this post was submitted on 29 Dec 2023
19 points (95.2% liked)

Linux

48689 readers
824 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I recently created a HD for dual boot Win 11 and Pop Os. I created a shared partition for Data, and separate partitions for the respective OS. I used gParted to create the partitions. It looks like Win then added bitlocker to this data partition.

(It's not really encrypted, I guess, because I didn't create a microsoft account, and didn't receive a recovery key)

So now I can't access that partition when booted into Pop OS without entering a password (which I don't have).

I'm wondering a couple of things: what's the best practice in these scenarios? Have the shared data drive not be encrypted with Bitlocker? If so, is there something else that should be done for security purposes? If not, it looks like using Dislocker is a common solution to access the drive in Linux?

all 13 comments
sorted by: hot top controversial new old
[–] [email protected] 6 points 1 year ago (2 children)

If you don't need/want Bitlocker simply boot into Windows go into the bitlocker settings and turn off bitlocker (dont use suspend as bitlocker will be re-enabled the next time you boot into Windows). You will need to wait for Bitlocker to decrypt before shutting down - there will be a small status window that appears showing the progress and it shouldn't take too long.

[–] [email protected] 2 points 1 year ago (1 children)

Thank you! I think part of what I'm curious to hear input on is whether I should disable bitlocker for that shared data partition. Any thoughts? Is it a best practice to have it on?

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

If you keep Bitlocker enabled on that partition you will have to enter the recovery key everytime you boot into your Linux partition. Since you don't have that key backed up you'll need to turn it off and then re-enable it if you wish to continue to use Bitlocker.

If you manually enable bitlocker you will be prompted to back up the key with a few different options: to a file (but if I recall you'll need to save the file to a drive that isn't be encrypted by Bitlocker) or to a Microsoft account.

To answer your question regarding best practice, Full Disk Encryption is best practice. Now to achieve that in Windows you use Bitlocker, Linux there is Luks, and macOS has filevault.

If your machine isn't going anywhere outside your home then it's not as big of a deal if the drive isn't encrypted.

Regarding your situation FDE is going to be a bit of a pain whether you use Bitlocker or Luks. I suggest using db2's suggestion and run a VM creating a shared folder between host and guest. Then you can encrypt the entire drive using the best encryption tool for the host OS (which I suggest be Linux).

Edit: Replaced the 'b' with a space between "db2's" and "suggestion"

[–] [email protected] 2 points 1 year ago (1 children)

I appreciate the additional info. Since I want to make Linux primary (one of my two main points in this little project is getting familiar with Linux!), I'll look into Luks for that partition

The db2 / vm suggestion is a little over my head, currently, but I'll research that as well!

[–] [email protected] 1 points 1 year ago

Also, bitlocker is not the only disk encryption software for Windows. It's just the built in one. If you wanted, you could use something like Veracrypt which is open source and will play nicely with all your OSes.

[–] [email protected] 1 points 1 year ago

I'd run Windows in a virtual machine, then you can run both at once and share data as you please.

[–] [email protected] 1 points 1 year ago

In windows, save the recovery key (to an external USB key for instance), it is a text file. Then in Linux double click the partition in Thunar or your file manager and it will ask you for the key.

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (3 children)

I assume you want disk encryption on Windows which is why you haven't turned off bitlocker and disabled it in BIOS. I'm not familiar with whole disk encryption on Windows but Linux has many options.

If you're going to dual boot I would recommend a separate boot partition for GRUB/boot manager that points to the windows boot partition because Windows likes to mess up a shared boot partition.

**EDIT: This guy seems to have got both working: https://bbs.archlinux.org/viewtopic.php?id=273365

[–] [email protected] 1 points 1 year ago

Honestly I've been away from Windows long enough that it just wasn't a consideration while I was creating the partitions and then the dual boot. I just discovered that it'd happened when I went to access the shared partition in pop and was asked for the password.

I do want to retain a shared data partition between the two OS, however. Obvs the partition for the Window OS itself could remain encrypted, since that doesn't affect pop os. And if it is best practice for system security.

I'll read up that link to see what he has to recommend!

[–] [email protected] 0 points 1 year ago

congrats you didn’t even try to answer the questions he asked.

i’m curious…were you just answering the questions you wanted him to ask instead?