Back to articles

Dual Boot Ubuntu/PopOS with Windows (BitLocker Enabled) Using Full Disk Encryption

5 min
linux
dual-boot
encryption
luks
ubuntu
popos

Setting up a dual-boot system with Ubuntu or PopOS alongside a Windows installation with BitLocker encryption requires special care — especially if you're aiming for full disk encryption on the Linux side.

This guide walks you through manually configuring full disk encryption with LUKS and LVM, while preserving your existing Windows installation on the same physical drive. You'll create the necessary partitions, set up encryption, and install Ubuntu/PopOS using a custom method.

⚠️ Note: This is an advanced setup. Always back up important data before modifying disk partitions.

📌 Prerequisites

  • A Windows system with BitLocker enabled.
  • Free space on the system drive (you’ll shrink the Windows partition to make room).
  • Ubuntu or PopOS Live USB.
  • Basic familiarity with terminal commands and partitions.

🧩 Step 1: Shrink the Windows Partition

  1. Boot into Windows.
  2. Open the Start Menu → search for Disk Management and open it.
  3. Right-click the main Windows partition (usually C:) and choose Shrink Volume.
  4. Shrink it by the amount of space you want to allocate to Linux (e.g., 100–200GB or more).

🛠️ Step 2: Boot into the Live USB

  1. Insert your Ubuntu/PopOS USB stick and boot from it.
  2. When the installer launches, quit/exit the installer for now — we’ll prep the disk manually first.

💽 Step 3: Create Boot Partition Using GParted

  1. Open GParted from the Live environment.
  2. Locate the unallocated space created from shrinking Windows.
  3. Right-click the unallocated space and:
    • Create a 2GB FAT32 partition.
    • After applying changes, right-click it → Manage Flags → enable both boot and esp.
  4. Leave the rest of the space unallocated for now (we’ll use it for the encrypted root).

🔐 Step 4: Set Up Full Disk Encryption with LUKS and LVM

Open a terminal and switch to root:

sudo -i

Then, run the following (replace /dev/nvme0n1p4 with your actual empty partition from GParted):

# Format partition with LUKS2 encryption
cryptsetup luksFormat /dev/nvme0n1p4
 
# Open it and map it as 'cryptdata'
cryptsetup luksOpen /dev/nvme0n1p4 cryptdata
 
# Create LVM on top of encrypted partition
pvcreate /dev/mapper/cryptdata
vgcreate data /dev/mapper/cryptdata
lvcreate -n root -l 100%FREE data
 
# Format the logical volume with ext4
mkfs.ext4 /dev/data/root

🧱 Step 5: Install the OS with Custom Partitioning

  1. Launch the installer again from the Live environment.
  2. Choose Custom or Advanced installation when asked about partitions.
  3. Click the encrypted volumne, and decrypt it with your passphrase.
  4. A new volume will pop up below, select it as root mount for the OS
    • Mount it as / (root).
    • Do not format it — it’s already formatted with ext4.
  5. Select the 2GB FAT32 partition and set it to mount at /boot/efi.

Continue the installation process as usual.

✅ Final Notes

  • After installation, GRUB or systemd-boot should recognize both operating systems.
  • BitLocker will remain untouched and functional.
  • Your Linux system will now use full disk encryption via LUKS, with all files (except /boot/efi) encrypted.
  • The bootloader will ask for the passphrase if you boot into Linux

© 2025 Jepsn. All rights reserved.