I installed Ubuntu 24.04.01 LTS new install with the experimental TPM full disk encryption on a duel boot system with Windows 11 on my first NVMe drive and Ubuntu on the second NVMe drive.
There is no /etc/default/grub file.
There is no menu option for Windows when I boot and I don’t know what bootloader it is using. There is no boot menu.
It does have a /boot/grub.cfg file but I don’t know how to edit it to add a Windows entry.
How can I get a boot menu and a Windows and Ubuntu entries on it when I boot?
What bootloader is it using? update-grub command is missing. What kind of boot system is the new Ubuntu 24.04.01 LTS desktop using?
Grub is still the boot loader. The difference between your install of Ubuntu 24.01.1 and my two installs of 24.04.1 is TPM Full Disk Encryption.
Trusted Platform Module Full Disk Encryption in Ubuntu is based on the Ubuntu Core implementation of it.
Blockquote
“For 15 years, Ubuntu’s approach to full disk encryption relied on passphrases for authenticating users. On Ubuntu Core, however, FDE has been designed and implemented using trusted platform modules (TPMs) for more than 2 years now.”
Grub is still the boot loader but it is a snap package. That is why update-grub does not do anything. I suspect that we are not meant to dual boot when using Ubuntu with TPM FDE.
See the heading: The Role of Snapd in the above linked to document.
Blockquote
“TPM-backed FDE on classic Ubuntu Desktop systems is based on the same architecture as Ubuntu Core, and it shares a number of its design and implementation principles. Namely, the bootloader (shim and GRUB) and kernel assets will be delivered as snap packages (via gadget and kernel snaps), as opposed to being delivered as Debian packages. As such, it is the Snapd agent which will be responsible for managing full disk encryption throughout its lifecycle.”
Blockquote
“Beyond the kernel and bootloader, the rest of your operating system, namely its userspace, will be exactly that of a classic Ubuntu environment”
Try running snap list
It would be interesting to see what comes up. I have installed Ubuntu Core Desktop. Everything there is snap packaged. It has a pc-kernel snap and it does not dual boot with classic Ubuntu desktop and classic Ubuntu does not dual boot with it.
“It does have a /boot/grub.cfg file but I don’t know how to edit it to add a Windows entry.”
We do not edit grub.cfg, It is a binary file.
We can edit /usr/share/grub/default/grub. It is a plain text file and also /etc/grub.d/40_custom and /etc/grubd/41_custom. They are also plain text files.
We then run update-grub which runs grub-mkconfig which in turn constructs grub.cfg.
Or, rather, that is what we do in Classic Ubuntu Desktop but not Ubuntu Core or Ubuntu with TPM backed FDE.
"We can edit /usr/share/grub/default/grub. It is a plain text file
and also /etc/grub.d/40_custom and /etc/grubd/41_custom.
They are also plain text files."
There is no /usr/share/grub/default/grub
I am not tech savy enough to know how to add windows to the /etc/grub.d/40_custom file
Due to this limitation of the snap grub implantation I will reinstall without TPM FDE
In the TPM based setup of UbuntuCore grub and all its configuration files live in the readonly (and gpg signed) gadget snap and changes can only be made if you re-build the gadget snap.
I’m not sure if there were any adjustments to this setup to actually allow any changes to the config when it was ported over to Ubuntu Desktop so that other OS’es could be added to the grub menu … (UbuntuCore is typically used on single purpose devices that get flashed in the factory with only one OS) …
You should definitely report your findings in the feedback thread here on discourse though and perhaps also file a bug …
This is the situation we get when we install Ubuntu with TPM backed Full Disk Encryption.
The developers have taken the method used to give Ubuntu Core TPM backed Full Disk Encryption and fitted it into Ubuntu Desktop.
For all I know modifying TPM backed Full Disk Encryption to allow dual booting might weaken the security of having TPM backed Full Disk Encryption.
I see two options. Ubuntu with TPM backed Full Disk Encryption but without dual booting. And Ubuntu with LUKS and passphrase to unlock encryption and dual booting.
Which method is the most secure and do we need such a level of security?
@richard378 has Windows 11 on the first nvme disk and TPM full disk encrypted Ubuntu 24.04 on the second nvme disk, therefore the PC boot menu must be the method for OS selection. In effect, still dual booting but Grub is not available to boot both systems.
Windows Boot Manager and Ubuntu Encryption Boot are behaving identically, neither wishes to be friendly to the other.
Looks ideal to me. Each OS on a separate disk and each booting independently of the other.
@richard378 Is BitLocker also enabled on your Windows 11 disk?
Interestingly, Ubuntu has the slight advantage in being able to decrypt Windows BitLocked partitions whereas Windows 11 would not even realise that Ubuntu was in the vicinity.