Dual boot Windows + Linux with encryption
I'm looking at having a dual boot system with Windows and Linux where both are encrypted.
I have one single hard drive where Windows and Linux shall both resides.
It could be with or without bitlocker, veracrypt, luks, UEFI, Secure Boot, TPM. As long as both OS are encrypted and I can dual boot when starting the computer.
I didn't try this link below, looks like it might work but it seems like a hack. I'm looking for more of an official/easy way to do this.
How to encrypt a dual boot system with Veracrypt?
EDIT: Well I did try the link and it's not working. I've spent a whole day on this trying pretty much everything and nothing works. I'd just like a dual boot system where both OS are encrypted, no matter how it is achieve.
Solution 1:
I'm quite sure it is possible to achieve a dual-boot system with Windows and Linux where both are encrypted on only one hard drive, unfortunately, I did not achieve it.
As a solution, I bought a second hard drive, installed Windows on it with BitLocker. Unplug it, plug the second hard drive, installed Linux with cryptsetup on the whole hard drive. Shutdown, plugged both, boot in Linux (configurable in your BIOS to know which one to boot), update grub, something like "sudo update-grub", it will automatically detect the other hard drive as Windows. Then when you reboot, you will have the GRUB interface, no password asked but after you select Windows or Linux, you will be asked for the password of the encryption. It's a perfect solution but you do need 2 hard drives.
Solution 2:
Encryption is inside the O/S, so as I understand it, you would need to encrypt inside of Windows and inside of Linux (whatever flavor you choose) after the O/S loads. Even if you use the same product (like Veracrypt) you need to use the Windows version and the Linux version because it is different code for each. This would give you encryption on both systems without any hardware encryption, which is a generally accepted standard of security.
You will need to have the operating systems & preferably data in different locations -- partitions, drives or have one on a VM. And use a bootloader such as GRUB to choose a system at startup.
From my perspective, it is easier to encrypt at install time and I would separate the systems at least through a partition. Make sure you have bootable rescue media on hand, because it is pretty easy to make the system unbootable with all of these changes. Here's an answer on Stack Exchange with more details: https://unix.stackexchange.com/questions/366437/windows-linux-dual-boot-full-disk-encryption .