in
prereqs)
    prereqs
    exit 0
    ;;
esac

. /scripts/functions

AUTH_LIMIT=30
INTERFACE="wlp5s0"
alias WPACLI="/sbin/wpa_cli -p/tmp/wpa_supplicant -i$INTERFACE "

log_begin_msg "Starting WLAN connection"
/sbin/wpa_supplicant  -i$INTERFACE -c/etc/wpa_supplicant.conf -P/run/initram-wpa_supplicant.pid -B -f /tmp/wpa_supplicant.log

# Wait for AUTH_LIMIT seconds, then check the status
limit=${AUTH_LIMIT}

echo -n "Waiting for connection (max ${AUTH_LIMIT} seconds)"
while [ $limit -ge 0 -a `WPACLI status | grep wpa_state` != "wpa_state=COMPLETED" ]
do
    sleep 1
    echo -n "."
    limit=`expr $limit - 1`
done
echo ""

if [ `WPACLI status | grep wpa_state` != "wpa_state=COMPLETED" ]; then
  ONLINE=0
  log_failure_msg "WLAN offline after timeout"
  panic
else
  ONLINE=1
  log_success_msg "WLAN online"
fi

configure_networking
  • Create /etc/initramfs-tools/scripts/local-bottom/kill_wireless
#!/bin/sh
PREREQ=""
prereqs()
{
    echo "$PREREQ"
}

case $1 in
prereqs)
    prereqs
    exit 0
    ;;
esac

echo "Killing wpa_supplicant so the system takes over later."
kill `cat /run/initram-wpa_supplicant.pid`
  • Final touches
chmod +x /etc/initramfs-tools/scripts/local-bottom/kill_wireless
chmod +x /etc/initramfs-tools/scripts/init-premount/a_enable_wireless
chmod +x /etc/initramfs-tools/hooks/enable-wireless

update-initramfs -k all -u
update-grub

Actual order of events when setting up

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment