Skip to content

Instantly share code, notes, and snippets.

@zburgermeiszter

zburgermeiszter/xps_15_9560__dualboot_with_encryption__notes.md

Forked from luispabon/xps_15_9560__dualboot_with_encryption__notes.md
Created September 3, 2021 12:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save zburgermeiszter/98ed7cb1d6b7624736f9c23567013d7c to your computer and use it in GitHub Desktop.
Save zburgermeiszter/98ed7cb1d6b7624736f9c23567013d7c to your computer and use it in GitHub Desktop.
Download ZIP
Ubuntu + Windows 10 dualboot with LUKS encryption
Raw
xps_15_9560__dualboot_with_encryption__notes.md
  • Based on https://gist.github.com/mdziekon/221bdb597cf32b46c50ffab96dbec08a
  • Installation date: 16-08-2019
  • Additional notes based on my own experience
  • EFI boot
  • Ubuntu 19.04 -> 21.04
  • This should work on any computer. Only the RAID > AHCI change described below and the device name for the nvme ssd drive are specific to this laptop.
  • The process describes a completely fresh installation with complete repartitioning, however it should work fine when Windows is already installed (eg. brand new machine with Windows preinstalled) as long as Windows already boots with EFI.
  • The process was conducted on Dell's XPS 15 9560 (2017) with specs:
    • CPU: i7-7700HQ
    • Screen: 4K with Touch
    • RAM: 32 GB
    • Drive: 1TB nvme ssd
    • Windows 10 Pro license
    • BIOS version: 1.16.0
      • Suprisingly, Ubuntu's update manager supports BIOS updates out of the box (make sure you're connected to power then run sudo fwupdmgr refresh; sudo fwupdmgr update)
  • My installation did not require to disable TPM nor Secure Boot

Re-installation

If you're re-installing your system and have no need to re-shuffle your partitions, you can jump directly to 4.3.b (the luksOpen command). Just make sure you re-format all your partitions except for EFI (and perhaps /home, if like myself you have one).

1. Installation media

You'll need to boot first into a ubuntu installation disk (to use gparted to partition your drive), then boot into the windows installation media (to install windows) then back again the ubuntu media (to install ubuntu). So you're going to need to prep either 2 different installation medias (eg usb sticks or DVDs or whatever), or you'll need a second computer to keep overwritting the same usb stick.

  1. Create Windows installation USB stick
    • Download .ISO file from Microsoft's webpage
    • Create bootable USB using WoeUSB - do not use Startup Disk Creator utility or the Disks app, won't work for Windows installation media)
  2. Create Ubuntu installation USB stick
    • Download .ISO file from Ubuntu's webpage
    • Create bootable USB using "whatever" (gnome disks or Startup Disk Creator utility)
  3. Go to BIOS (F2) and switch from SSD's "RAID" to "AHCI" mode on some laptop models (like XPS 9560)

2. Partitioning

Important: There's currently no easy way to make grub work with an encrypted partition. Make sure /boot and /boot/EFI are their own partitions and left unencrypted.

  1. Boot into an ubuntu live cd session
  2. Open gparted
  3. Delete all partitions on disk
  4. Create GPT partition table: device > new partition table > choose GPT (this is required for EFI)
  5. Create the following:
    1. 550MiB FAT32 (label EFI - label is for our own benefit, doesn't actually mark this partition as EFI)
    2. 550MiB EXT4 (for Linux boot)
    3. Create your windows partitions as NTFS
    4. Leave enough unallocated space for Ubuntu. Don't create a partition here yet - Windows needs to automatically create an additional 16MiB partition during installation. Dunno what it is for tbh.
  6. Apply changes
  7. Right click on the FAT32 partition you created for EFI partition above > manage flags. Set esp (boot might auto-check itself too). This will mark the partition to use as EFI by both Windows and Ubuntu installations. You might need to apply changes again.

3. Install Windows

  1. Boot from the windows usb pendrive
  2. Install Windows on whatever partition you created earlier
  3. Windows is done at this point - you could go in and setup windows (encryption, drivers, etc) but I'd recommend to set up ubuntu first - the process, if done wrong, can potentially bork your set up and you'll need to start again.

