ubuntu-desktop-provision

encrypted ubuntu installation parallel to Windows not possible

Bug #2043008 reported by Matthias Klose on 2023-11-08

This bug affects 6 people

Affects		Status	Importance	Assigned to	Milestone
	ubuntu-desktop-provision	New	Undecided	Unassigned

Bug Description

The old ubiquity installer offers an option to install Ubuntu alongside Windows, or to install Ubuntu encrypted, however there is no option to install an encrypted Ubuntu alongside Windows.

In the old ubiquity installer you were able to work around it. Starting with a Windows installation on one disk and free space (you can shrink a Windows partition already with Windows tools):

- create an ext4 /boot partition
- create a large partition to be used as an encrypted volume
- on the shell:
   - create a volume group on the large partition
   - create logical volumes on the volume group (swap, /, maybe /home)
   - get the information from the large partition to be used in /etc/crypttab
- go back in the installer one step, go forward again, to make the
   new volume group and logical volumes known.
- start the install
- during the install create /target/etc/crypttab
- after the install finishes re-create the initramfs to include
   the new crypttab

The desktop installer currently doesn't even offer to create a partition for encryption.

Ideally it should be possible not to have the manual steps necessary in the shell, but providing an option to create the encrypted Ubuntu installation alongside Windows in the installer.

Revision history for this message

Dan Bungert (dbungert) wrote on 2023-11-08:

I believe that a combination of the use_gap and resize features should be enough for this, maybe with a tweak to bitlocker support. For instance, if there is bitlocker but a large enough gap, we can do the guided install into it, so Subiquity provides a use_gap target off of storage/v2guided.

Sebastien Bacher (seb128) on 2024-04-12

affects:

ubuntu-desktop-installer → ubuntu-desktop-provision

Revision history for this message

Mike Kasberg (mkasberg) wrote on 2024-05-21:

I've discovered that it *is possible*, today, to install Ubuntu 24.04 alongside windows with LVM and encryption. However, as best I can tell this is only possible due to a bug in the installer UI that serendipitously does exactly what we want. It works like this:

- On the "Disk setup" screen, select "Erase disk and install ubuntu".
- Click the "Advanced features" button.
- Select "Use LVM and encryption".
- Close the modal dialog window.
- Change the selection back to "Install Ubuntu alongside Windows". Note that the "LVM and encryption" option remains selected although the button is grayed out. Furthermore, the final summary screen (before installation) shows "Install alongside Windows" and "LUKS (LVM)".

I've validated the above steps on Ubuntu 24.04, on a Dell Latitude e7450. They do exactly what you'd expect - shrinking the Windows partition and installing LVM with encryption in the new empty space, resulting in a good dual-boot install with encryption.

I documented the process more thoroughly on my blog here, including screenshots: https://www.mikekasberg.com/blog/2024/05/20/dual-boot-ubuntu-24-04-and-windows-with-encryption.html

I still think this is a bug since it seems like the steps above use undocumented/unexpected behavior to achieve this, but it seemed worthwhile to add to the discussion here:
- I think this is a valid workaround for anyone who's blocked by this.
- Future development work might be easier, knowing that the desired behavior (encrypted dual-boot) is already achievable but some UI tweaks could make it a better experience.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.