I use Ubuntu (20.04 LTS, now 22.04 LTS) as my main operating system. Some background on switching from OS X to Ubuntu here: https://github.com/bjohas/Ubuntu-keyboard-map-like-OS-X. I don't really use Windows at all, and I am surprised with how the intial setup of Windows has gone wrong for some of my friends (missing dlls, etc etc). However, there are a few 'OS X / Windows only things' and with a larger SSD on a new laptop, I thought I'd preserve Windows. E.g., 'OS X / Windows only things' include Adobe Creative Suite, as well as using Oculus/Meta Quest 2 via a PC connection.
I used these instructions to dual-boot-ubuntu-and-windows-with-encryption.md https://www.mikekasberg.com/blog/2020/04/08/dual-boot-ubuntu-and-windows-with-encryption.html
Dual-booting with encrypted storage should not be this hard in
20202022.Me - quoting https://www.mikekasberg.com/blog/2020/04/08/dual-boot-ubuntu-and-windows-with-encryption.html
I'm using the same 'phase' numbers as the above.
My system:
- Fresh Dell XPS 13 9310 (16GB, 1TB) with windows installed.
Note. I've typed this after the installation to create a record of it. I hope I've got all the commands correct, but there may be errors. Check Mike Kasberg's blog as needed.
Boot into windows, shrink disk (typically C). I shrank the C-disk to 100GB, which should give plenty of space for additional applications in Windows. This left me about 830 GB or so for Ubuntu.
I also disabled bitlocker (recommeded in some tutorials for dual boot).
Put in your 22.04 LTS USB stick, boot the XPS and type F12, select USB stick, continue boot and 'try ubuntu'.
As noted in the tutorial above, your device may vary. For my machine, the device was /dev/nvme0n1
. So for convenience I set
DEV=/dev/nvme0n1
I can then run
sudo sgdisk --print $DEV
For me, partitions 1-6 were used by Windows, while the large 830 GB partition was 7. So for convenience I set
BOOT=5
ROOT=6
In other words, the plan is to create two partitions (7 and 8), one for boot (7) and one for the root fs (8).
sudo sgdisk --new=$BOOT:0:+768M $DEV
sudo sgdisk --new=$ROOT:0:0 $DEV
sudo sgdisk --change-name=$BOOT:/boot --change-name=$ROOT:rootfs $DEV
Check:
sudo sgdisk --print $DEV
Then I ran
DEV=/dev/nvme0n1
sudo mkfs.ext4 -L boot ${DEV}p${BOOT}
Check:
sudo sgdisk --print $DEV
Now cryptsetup
:
sudo cryptsetup luksFormat ${DEV}p${ROOT}
cryptsetup open ${DEV}p${ROOT} mycrypt
Note that whatever you chose here (mycrypt
) will be what appears when you are asked to unlock the disk. Also note that Mike Kasberg's blog suggested LUKS v1 here, but I removed that option. Apparently there's LUKS v2 which will work for the root partition. So I thought I'd just go with what cryptsetup
offers by default.
You can check that mycrypt
exists: ls /dev/mapper/
. I then set:
XC=/dev/mapper/mycrypt
and ran the following commands to create physical and logical volumes for swap and root:
sudo pvcreate $XC
sudo vgcreate ubuntu-vg $XC
sudo lvcreate -L 16G -n swap_1 ubuntu-vg
sudo lvcreate -l 100%FREE -n root ubuntu-vg
If you are typing this in, note that the last command has a -l
(lower case). I've used 16 GB as swap, as I have 16 GB as RAM. There are various opinions about how to set your swap, and you might be able to use less.
Note that this creates a swap and the root partition. There is a school of thought that a /home
partition is a good idea. That does mean that you can reinstall Ubuntu more easily (while keeping your files in /home
extra safe). However, I don't really experiment with reinstalling Ubuntu often. Having a separate /home
partition means that you have to decide up front on how much space you need for the OS part, and how much you need for /home
. While I do not regularly reinstall Ubuntu, but I do regularly run out of disk space, so I prefer to just have /
, without separate /home
.
Going back from the terminal to the desktop, I now started the Ubuntu installer, went through the steps and eventually selected 'something else'.
The menu wasn't entirely obviously to me.
- Basically, you need to use ~800M partition as ext4 with mount point /boot. In detail, this means: locate the partition, highlight it, select 'change', then select 'ext4', then select /boot
- Then, use /dev/mapper/ubuntu--vg-root as ext4 with mount point /. In detail, this means 'change', then select 'ext4', then select /
- Then, se /dev/mapper/ubuntu--vg-swap_1 as swap. This means 'change', then select 'swap area'
The bootloader device should be $DEV
. For me this was selected already. mikekasberg commented: "though it appears that this setting might not actually be used in UEFI mode"
Then, run this installer. ... time passes ... When the installer is finished, select 'continue Testing'.
Run this
#sudo blkid $DEV
sudo blkid ${DEV}p${ROOT}
and record the UUID of the device as $UUID
. We'll use it below. You can run this
#echo "$DEV UUID=$UUID none luks,discard"
echo "mycrypt UUID=$UUID none luks,discard" # no need dbl quotes for UUID, ie. UUID=abcd-1234..
and save the result for later. Note that you want the UUID, not the PARTUUID.
Then a set of commands that aren't entirely obviously to me, but running them worked:
sudo mount /dev/mapper/ubuntu--vg-root /target
#sudo mount $d/dev/sda5 /target/boot
sudo mount ${DEV}p${BOOT} /target/boot
sudo su -
for n in proc sys dev etc/resolv.conf; do mount --rbind /$n /target/$n; done
chroot /target
mount -a
Now create crypttab
. For me this file didn't exist:
ls /etc/crypttab
So I do:
sudo nano /etc/crypttab
and paste the string you saved above (i.e., $DEV UUID=$UUID none luks,discard
with $DEV
and $UUID
from above). Save and quit.
Then
sudo update-initramfs -k all -c
Now reboot and you should see the Ubuntu option in the grub menu alongside windows. Presumably you can now go back to windows and enable bitlocker again (but I haven't tried this). For some more thoughts, see Mike Kasberg's blog, which says
By default, your computer will boot into grub, which can boot Ubuntu. Although Windows is listed in grub, booting Windows from grub with BitLocker enabled won’t initially work because the system’s TPM will detect a change in the boot sequence. The easiest way to avoid this problem is to boot Windows directly from your computer’s BIOS boot menu - usually accessible by pressing F12 on startup.