Ubuntu installation on computers running Windows and BitLocker turned on

Overview

BitLocker Drive Encryption is a data protection feature that integrates with the Windows operating system. When activated, it will encrypt the contents of the hard drives in Windows, making the data inaccessible without the correct decryption key. It is designed to minimize the risk of data theft or exposure from lost or stolen computers.

When a user starts their computer and properly authenticates with the correct credentials, BitLocker will decrypt the data and allow seamless usage of the hard drive and the data it contains. Without the correct credentials, the encrypted hard drive data will look like random noise.

BitLocker & Ubuntu installation

If you plan to install Ubuntu side by side with Windows, you need to take into consideration the operational setup on your computer.

  • If you are not using BitLocker, Ubuntu will be able to see the correct hard drive structure, including any partitions and data stored on it. This allows the guided wizard to correctly map the data, and safely make adjustments to accommodate the additional installation of Ubuntu alongside Windows.
  • If you are using BitLocker, the hard drive contents will not be accessible, and they will appear as random noise. This means that the Ubuntu installer cannot correctly map data, and the additional installation cannot be safely performed without data loss… Additionally, some manufacturers ship systems with BitLocker enabled but the hard drive contents not yet encrypted. In this case the Ubuntu installer will also not be able to correctly map data.

You can:

  • Cancel the installation of Ubuntu and continue using Windows only.
  • Decide that the data stored in Windows is not important, and that you are willing to overwrite the data contents. The Ubuntu installer can then erase the entire contents of the hard drive and create its own structure (partitions and data). This is a destructive operation, with no option to recover any Windows data.
  • Decide to turn BitLocker off. This will turn the encryption feature, and the hard drive and its data will be visible and accessible from the Ubuntu installer, allowing it to correctly and safely set up a side-by-side configuration. For systems with BitLocker enabled but not yet encrypted you will need to first turn BitLocker on and then turn it off.

Turn BitLocker off

If you decide to proceed with the third option, you will need to do the following:

  • Back your data up - any encryption procedure, hard drive structure change or installation of new operating systems on a hard drive that already contains data can potentially lead to a data loss. You need to make sure your personal data is safe. Even simply copying the important files to an external drive can minimize the risk of data loss.
  • Quit the Ubuntu installer and reboot the computer into Windows.
  • In Windows, open Settings > type Manage BitLocker in the search box. Alternatively, open Control Panel > System and Security > BitLocker Drive Encryption.

Windows will now inform you that it is going to decrypt the data.

bitlocker-decryption-warning

This process can take a little bit of time:

bitlocker-decrypting

bitlocker-decryption-complete

  • Once this step is complete, reboot the computer, log into Windows, to make sure everything works correctly, and that all your data is intact.
  • Reboot your computer again, and launch the Ubuntu installer. At this point, you will be able to proceed with the hard disk configuration step.
6 Likes

Ok, I turned off Bitlocker, Waiting for it to finish, seems like it may be a while…anyway, so after I install Ubuntu, will I be able to reinstall bitlocker or will I have to use your version and I presume its works on the windows side? ,

I have a strange behaviour on a Lenovo Yoga-Book. Windows 10 installed, Bitlocker not activated (Windows says, that the drive is waiting to be activated).
Partition in partitionmanager itself is shown to have a bitlocker activated…

I cannot install Ubuntu 20 with an active bitlocker, but how can I disable a bitlocker that is already disabled???

@gunther-hebein I had the same issue. Just activate Bitlocker and deactivate it again.

3 Likes

Folks,

Reminder: The purpose of this thread is to improve documentation.

Your support questions should be directed to AskUbuntu, UbuntuForums, IRC and other support venues.

  • “How do I…?” is a support question
  • “It didn’t work” is a support question or a bug report

When you have an answer, please suggest specific improvements to the documentation strings and images here so that others don’t need to ask the same questions.

1 Like

@gunther-hebein Alternatively, go to Settings > Device encryption and click the button “Turn off”.
Ref: https://superuser.com/questions/1299600/is-a-volume-with-bitlocker-waiting-for-activation-encrypted-or-not

People are probably asking support questions on this page because:

  1. Ubiquity itself links to Intel RST
  2. Intel RST redirects here, rather than to a user-facing version of the document.

