I use Ubuntu (20.04 LTS, now 22.04 LTS) as my main operating system. Some background on switching from OS X to Ubuntu here: https://github.com/bjohas/Ubuntu-keyboard-map-like-OS-X. I don't really use Windows at all, and I am surprised with how the intial setup of Windows has gone wrong for some of my friends (missing dlls, etc etc). However, there are a few 'OS X / Windows only things' and with a larger SSD on a new laptop, I thought I'd preserve Windows. E.g., 'OS X / Windows only things' include Adobe Creative Suite, as well as using Oculus/Meta Quest 2 via a PC connection.
I used these instructions to dual-boot-ubuntu-and-windows-with-encryption.md https://www.mikekasberg.com/blog/2020/04/08/dual-boot-ubuntu-and-windows-with-encryption.html
Dual-booting with encrypted storage should not be this hard in
20202022.Me - quoting https://www.mikekasberg.com/blog/2020/04/08/dual-boot-ubuntu-and-windows-with-encryption.html
I'm using the same 'phase' numbers as the above.
The systems I have set up this way:
- Dell XPS 13 9310 (16GB, 1TB), touch screen, with windows installed (factory settings);
- Dell XPS 13 9310 (16GB, 512GB), non-touch screen, with windows installed (factory settings).
Note. I've typed this after the installation to create a record of it. I hope I've got all the commands correct, but there may be errors. Check Mike Kasberg's blog as needed.
(Added 2022-06-11): If you are an Ubuntu user, then you may be setting Windows up from scratch. That means you'll have to
- select keyboard
- connect to a network
- accept licence terms
- name the device
- sign in with a microsoft account + password (unless you have a security key - but basically, there doesn't seem to be a way around that.
- you can skip face login
- create a pin
- answer a bunch of data sharing options
- skip customise experience
- backup options
- decline office365
- decline game pass The install will then get updates. "This might take a few minutes. Don't turn off your PC." Hopefully you'll then be logged in.
Otherwise: Just boot into windows. Windows key, type 'create and format hard disk partitions'. 'Disk management' opens.
Right click on (typically) C:, and 'shrink disk'. On the 1TB machine, I shrank the C-disk to 100GB, which should give plenty of space for additional applications in Windows. This left me about 830 GB or so for Ubuntu. On the 512GB machine, I shrank the disk to 33.40 GB (the smallest that was offered). You should now see, e.g., on the 512GB machine:
- 100 MB EFI
- (C:) 33.40 GB NTFS
- 442.GB Unallocated
- 611 MB Recovery
I also disabled bitlocker (recommeded in some tutorials for dual boot). Not all versions of windows seem to have this.
Put in your 22.04 LTS USB stick, boot the XPS and type F12, select USB stick, continue boot and 'try ubuntu'.
As noted in the tutorial above, your device may vary. For my machine, the device was /dev/nvme0n1
. Open a terminal.
So for convenience I set
DEV=/dev/nvme0n1
I can then run
sudo sgdisk --print $DEV
On the 1TB, partitions 1-6 were used by Windows, while the large 830 GB partition was 7. So for convenience I set
BOOT=7
ROOT=8
In other words, the plan is to create two partitions (7 and 8), one for boot (7) and one for the root fs (8).
For the 512GB machine, it looks like partitions 1-4 were used. Not sure why that's different. The first four come up as
- 1 EFI system (100 MiB)
- 2 Microsoft reserved (16MiB)
- 3 Basical data partition (33.4GiB)
- 4 (no label) (611MiB)
So I set
BOOT=5
ROOT=6
So I can now do
sudo sgdisk --new=$BOOT:0:+768M $DEV
For the 512GB machine, this worked. On the 1TB I got the message that 7 was already used. So I ran:
sudo sgdisk -d $BOOT $DEV
After that, I could run:
sudo sgdisk --new=$BOOT:0:+768M $DEV
sudo sgdisk --new=$ROOT:0:0 $DEV
sudo sgdisk --change-name=$BOOT:/boot --change-name=$ROOT:rootfs $DEV
Check:
sudo sgdisk --print $DEV
You'll see two new partitions with numbers $BOOT and $ROOT
- 768 MiB /boot
- 442.1 GiB rootfs (e.g., on the 512GB machine)
The typecode '8300' was already set, but I ran this anyway:
sudo sgdisk --typecode=$BOOT:8300 --typecode=$ROOT:8300 $DEV
I then tried
sudo mkfs.ext4 -L boot ${DEV}p${BOOT}
This worked on the 512GB, but on the 1TB it failed with 'device busy' (might have been because I had GUI apps open). I rebooted, then it worked:
DEV=/dev/nvme0n1
BOOT=7
ROOT=8
sudo mkfs.ext4 -L boot ${DEV}p${BOOT}
Check:
sudo sgdisk --print $DEV
Now cryptsetup
:
sudo cryptsetup luksFormat ${DEV}p${ROOT}
sudo cryptsetup open ${DEV}p${ROOT} xpscrypt
Double check the volume that you are overwriting and enter passwords.
