Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Ubuntu + Windows 10 dualboot with LUKS encryption
  • Based on https://gist.github.com/mdziekon/221bdb597cf32b46c50ffab96dbec08a
  • Installation date: 16-08-2019
  • Additional notes based on my own experience
  • EFI boot
  • Ubuntu 19.04
  • This should work on any computer. Only the RAID > AHCI change described below and the device name for the nvme ssd drive are specific to this laptop.
  • The process describes a completely fresh installation with complete repartitioning, however it should work fine when Windows is already installed (eg. brand new machine with Windows preinstalled) as long as Windows already boots with EFI.
  • The process was conducted on Dell's XPS 15 9560 (2017) with specs:
    • CPU: i7-7700HQ
    • Screen: 4K with Touch
    • RAM: 32 GB
    • Drive: 1TB nvme ssd
    • Windows 10 Pro license
    • BIOS version: 1.16.0
      • Suprisingly, Ubuntu's update manager supports BIOS updates out of the box (make sure you're connected to power then run sudo fwupdmgr refresh; sudo fwupdmgr update)
  • My installation did not require to disable TPM nor Secure Boot

1. Installation media

You'll need to boot first into a ubuntu installation disk (to use gparted to partition your drive), then boot into the windows installation media (to install windows) then back again the ubuntu media (to install ubuntu). So you're going to need to prep either 2 different installation medias (eg usb sticks or DVDs or whatever), or you'll need a second computer to keep overwritting the same usb stick.

  1. Create Windows installation USB stick
    • Download .ISO file from Microsoft's webpage
    • Create bootable USB using WoeUSB - do not use Startup Disk Creator utility or the Disks app, won't work for Windows installation media)
  2. Create Ubuntu installation USB stick
    • Download .ISO file from Ubuntu's webpage
    • Create bootable USB using "whatever" (gnome disks or Startup Disk Creator utility)
  3. Go to BIOS (F2) and switch from SSD's "RAID mode" to "AHCI mode

2. Partitioning

  1. Boot into an ubuntu live cd session
  2. Open gparted
  3. Delete all partitions on disk
  4. Create GPT partition table: device > new partition table > choose GPT (this is required for EFI)
  5. Create the following:
    1. 550MiB FAT32 (label EFI - label is for our own benefit, doesn't actually mark this partition as EFI)
    2. 550MiB EXT4 (for Linux boot)
    3. Create your windows partitions as NTFS
    4. Leave enough unallocated space for Ubuntu. Don't create a partition here yet - Windows needs to automatically create an additional 16MiB partition during installation. Dunno what it is for tbh.
  6. Apply changes
  7. Right click on the FAT32 partition you created for EFI partition above > manage flags. Set esp (boot might auto-check itself too). This will mark the partition to use as EFI by both Windows and Ubuntu installations. You might need to apply changes again.

3. Install Windows

  1. Boot from the windows usb pendrive
  2. Install Windows on whatever partition you created earlier
  3. Windows is done at this point - you could go in and setup windows (encryption, drivers, etc) but I'd recommend to set up ubuntu first - the process, if done wrong, can potentially bork your set up and you'll need to start again.

4. Install Ubuntu

  1. Boot into ubuntu live cd session
  2. Open gparted, create a single ext4 partition with unallocated space. This will be for lvm/luks. The filesystem does not matter, we simply need to create a partition here so that it's allocated a device node and shows in /dev).
  3. Create LUKS container on this partition (assuming the partition device is /dev/nvme0n1p5):
    • sudo cryptsetup luksFormat /dev/nvme0n1p5 <-- luksFormat is case sensitive
    • sudo cryptsetup luksOpen /dev/nvme0n1p5 cryptdrive <-- luksOpen is case sensitive
    • sudo dd if=/dev/zero of=/dev/mapper/cryptdrive bs=16M <-- optional, this is to ensure nothing can be recovered from before this install you're doing. Took 2h on my 652 GiB partition.
  4. Create LVM physical volume, a volume group & logical volumes:
    • Volumes are sized as follows (example, you should create as many partitions as you need):
      • OS drive: 60GB
      • Swap: 16GB
      • Home: rest
    • Commands (add extra lvcreate steps if you have more partitions):
      • sudo pvcreate /dev/mapper/cryptdrive
      • sudo vgcreate vglinux /dev/mapper/cryptdrive
      • sudo lvcreate -n root -L 60g vglinux
      • sudo lvcreate -n swap -L 16g vglinux
      • sudo lvcreate -n home -l 100%FREE vglinux
  5. Start the installation process using GUI:
    • Connect to WiFi network
    • When asked what to do with the disk, pick the option that allows you to manually repartition stuff (IIRC it was labelled Something else on 19.04 installer):
      • Pick /dev/mapper/vglinux-root as ext4 FS & mount it to /
      • Pick /dev/mapper/vglinux-home as ext4 FS & mount it to /home
      • Pick /dev/mapper/vglinux-swap as swap
      • Do the same as above if you have extra partitions
      • Pick /dev/nvme0n1p2 (created on step 2.5.1) as ext4 FS & mount it to /boot
        • Without doing this, installation will fail when configuring GRUB
      • Pick "boot drive" (the select list at the bottom, this is where GRUB goes) and assign it to /dev/nvme0n1p2 or /dev/nvem0n1
    • Proceed with the installation
  6. After GUI installation completes, stay within the Live USB environment
  7. Check the UUID of the LUKS drive:
    • sudo blkid /dev/nvme0n1p5
    • Example output:
      • /dev/nvme0n1p5: UUID="abcdefgh-1234-5678-9012-abcdefghijklm" TYPE="crypto_LUKS"
  8. Mount root & boot drives and chroot into the main mount:
    • sudo mount /dev/mapper/vglinux-root /mnt
    • sudo mount /dev/nvme0n1p2 /mnt/boot
    • sudo mount --bind /dev /mnt/dev
    • sudo chroot /mnt
    • mount -t proc proc /proc
    • mount -t sysfs sys /sys
    • mount -t devpts devpts /dev/pts
  9. In chroot env, configure crypttab allowing to boot Ubuntu with Encryption unlocker
    • sudo nano /etc/crypttab:
      # <target name> <source device> <key file> <options>
      # options used:
      #     luks    - specifies that this is a LUKS encrypted device
      #     tries=0 - allows to re-enter password unlimited number of times
      #     discard - allows SSD TRIM command, WARNING: potential security risk (more: "man crypttab")
      #     loud    - display all warnings
      cryptdrive UUID=abcdefgh-1234-5678-9012-abcdefghijklm none luks,tries=0,discard,loud
      
