Hello,
I freshly installed LMDE 7 yesterday in dual boot with my existing Windows 11. Bitlocker was not activated yet because I read that it could bring issues so I was waiting on installing Mint first before activating Bitlocker on Windows. Both OSes are on their own SSD. Grub is installed on Mint's drive. When I activate Bitlocker on Windows, it fails to decrypt at boot and asks for recovery key (I saved it of course, but I want the decryption to work automatically from TPM, not manually). Any idea what I did wrong? Should I install Grub on Windows drive?
#Issue with Bitlocker with Mint/Windows dual boot on separate SSDs
royal osprey
torpid mist
Hello,
I freshly installed LMDE 7 yesterday in dual boot with my existing Window...
dont use bitlocker if you ever wanna access your windows files from linux
royal osprey
dont use bitlocker if you ever wanna access your windows files from linux
I have a separate data HDD encrypted with Veracrypt to access my files from both Linux and Windows. I don't need to access the Windows OS disk from Linux, and I want it encrypted
So to be clear I have :
- SSD 1 with Windows 11
- SSD 2 with LMDE 7 (encrypted)
- Grub on SSD 2
- HDD for data encrypted with Veracrypt (no issue with that one)
royal osprey
I'm wondering if the issue is because of grub. I'm pretty sure the problem is linux related. Indeed, if I remove the dual boot (so if I change the boot order in UEFI to boot from Windows drive and not from grub) Bitlocker will work without any issue
torpid mist
windows being windows...
royal osprey
My guess is that if I put grub on Windows drive that may work. But I don't want to modify the EFI partition on Windows unless I'm sure this is the way to go
I have searched the web but cannot find information about my issue
sudden niche
Is it even possible to have multiple active EFI partitions in the same system? (legitimately unsure, but sounds like something that would cause issues.)
I do know that on a dual-boot system historically the windows bootloader absolutely won't play nice with a Linux install, and grub has to point to windows to get things going.
torpid mist
Is it even possible to have multiple active EFI partitions in the same system? (...
yes, but NOT on the same drive
uncut lion
yes, but NOT on the same drive
ig each os gets its own folder in a efi partition, like mine LMDE6/Win10 dual boot:
sudden niche
I mean I know that I had to disable my windows bootloader at the UEFI level to boot linux from my drive at all when I did my setup, but that could be a motherboard quirk or something
vivid turret
turn secure boot on, if you expect to encrypt on Windows.
royal osprey
turn secure boot on, if you expect to encrypt on Windows.
I don't think SecureBoot as anything to do with encryption?... maybe I'm wrong
I solved this issue by following this: https://superuser.com/questions/1278841/bitlocker-asking-for-protection-code-after-ubuntu-installation/1714144#1714144
TLDR: need to enable "Configure TPM platform validation profile for native UEFI firmware configurations" in the Group Policy Editor, then untick "PCR 4: Boot Manager", then delete the protectors and recreate them again