I recently created a HD for dual boot Win 11 and Pop Os. I created a shared partition for Data, and separate partitions for the respective OS. I used gParted to create the partitions. It looks like Win then added bitlocker to this data partition.
(It’s not really encrypted, I guess, because I didn’t create a microsoft account, and didn’t receive a recovery key)
So now I can’t access that partition when booted into Pop OS without entering a password (which I don’t have).
I’m wondering a couple of things: what’s the best practice in these scenarios? Have the shared data drive not be encrypted with Bitlocker? If so, is there something else that should be done for security purposes? If not, it looks like using Dislocker is a common solution to access the drive in Linux?
If you don’t need/want Bitlocker simply boot into Windows go into the bitlocker settings and turn off bitlocker (dont use suspend as bitlocker will be re-enabled the next time you boot into Windows). You will need to wait for Bitlocker to decrypt before shutting down - there will be a small status window that appears showing the progress and it shouldn’t take too long.
Thank you! I think part of what I’m curious to hear input on is whether I should disable bitlocker for that shared data partition. Any thoughts? Is it a best practice to have it on?
If you keep Bitlocker enabled on that partition you will have to enter the recovery key everytime you boot into your Linux partition. Since you don’t have that key backed up you’ll need to turn it off and then re-enable it if you wish to continue to use Bitlocker.
If you manually enable bitlocker you will be prompted to back up the key with a few different options: to a file (but if I recall you’ll need to save the file to a drive that isn’t be encrypted by Bitlocker) or to a Microsoft account.
To answer your question regarding best practice, Full Disk Encryption is best practice. Now to achieve that in Windows you use Bitlocker, Linux there is Luks, and macOS has filevault.
If your machine isn’t going anywhere outside your home then it’s not as big of a deal if the drive isn’t encrypted.
Regarding your situation FDE is going to be a bit of a pain whether you use Bitlocker or Luks. I suggest using db2’s suggestion and run a VM creating a shared folder between host and guest. Then you can encrypt the entire drive using the best encryption tool for the host OS (which I suggest be Linux).
Edit: Replaced the ‘b’ with a space between “db2’s” and “suggestion”
I appreciate the additional info. Since I want to make Linux primary (one of my two main points in this little project is getting familiar with Linux!), I’ll look into Luks for that partition
The db2 / vm suggestion is a little over my head, currently, but I’ll research that as well!
Also, bitlocker is not the only disk encryption software for Windows. It’s just the built in one. If you wanted, you could use something like Veracrypt which is open source and will play nicely with all your OSes.
deleted by creator
I assume you want disk encryption on Windows which is why you haven’t turned off bitlocker and disabled it in BIOS. I’m not familiar with whole disk encryption on Windows but Linux has many options.
If you’re going to dual boot I would recommend a separate boot partition for GRUB/boot manager that points to the windows boot partition because Windows likes to mess up a shared boot partition.
**EDIT: This guy seems to have got both working: https://bbs.archlinux.org/viewtopic.php?id=273365
congrats you didn’t even try to answer the questions he asked.
i’m curious…were you just answering the questions you wanted him to ask instead?
deleted by creator
Honestly I’ve been away from Windows long enough that it just wasn’t a consideration while I was creating the partitions and then the dual boot. I just discovered that it’d happened when I went to access the shared partition in pop and was asked for the password.
I do want to retain a shared data partition between the two OS, however. Obvs the partition for the Window OS itself could remain encrypted, since that doesn’t affect pop os. And if it is best practice for system security.
I’ll read up that link to see what he has to recommend!
In windows, save the recovery key (to an external USB key for instance), it is a text file. Then in Linux double click the partition in Thunar or your file manager and it will ask you for the key.
I’d run Windows in a virtual machine, then you can run both at once and share data as you please.
deleted by creator