Ubuntu on a Bitlocker-protected environment

The world has become much simpler these days. One good example is the sheer simplicity, with which you can by now install an Ubuntu 10.04 on a machine that already has Windows 7 (no big news here) and where Windows is protected by Bitlocker and TPM-integration (that is new :) )

Some easy steps:
  • Install Windows 7 to your liking
  • Encrypt your system using Bitlocker, also using TPM.
I guess most readers interested in installing Ubuntu will start with the above setup. Now modify the system to allow a Ubuntu install:
  • Shrink your encrypted partition, for example I freed up about 40GB for my new Ubuntu
  • "Stop" Bitlocker (that is: Temporarily store the encryption key outside the TPM - you do NOT need to decrypt the drive.) - Your Action-Center will alarm you, that this is a risk.
  • Install Ubuntu 10.04 into the freed up disk space, allow installation of grub in MBR
  • Boot Windows an "Resume" Bitlocker (i.e. enable TPM)
Be aware: This works just fine, as long as there is no change to the boot environment. This means, before updating for example the "grub-pc"-Package (the Ubuntu-Bootloader), be sure to "stop" Bitlocker!

For the Linuxer: Changing settings of grub (like "/etc/default/grub") will not change the boot enviornment, as these settings are dynamicly read by grub.

Kommentare

  1. Thanks for this article. I can confirm that the same approach works well with Bitlocker encrypted Windows 7 Enterprise and Debian Squeeze.

    To keep apt from updating grub-pc by accident you can do

    echo "grub-pc hold" | sudo dpkg --set-selections

    AntwortenLöschen
  2. Thanks for this great article. It almost describes my situation.

    I already have Windows 7 and Ubuntu running on this machine using GRUB as the main bootloader.

    I have a TPM module in my computer and my IT people want me to use BitLocker when I use Windows. If I go ahead and enable BitLocker, I am afraid my MBR will get altered and I won't have GRUB anymore.

    How do you smart folks suggest I proceed?

    AntwortenLöschen

Kommentar veröffentlichen

Beliebte Posts aus diesem Blog

Android for my MDA Compact IV (HTC Diamond)

Office 2010 Beta