Dual Boot Ubuntu full disk encrypted but Windows untouched

system-installation dual-boot encryption

I have been dual booting Ubuntu and Windows 7 for a while now. In the past, I have used the "encrypt home folder" option to add (some) security to my installation (ie. now no one can easily steal my home folder's contents by booting a live CD or using Windows to access my Ubuntu root partition).

This is why I was excited to learn about the new Full disk encryption option in 13.10. I was able to successfully burn and boot the DVD. However, disk encryption and home folder encryption are not available options under "install along side them [the other operating system(s)]". Since I do not want to lose the Windows installation, I obviously do not want to select "erase disk".

Basically, here is what I would like to happen:

  1. Power on > BIOS > GRUB > user choice (Windows or Ubuntu)

  2. User Choice (Windows) > Non-encrypted, normal Windows (no encryption pass-phrase required)

  3. User Choice (Ubuntu) > Encrypted Ubuntu 13.10 installation (with pass-phrase required)


You can't, full disk encryption as it names implies encrypts the full disk not just a partition. Worse, to keep attackers unable to tell used parts from unused parts of the disk it will overwrite all the disk with random values, that means that you can't use it without wiping all the disk, including Windows partitions.

Sorry, but if you want to dualboot you are restricted to partition level encryption. Check this answer for a walkthrough (note the comments there as well).


What you can do if your laptop came with Windows installed and you want it "untouched" you can use the Windows Disk Manager to shrink the Windows volume to create unformatted disk space that you can use for Ubuntu partitions. Then using the Ubuntu installer you can accomplish a LUKS encrypted Ubuntu partition that protect both Ubuntu and your home directory.

The below mentioned description is the only one I have found that describes this for Windows Ubuntu dual boot where both operating systems can exist as individually encrypted on separate partitions (Bitlocker/LUKS) on the same drive:

https://www.hecticgeek.com/2012/10/how-to-setup-encrypted-ubuntu-installation

Pay attention to the key detail mentioned; selecting the "physical volume for encryption" option to mark for later encryption. Very few guides describe this.

One lesson learned it to not make the boot partition too small. Adding some megabytes margin is well spent to have space for a few kernel updates without running out of disk space.

Related

What commands show pending/scheduled tasks in Terminal?
appmenu in 14.04 for gtk2 apps?
What is 'setcap' command and 'file capability'?
Cannot get ntpdate cron to run
apt-get autoremove "Before uninstall, this module version was ACTIVE on this kernel"
Why do top and lxtask show different degrees of memory usage?
Chrome stuck on 'resolving host'
Getting color names from color picker
How to add an account to StackApplet?
Create a script to open firefox with some google search term from terminal
Trying to use GNU Parallel with sed
How can I draw selection rectangle on screen for my script?