BitLocker Drive Encryption is a data protection feature that integrates with the Windows operating system. When activated, it will encrypt the contents of the hard drives in Windows, making the data inaccessible without the correct decryption key. It is designed to minimize the risk of data theft or exposure from lost or stolen computers.
When a user starts their computer and properly authenticates with the correct credentials, BitLocker will decrypt the data and allow seamless usage of the hard drive and the data it contains. Without the correct credentials, the encrypted hard drive data will look like random noise.
BitLocker & Ubuntu installation
If you plan to install Ubuntu side by side with Windows, you need to take into consideration the operational setup on your computer.
If you are not using BitLocker, Ubuntu will be able to see the correct hard drive structure, including any partitions and data stored on it. This allows the guided wizard to correctly map the data, and safely make adjustments to accommodate the additional installation of Ubuntu alongside Windows.
If you are using BitLocker, the hard drive contents will not be accessible, and they will appear as random noise. This means that the Ubuntu installer cannot correctly map data, and the additional installation cannot be safely performed without data loss⊠Additionally, some manufacturers ship systems with BitLocker enabled but the hard drive contents not yet encrypted. In this case the Ubuntu installer will also not be able to correctly map data.
You can:
Cancel the installation of Ubuntu and continue using Windows only.
Decide that the data stored in Windows is not important, and that you are willing to overwrite the data contents. The Ubuntu installer can then erase the entire contents of the hard drive and create its own structure (partitions and data). This is a destructive operation, with no option to recover any Windows data.
Decide to turn BitLocker off. This will turn the encryption feature, and the hard drive and its data will be visible and accessible from the Ubuntu installer, allowing it to correctly and safely set up a side-by-side configuration. For systems with BitLocker enabled but not yet encrypted you will need to first turn BitLocker on and then turn it off.
Turn BitLocker off
If you decide to proceed with the third option, you will need to do the following:
Back your data up - any encryption procedure, hard drive structure change or installation of new operating systems on a hard drive that already contains data can potentially lead to a data loss. You need to make sure your personal data is safe. Even simply copying the important files to an external drive can minimize the risk of data loss.
Quit the Ubuntu installer and reboot the computer into Windows.
In Windows, open Settings > type Manage BitLocker in the search box. Alternatively, open Control Panel > System and Security > BitLocker Drive Encryption.
Reminder: The purpose of this thread is to improve documentation.
Your support questions should be directed to our Support and Help category, to AskUbuntu, Ubuntu Support on Matrix, and other support venues.
âHow do IâŠ?â is a support question
âIt didnât workâ is a support question or a bug report
When you have an answer, please suggest specific improvements to the documentation strings and images here so that others donât need to ask the same questions.
Initially there were two static pages, but they proved to not display well on phones, so we got bug #1874068 and replaced them with redirects here for now.
Yikes! I wasnât expecting to see my scribbly design sketches used in user-facing help pages.
I wonder why those pages are generated from Google Docs (judging by all the .lst-kix_ styles), rather than from these Discourse posts. Many Canonical sites (including ubuntu.com/server/docs and multipass.run/docs) have responsive help pages exported from Discourse posts. But I guess the software doing those exports wonât run on help.ubuntu.com. Iâve made a request for Canonicalâs Web team to investigate how to generate responsive exports on help.ubuntu.com as well.
And donât forget to save your BitLocker recovery key somewhere outside encrypted partition. By installing Ubuntu, you end up with 2 ways to boot Windows: 1 is using its EFI loader directly, another is chainloading in Grub. The choice affects PCRs that are being checked during a boot process with BitLocker enabled, so if you always used one way, but decided to use another this time, youâll be prompted to enter the recovery key. The only solution to re-configure the default is a) suspend BitLocker protection in its preferences (affects the next boot only IIRC); b) enter your key to boot the way you want it (via Grub / direct EFI loader) and willing to use further.
This guide is not useful for situations where Microsoft Windows has a virus and the main aim is to avoid running the Windows OS until the virus has been removed (or data recovered).
The Ubuntu 22 installer says that it is necessary to reboot into Windows and disable BitLocker, offering a QR code and a link to https://help.ubuntu.com/bitlocker (which links here).
However this is not correct: Suspend Bitlocker before starting the Ubuntu installation and you will avoid the lengthy procedure of decrypting and re-encrypting the disk (which spoils your SSD/NVMe as well).
I also shrunk the Windows volume using diskmgmt.msc so that Ubuntu would have no issues finding the free space where to install.
The EFI partition that comes with preinstalled Windows is rather small. Users who know the caveats of creating their own partition are smart enough to do it without this mentioned directly. Users who know a bit about partitioning but do not understand the full consequences should no tbe urged to forge ahead. Also, adding warnings about this-and-that for the borderline users does not belong here. It is better leave the instructions as simple as possible.
I had the same issue. I installed Windows without creating a Windows (online) account. It appears that the disk was indeed encrypted, but Bitlocker settings said ânot activatedâ because full activation requires a Windows account. Itâs still possible to turn off encryption in âDevice encryptionâ settings panel without Bitlocker appearing as activated.
Iâd add another two steps: encrypting Ubuntu partitions and enabling Bitlocker. Earlier this year, I have created a writup for my companyâs internal wiki. As a government(s) contractor, we are obligated to have all installed operating systems encrypted, due to us having access to a lot of sensitive data and IP. If there is a demand, I can translate it and post it on discourse as a tutorial as well.
