December
3
Linux: Dual boot Windows/Ubuntu with secure LVM
The following is a very good tutorial it is not all inclusive, but very close:
- Based on https://askubuntu.com/a/293029/286776
- Installation date: 15-09-2018
- Additional notes based on my own experience
- The process describes a completely fresh installation with a complete repartitioning, however it should work fine when Windows is already installed (eg. brand new machine with Windows preinstalled).
- The process was conducted on Dell’s XPS 15 9570 (2018) with specs:
- CPU: i7-8750H
- Screen: 4K with Touch
- RAM: 16 GB (original) / 32 GB (manually upgraded)
- Drive: 512 GB (SK Hynix PC401)
- Windows 10 Pro license
- BIOS version: 1.3.1
- Suprisingly, Ubuntu’s update manager supports BIOS updates out of the box
- My installation did not require to disable TPM nor Secure Boot
- My installation did not force me to recover Bitlocker after Ubuntu’s installation
- Some people report that it was needed in their case
- See “Additional notes” for more info about GRUB & Booting into Windows
1. Preparation (using another computer with Ubuntu)
- Create Windows installation USB stick
- Download .ISO file from Microsoft’s webpage
- Create bootable USB using
WoeUSB
- Ubuntu has an option to “restore” ISO images using
Disks
utility, but it does not work correctly (Windows installer asks for additional drivers) - I also had to compile
WoeUSB
because of some weird bug in the default Ubuntu’s (PPA’s) supplied package that would not let me finish the installation process
- Ubuntu has an option to “restore” ISO images using
- Create Ubuntu installation USB stick
- Download .ISO file from Ubuntu’s webpage
- Create bootable USB using “whatever”
- Go to BIOS (F2) and switch from SSD’s “RAID mode” to “AHCI mode”
2. Install Windows
- Insert newly created bootable USB and start the installation process
- Re-partition your drive
- My partitioning scheme (devices might have be labeled differently!):
- Boot drive for Linux:
1GB
/dev/nvme0n1p1
- Windows OS drive:
~75GB
/dev/nvme0n1p5
- Will automatically create additional drives before the actual OS drive as soon as you create the first “regular” partition
- Windows data drive:
~100GB
/dev/nvme0n1p6
- Ubuntu LUKS drive:
~300GB
/dev/nvme0n1p7
- Can be created later
- Boot drive for Linux:
- My partitioning scheme (devices might have be labeled differently!):
- Install Windows on the “Windows OS drive”
- Boot to Windows after installation, install all updates
- Enable BitLocker on “Windows data drive” (“Windows OS drive” was already encrypted)
- Create recovery data for both Bitlocker-protected drives and store them somewhere (eg. additional USB)
3. Install Ubuntu
- Insert newly created bootable USB and start the installation process
- Create LUKS container on “Ubuntu LUKS drive” and “wipe it”:
sudo cryptsetup luksFormat /dev/nvme0n1p7
sudo cryptsetup luksOpen /dev/nvme0n1p7 cryptdrive
sudo dd if=/dev/zero of=/dev/mapper/cryptdrive bs=16M
- Create LVM physical volume, a volume group & logical volumes:
- Volumes are sized as follows:
- OS drive:
60GB
- Swap:
16GB
- Home:
rest
- OS drive:
- Commands:
sudo pvcreate /dev/mapper/cryptdrive
sudo vgcreate vglinux /dev/mapper/cryptdrive
sudo lvcreate -n root -L 60g vglinux
sudo lvcreate -n swap -L 16g vglinux
sudo lvcreate -n home -l 100%FREE vglinux
- Volumes are sized as follows:
- Start the installation process using GUI:
- Connect to WiFi network
- Installation options:
- Pick “minimal installation”
- Pick “install updates during installation”
- Pick “install 3rd party drivers” (no need to “reset Secure Boot password”)