Note that whatever you chose here (xpscrypt
) will be what appears when you are asked to unlock the disk. Also note that Mike Kasberg's blog suggested LUKS v1 here, but I removed that option. Apparently there's LUKS v2 which will work for the root partition. So I thought I'd just go with what cryptsetup
offers by default.
You can check that xpscrypt
exists: ls /dev/mapper/
. I then set:
XC=/dev/mapper/xpscrypt
and ran the following commands to create physical and logical volumes for swap and root:
sudo pvcreate $XC
sudo vgcreate ubuntu-vg $XC
sudo lvcreate -L 16G -n swap_1 ubuntu-vg
sudo lvcreate -l 100%FREE -n root ubuntu-vg
If you are typing this in, note that the last command has a -l
(lower case). I've used 16 GB as swap, as I have 16 GB as RAM. There are various opinions about how to set your swap, and you might be able to use less.
Note that this creates a swap and the root partition. There is a school of thought that a /home
partition is a good idea. That does mean that you can reinstall Ubuntu more easily (while keeping your files in /home
extra safe). However, I don't really experiment with reinstalling Ubuntu often. Having a separate /home
partition means that you have to decide up front on how much space you need for the OS part, and how much you need for /home
. While I do not regularly reinstall Ubuntu, but I do regularly run out of disk space, so I prefer to just have /
, without separate /home
.
Going back from the terminal to the desktop, I now started the Ubuntu installer, went through the steps and eventually selected 'something else'.
The menu wasn't entirely obviously to me.
- Basically, you need to use ~800M partition as ext4 with mount point /boot. In detail, this means: locate the partition (
${DEV}p${BOOT}
), highlight it, select 'change', then select 'ext4', then select /boot
The other two will be under /dev/mapper
- Then, use /dev/mapper/ubuntu--vg-root as ext4 with mount point /. In detail, this means 'change', then select 'ext4', then select /
- Then, se /dev/mapper/ubuntu--vg-swap_1 as swap. This means 'change', then select 'swap area'
The bootloader device should be $DEV
. For me this was selected already. mikekasberg commented: "though it appears that this setting might not actually be used in UEFI mode"
Then, run this installer. ... time passes ... When the installer is finished, select 'continue Testing'.
Run this
sudo blkid $DEV
and record the UUID of the device as $UUID
. We'll use it below. You can run this
echo "xpscrypt UUID=$UUID none luks,discard"
and save the result for later.
echo "xpscrypt UUID=$UUID none luks,discard" | tee dev-uuid.txt
Then a set of commands that aren't entirely obviously to me, but running them worked:
sudo mount /dev/mapper/ubuntu--vg-root /target
sudo mount ${DEV}p${BOOT} /target/boot
sudo su
for n in proc sys dev etc/resolv.conf; do mount --rbind /$n /target/$n; done
chroot /target
Stay in the chroot
and continue
mount -a
Stay in the chroot
. Create crypttab
. On the 1TB, this file didn't exist; on the 512GB it did.
ls /etc/crypttab
So I do:
sudo nano /etc/crypttab
and paste the string you saved above (i.e., xpscrypt UUID=$UUID none luks,discard
with $UUID
from above). Save and quit nano
, but stay in chroot
. Continue
update-initramfs -k all -c
If you get errors check the UUID etc.
Then exit
, exit
and you're done!
Now reboot (e.g., sudo reboot
). After boot, you should see the Ubuntu option in the grub menu alongside windows. Presumably you can now go back to windows and enable bitlocker again (but I haven't tried this). For some more thoughts, see Mike Kasberg's blog, which says
By default, your computer will boot into grub, which can boot Ubuntu. Although Windows is listed in grub, booting Windows from grub with BitLocker enabled won’t initially work because the system’s TPM will detect a change in the boot sequence. The easiest way to avoid this problem is to boot Windows directly from your computer’s BIOS boot menu - usually accessible by pressing F12 on startup.
Great instructions, worked well for Asus UX325 too. I did opt not to use LVM and thus not setup swap, I only have encrypted root.
I also incorporated TMP support during Ubuntu 22.04 installation while still in chroot and that worked well also.
https://run.tournament.org.il/ubuntu-20-04-and-tpm2-encrypted-system-disk/