If people shouldn’t be asking questions here, where is the user-facing version? Google hasn’t found it.

Initially there were two static pages, but they proved to not display well on phones, so we got bug #1874068 and replaced them with redirects here for now.

The static pages still exist:

So if someone makes those pages phone friendly, we can drop the redirects anytime.

Yikes! I wasn’t expecting to see my scribbly design sketches used in user-facing help pages.

I wonder why those pages are generated from Google Docs (judging by all the .lst-kix_ styles), rather than from these Discourse posts. Many Canonical sites (including ubuntu.com/server/docs and multipass.run/docs) have responsive help pages exported from Discourse posts. But I guess the software doing those exports won’t run on help.ubuntu.com. I’ve made a request for Canonical’s Web team to investigate how to generate responsive exports on help.ubuntu.com as well.

Minor edit under ‘Turn BitLocker off’

It should be: In Windows, open Settings > type BitLocker in the search box.

Not ‘type manage BitLocker’.

Thanks.

Hi,

I ran into this BitLocker issue for the first time and was really bothered with the decrypt/install/re-encrypt approach. As the boot and recovery partitions are not encrypted, I tried a different approach which worked fine. So there is a 4th option! Here it is:

  • Manage your partitions manually:
    1. On windows, launch the partition manager tool (type “partition” in the search bar and it should show up).
    2. Resize your main Windows partition to leave enough empty space for your ubuntu install (e.g. 128Gb).
    3. Boot on Ubuntu installer disk.
    4. When prompted with the different install choices, choose the option to manually manage your partitions.
    5. Select the free space and create at least one partition (mount as “/”). If you do not know how many and which partitions to create, there are many posts on the subject already.
    6. Install your Ubuntu and enjoy.

The whole process took less than 5mn to setup on my machine. I bet the decrypt is much much longer and generates a lot of unnecessary writes (bad for SSDs). Sadly, the installer is not able to automatically manage an install alongside Windows when there is free space on the disk. It is like it detects BitLocker and redirects to the help message with the link to this page. Hence the only option for now is to manage the partitions manually, which may rebute some users…

I hope this helps others.

5 Likes

2 posts were split to a new topic: SSD includes windows 10 with Bitlocker enabled

And don’t forget to save your BitLocker recovery key somewhere outside encrypted partition. By installing Ubuntu, you end up with 2 ways to boot Windows: 1 is using its EFI loader directly, another is chainloading in Grub. The choice affects PCRs that are being checked during a boot process with BitLocker enabled, so if you always used one way, but decided to use another this time, you’ll be prompted to enter the recovery key. The only solution to re-configure the default is a) suspend BitLocker protection in its preferences (affects the next boot only IIRC); b) enter your key to boot the way you want it (via Grub / direct EFI loader) and willing to use further.

Hi,
if the ubuntu are installed , can bitlocker be activaded again

Hi, I intend installing Ubuntu on a sata external drive which doesn’t have Bitlocker turned on. My main boot disk does have it turned on. I intend dual booting. Do I still need to turn off Bitlocker?

Hi, I have installed both Windows 11 and Ubuntu, and bitlocker was disabled for the installation, but then I enabled it back on after some rebooting to ensure all was working. Works fine with bitlocker enabled.

I had a new PC with similar state. I had to “activate” (including saving the safety key), then I could deactivate, then I could proceed with Ubuntu installation.

1 Like

SOLVED:
Because the disk is in decrypting process.
You can check status by this command.

manage-bde -status
Source: https://www.manageengine.com/products/os-deployer/help/how-to-disable-bitlocker-encryption.html

Thank you for this idea! Worked for me - in part. In case anyone else runs into the situation that they can’t access Windows after installing Ubuntu because bitlocker requires their recovery key and like me were lazy and did not back up the key before (and did not upload it into their Microsoft account) - keep calm. For me it worked to go into BIOS and remove Ubuntu from boot options. This seems to have satisfied bitlocker, I could log back into Windows. First thing: back up that bitlocker key…

TL;DR: before doing this maybe back up your bitlocker key.

This guide is not useful for situations where Microsoft Windows has a virus and the main aim is to avoid running the Windows OS until the virus has been removed (or data recovered).