    • update-initramfs -k all -c
  10. Reboot into Ubuntu

5. Ubuntu Tweaks for XPS 9560

  1. XPS 9560 doesn't really need any workarounds or acpi boot options anymore with Ubuntu 19.04. Have a look https://github.com/stockmind/dell-xps-9560-ubuntu-respin if there's something that doesn't work. No need to download any firmware anymore for the killer wifi (always worked fine for me)
  2. Install nvidia drivers (latest available in 19.04)
  3. Undervolt? https://github.com/georgewhewell/undervolt I have a systemd service to run undervolt.py --core -125 --cache -125 --gpu -100, helps a little with power consumption and temps, especially under heavy load (around 8-10 deg C).

6. Reinstall Ubuntu

If you need to reinstall ubuntu, you should be able to jump to #4 directly. If you aren't changing your partition layout, you can go straight to #4.4 (install ubuntu), but don't forget to run sudo cryptsetup luksOpen /dev/nvme0n1p5 cryptdrive to mount the encrypted partition. If in doubt, just start from #4 and recreate your crypt drive.

Additional notes

  • Ubuntu (GRUB) is the default boot option, both Ubuntu and Windows should be there
  • Additionally, you can bring up the EFI boot screen pressing F12 as soon as you turn on the laptop
@un1k0n

This comment has been minimized.

Copy link

@un1k0n un1k0n commented Feb 2, 2020

I have tried this steps and i has a problem, after 4.10 step my system boots into comand shell grub and it does not boot. It would be great if you could help me. Thanks in advance.

@luispabon

This comment has been minimized.

Copy link
Owner Author

@luispabon luispabon commented Feb 3, 2020

Did you encrypt /boot? Otherwise you're gonna have to start again from scratch, there's no way of knowing from where I am.

@saralich

This comment has been minimized.

Copy link

@saralich saralich commented Mar 19, 2020

For Part 4, Step 5 (starting the installation process for Ubuntu):

Pick /dev/nvme0n1p2 (created on step 2.4.1) as ext4 FS & mount it to /boot

In your instructions, there is no 2.4.1 - there are substeps for step 5, but I'm not quite sure if I should be using the FAT32 or the EXT4 as boot, since my FAT32 is /dev/nvme0n1p1 and EXT4 is /dev/nvme0n1p2. Which would be the right one to use?

@luispabon

This comment has been minimized.

Copy link
Owner Author

@luispabon luispabon commented Mar 19, 2020

Apologies, I really meant 2.5.1 😅 /boot should be EXT4 (or any other linux filesystem of your choice ubuntu can boot from). Only the EFI partition needs to be FAT32. On the example above yes, it is nvme0n1p2. Hope that helps.

@AlexeyTimofeev

This comment has been minimized.

Copy link

@AlexeyTimofeev AlexeyTimofeev commented May 2, 2020

Thanks! Very helpful!
Just a minor question - is it possible to enter password only once during OS loading?
Currently I have to enter encryption password and Ubuntu ones.

@luispabon

This comment has been minimized.

Copy link
Owner Author

@luispabon luispabon commented May 4, 2020

This is not currently possible. You can sort of emulate it if you configure your installation to automatically login on to your user without compromising the ability of locking your laptop when you're away. But it's not the real solution, like MacOS employs for instance.

@yanniznik

This comment has been minimized.

Copy link

@yanniznik yanniznik commented May 15, 2020

Thanks, super helpful.
4.2 Could you specify that the size of the lvm/luks should be at minimum the size of OS Drive + Swap + Home ?

@luispabon

This comment has been minimized.

Copy link
Owner Author

@luispabon luispabon commented May 15, 2020

That would really depend on how much space you got available. For instance in my case I have the following:

 ~ df|grep vglinux
Filesystem                   Size  Used Avail Use% Mounted on   
/dev/mapper/vglinux-root      32G   20G   10G  67% /
/dev/mapper/vglinux-home      63G   38G   22G  63% /home
/dev/mapper/vglinux-docker    32G  5.6G   25G  19% /var/lib/docker
/dev/mapper/vglinux-storage  514G  146G  343G  30% /storage

Which reflects my usage. You just need to get a calculator and do your numbers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.