0

I am trying to dual boot pre-installed windows 11 with BitLocker enabled and Ubuntu on a 2nd SSD with its own boot partition.
In my setup, I would manually partition the 2nd SSD(The one for Ubuntu) with its own EFI boot partition and install the bootloader in the Ubuntu drive and use Grub to recognize windows and any future distro I add

I have seen some solutions online in various forums, but they vastly differ and don't seem to get a consensus. Basically, the options are:

  1. Disable bitlocker encryption
  2. Methods involving booting from the same SSD using one UEFI partition.
  3. Booting via bios.

I can live with 3 and 2 since the windows one is mostly for gaming but figured I would rather see if there was a workaround where I could use Grub as the bootloader and if it would recognize the windows OS even though if the system is encrypted(not sure if the UEFI is though... It did not seem so).

TLDR: Would installing Ubuntu on the second SSD and use grub to boot into windows, despite BitLocker encryption, work for this use case?

Thank you, and much appreciated.

The Idiot Savant
  • 1

1 Answers1

5

I have two things to say:

  1. This is the first page that comes up when me searching for dual boot Windows 11 with BitLocker and Ubuntu in the internet. So, I want to link my very detailed guide on how to setup dual boot on one SSD with not changing Windows 11 (encrypted with Bitlocker) at all but still installing Ubuntu encrypted on other partitions on the same SSD. See this question for my guide to the question of installing Ubuntu fully encrypted (LUKS) on the same disk as Windows 11 encrypted with BitLocker.
  2. Moreover, I try to answer this question as well. Answering this question is basically only using parts of my guide for one SSD since installing to two SSDs involves less steps. Moreover, I will not encrypt this Ubuntu installation. In my other linked guide, I adjusted the steps to fully encrypt Ubuntu while having it installed on the same SSD as Windows.

Goal

We don't change the Windows 11 installation at all. Bitlocker can stay enabled all the time. And we dont change anything on the EFI partition of Windows 11. We will create another own EFI partition on the new SSD and use this for Ubuntu and Grub. Grub will still detect the Windows EFI partition on the original SSD and lets us boot Windows.

Windows Preparation

  • Start with your Laptop booted to Windows
  • Store your BitLocker recovery key somewhere, like on your phone in a password manager or so. Ask your admin if you dont know it or follow this microsoft guide
    • You will need it later again to unlock Windows
    • Normally the key is stored in TPM but when adjusting something in UEFI you have to enter it again

BACKUP

NOW TAKE A BACKUP! Definitely take a full-disk backup of your laptop via clonezilla for the case that something goes wrong - always important and here are all steps outlined:

  • Still in Windows, prepare another USB stick with clonezilla, follow their guide to create a bootable clonezilla USB stick
  • You will also need an external drive which is large enough to contain the whole encrypted disk, so for 1TB SSD, you need at least a 1TB external drive
  • Now do a reboot (don't do a shutdown, you will not be able to enter UEFI)
    • press the respective key to go to UEFI menu, and then manually boot the live USB stick with Clonezilla
  • In clonezilla
    • save as device to image
    • local device
      • use the external drive as the destination to store the image
    • Beginner mode
    • and save the full disk
    • and select your nvme0n1 as the source
    • just continue and you will have a full disk backup as an image on your external drive
  • Now you can boot back to Windows

Ubuntu USB Stick Preparation

  • Download Ubuntu and use your USB stick to create an Ubuntu live USB stick now
    • Some imaging tools have problems if the USB stick is not formatted with GPT beforehand, so better do this to erase MBR section on USB stick
  • Create another partition in the free space of the USB stick at the end as FAT32
    • This is not possible, if MBR header is still present on USB stick
  • You can use this partition to store things that you want to have on your fresh Ubuntu once it is installed
  • And do a reboot again, this time to go into Ubuntu

Ubuntu installation

  • Select your Language and keyboard, etc...
  • In the Updates section, I also enabled third-party software and entered a temporary password for secure boot
  • Choose something else as installation type
    • Select the free space on your second SSD
      • Make sure to not select or change anything on your Windows 11 SSD
    • Create a new partition via plus sign
      • Set it to 512 MB
      • And Use as: EFI System partition
    • Select the free space again and create another partition
      • Size 2048 MB
      • And as Ext4
      • And as Mount point /boot
    • And a third partition
      • Use the remaining space or whatever you like to
      • And as Ext4
      • And the Mount point as /
    • You can also specify more partitions here, for /home or so
    • And now select the device for bootloader installation as
      • the second SSD, e.g. /dev/nvme1n1
      • Don't select the original SSD since this will install Grub to the same EFI partition as Windows bootloader is installed to
        • The following hint is not relevant for this guide. So you can ignore it. But I wanted to mention it anyways: If you have multiple EFI partitions on the same disk (e.g. /dev/nvme1n1p5) or something else, Ubuntu will still install the bootloader to /dev/nvme1n1p1. This is a limitation of the Ubuntu installer, it will always choose first EFI on a disk, doesn't matter what. If you want to know a workaround for this problem, see my other linked guide above.
    • We can simply continue with: Install Now
  • Location and username etc, then wait for installation to finish
  • When the installation is done, don't press reboot
    • just press the cross at top right to close the window
    • This will boot the life usb stick again and you can proceed with the adjustments below

Chroot to double check that grub detected the Windows bootloader

  • Normally, Windows should have automatically detected the Windows bootloader on the first EFI partition
  • But if you want to be really sure, follow the followig steps to verify again
  • For this open a root terminal sudo -i
mkdir /mnt/root-new
mount /dev/nvme1n1p3 /mnt/root-new/
mount /dev/nvme1n1p2 /mnt/root-new/boot/
mount /dev/nvme1n1p1 /mnt/root-new/boot/efi/
mount --bind /dev /mnt/root-new/dev
mount --bind /proc /mnt/root-new/proc/
mount --bind /sys /mnt/root-new/sys/
mount --bind /run /mnt/root-new/run

chroot /mnt/root-new/ /bin/bash
  • Lets update grub and making sure that it detected Windows
nano /etc/default/grub
  • And add
GRUB_DISABLE_OS_PROBER=false
  • Now update
update-grub
  • In the output, it should display that Windows bootloader was detected
  • And lets exit the chroot again
exit

umount /mnt/root-new/dev/
umount /mnt/root-new/proc/
umount /mnt/root-new/sys
umount /mnt/root-new/run
umount /mnt/root-new/boot/efi
umount /mnt/root-new/boot
umount /mnt/root-new

Double check UEFI boot order

  • As a last step we can also double check the boot order and make sure that Ubuntu is the first one
# Check all entries
efibootmgr -v
# And modify the bootorder if Ubuntu is not the first
# I asssume that 0001 is Ubuntu and 0000 is Windows
efibootmgr -o 0001 0000 # and more like USB devices etc.. 0002 0003 ...
# Check all entries again
efibootmgr -v

Done

  • Now you can reboot
    • You might have to enter your secure boot password if you installed proprietary drivers via Ubuntu installation
  • Grub should boot and present you with the choice to boot Ubuntu or Windows
  • When booting Windows the first time, you might need to enter the recovery key again since we changed some UEFI entries
    • After that the key will be stored in TPM again and you can use it as normal
fbpolar
  • 361