- Pick “custom installation process” (the one which lets you repartition stuff)
- Pick
/dev/mapper/vglinux-root
asext4
FS & mount it to/
- Pick
/dev/mapper/vglinux-home
asext4
FS & mount it to/home
- Pick
/dev/mapper/vglinux-swap
asswap
- Pick
/dev/nvm0n1p1
asext4
FS & mount it to/boot
- Without doing this, installation will fail when configuring GRUB
- Pick “boot drive” (the select list at the bottom) and assign it to
/dev/nvm0n1p1
- Pick
- Proceed with the installation
- After GUI installation completes, stay within the Live USB environment
- Check the UUID of the LUKS drive:
sudo blkid /dev/nvme0n1p7
- Example output:
/dev/nvme0n1p7: UUID="abcdefgh-1234-5678-9012-abcdefghijklm" TYPE="crypto_LUKS"
- Mount root & boot drives and chroot into the main mount:
sudo mount /dev/mapper/vglinux-root /mnt
sudo mount /dev/nvme0n1p1 /mnt/boot
sudo mount --bind /dev /mnt/dev
sudo chroot /mnt
mount -t proc proc /proc
mount -t sysfs sys /sys
mount -t devpts devpts /dev/pts
- In chroot env, configure
crypttab
allowing to boot Ubuntu with Encryption unlockersudo nano /etc/crypttab
:# <target name> <source device> <key file> <options> # options used: # luks - specifies that this is a LUKS encrypted device # tries=0 - allows to re-enter password unlimited number of times # discard - allows SSD TRIM command, WARNING: potential security risk (more: "man crypttab") # loud - display all warnings cryptdrive UUID=abcdefgh-1234-5678-9012-abcdefghijklm none luks,tries=0,discard,loud
update-initramfs -k all -c
- Reboot into Ubuntu
4. Ubuntu Tweaks
- Run some of the
dell-xps-9570-ubuntu-respin
tweaks:- Main script is here: https://github.com/JackHack96/dell-xps-9570-ubuntu-respin/blob/master/xps-tweaks.sh
- Modify the GRUB editting code to include
splash
option - Nvidia & WiFi card changes were not performed
- Running this script yielded power consumption reduction from ~16W to ~7W (much closer to Windows) in Idle
- Additional packages (some might have been included in the Respin):
sudo apt-get install smbios-utils
- More Tips & Tricks related to Thermals:
Some useful tips and tricks
: https://github.com/JackHack96/dell-xps-9570-ubuntu-respin/wiki/Some-useful-tips-and-tricks- Switch to Battery-Mode on AC for better Thermals:
sudo tlp bat
- Enable right-mouse-click:
- Follow these instructions: https://askubuntu.com/a/1029458/286776
- Enable
Yaru-dark
in GNOME Shell:- Follow these instructions: https://www.linuxuprising.com/2019/10/how-to-get-dark-gnome-shell-menus-and.html
- Latest commit used:
7486bc9b3bbf3aca26bd8ab48b39788a7f9392aa
- Nvidia Drivers used: 390
Additional notes
- Switching between OSes:
- Ubuntu (GRUB) is the default boot option
- Windows can be accessed using F12’s boot option menu
- It can also be accessed using GRUB’s menu, however, then it prompts me to use the BitLocker’s recovery key
- Cancelling the recovery and using F12 -> Windows Boot Manager trick did not prompt to use recovery key again…
- Both, when installing Ubuntu, and sometimes when rebooting installed Ubuntu, “poweroff” or “reboot” results in prolonged shutdown with locked up display.
- Fixed with
dell-xps-9570-ubuntu-respin
tweak script
- Fixed with
- About BIOS upgrade:
- An upgrade from 1.3.0 to 1.3.1 required to swap RAM sticks to the original ones again, because the machine would not boot with white & amber LED flashes (supposedly indicating “memory problem”). After booting just once with the original sticks, I’ve swapped to the 2x16GB sticks again without a problem.
Changelog
- [2019.10.24]
- Added link to an article related to enabling Yaru-dark in GNOME Shell (eg. notification center background adjustment, which by default is white).
By: M Dziekon