4. Install Ubuntu

  1. Boot into ubuntu live cd session
  2. Open gparted, create a single ext4 partition with unallocated space. This will be for lvm/luks. The filesystem does not matter, we simply need to create a partition here so that it's allocated a device node and shows in /dev).
  3. Create LUKS container on this partition (assuming the partition device is /dev/nvme0n1p5): a. sudo cryptsetup luksFormat /dev/nvme0n1p5 <-- luksFormat is case sensitive b. sudo cryptsetup luksOpen /dev/nvme0n1p5 cryptdrive <-- luksOpen is case sensitive c. sudo dd if=/dev/zero of=/dev/mapper/cryptdrive bs=16M <-- optional, this is to ensure nothing can be recovered from before this install you're doing. Took 2h on my 652 GiB partition.
  4. Create LVM physical volume, a volume group & logical volumes:
    • Volumes are sized as follows (example, you should create as many partitions as you need):
      • OS drive: 60GB
      • Swap: 16GB
      • Home: rest
    • Commands (add extra lvcreate steps if you have more partitions):
      • sudo pvcreate /dev/mapper/cryptdrive
      • sudo vgcreate vglinux /dev/mapper/cryptdrive
      • sudo lvcreate -n root -L 60g vglinux
      • sudo lvcreate -n swap -L 16g vglinux
      • sudo lvcreate -n home -l 100%FREE vglinux
  5. Start the installation process using GUI:
    • Connect to WiFi network
    • When asked what to do with the disk, pick the option that allows you to manually repartition stuff (IIRC it was labelled Something else on 19.04 installer):
      • Pick /dev/mapper/vglinux-root as ext4 FS & mount it to /
      • Pick /dev/mapper/vglinux-home as ext4 FS & mount it to /home
      • Pick /dev/mapper/vglinux-swap as swap
      • Do the same as above if you have extra partitions
      • Pick /dev/nvme0n1p2 (created on step 2.5.1) as ext4 FS & mount it to /boot
        • Without doing this, installation will fail when configuring GRUB
      • Pick "boot drive" (the select list at the bottom, this is where GRUB goes) and assign it to /dev/nvme0n1p2 or /dev/nvem0n1
    • Proceed with the installation
  6. After GUI installation completes, stay within the Live USB environment
  7. Check the UUID of the LUKS drive:
    • sudo blkid /dev/nvme0n1p5
    • Example output:
      • /dev/nvme0n1p5: UUID="abcdefgh-1234-5678-9012-abcdefghijklm" TYPE="crypto_LUKS"
  8. Mount root & boot drives and chroot into the main mount:
    • sudo mount /dev/mapper/vglinux-root /mnt
    • sudo mount /dev/nvme0n1p2 /mnt/boot
    • sudo mount --bind /dev /mnt/dev
    • sudo chroot /mnt
    • mount -t proc proc /proc
    • mount -t sysfs sys /sys
    • mount -t devpts devpts /dev/pts
  9. In chroot env, configure crypttab allowing to boot Ubuntu with Encryption unlocker
    • sudo nano /etc/crypttab: 
      # <target name> <source device> <key file> <options>
# options used:
#     luks    - specifies that this is a LUKS encrypted device
#     tries=0 - allows to re-enter password unlimited number of times
#     discard - allows SSD TRIM command, WARNING: potential security risk (more: "man crypttab")
#     loud    - display all warnings
cryptdrive UUID=abcdefgh-1234-5678-9012-abcdefghijklm none luks,tries=0,discard,loud
    • update-initramfs -k all -c
  10. Reboot into Ubuntu

5. Ubuntu Tweaks for XPS 9560

  1. XPS 9560 doesn't really need any workarounds or acpi boot options anymore with Ubuntu 19.04. Have a look https://github.com/stockmind/dell-xps-9560-ubuntu-respin if there's something that doesn't work. No need to download any firmware anymore for the killer wifi (always worked fine for me)
  2. Install nvidia drivers (latest available in 19.04)
  3. Undervolt? https://github.com/georgewhewell/undervolt I have a systemd service to run undervolt.py --core -125 --cache -125 --gpu -100, helps a little with power consumption and temps, especially under heavy load (around 8-10 deg C).

6. Reinstall Ubuntu

If you need to reinstall ubuntu, you should be able to jump to #4 directly. If you aren't changing your partition layout, you can go straight to #4.4 (install ubuntu), but don't forget to run sudo cryptsetup luksOpen /dev/nvme0n1p5 cryptdrive to mount the encrypted partition. If in doubt, just start from #4 and recreate your crypt drive.

Additional notes

  • Ubuntu (GRUB) is the default boot option, both Ubuntu and Windows should be there
  • Additionally, you can bring up the EFI boot screen pressing F12 as soon as you turn on the laptop
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment