--- tags: Tutorials --- # Install full encrypted Windows/Linux dual boot with shared Storage partition ## Introduction Having a dual boot on your computer is a bit tedious but easily feasible, but when you want to activate some security best practices such as encryption of your data it gets a bit more trickier. If your computer is stolen, it is not only a loss of hardware, but also the compromition of all the data it contains, encryption of your data strongly limit this risk by making difficult to an attacker to get your data by direct access on your disk. Fortunately solutions exists to set up this protection such as bitlocker on Windows or luks containers on Linux, but they are not always the default choice and are hard to set up together. In this tutorial we will set up a machine that can run Windows or Linux and share common data between the two systems whithout skimping on security by setting up encryption everywhere. ## Set up Firefox - Firefox - Duck duck go with custom theme ## Set up Bitwarden - What is it ? - How to use it ? - Install browser extension (Ctrl+shift+L) - Install app on your android phone ## Some other cool extentions - Other extentions /!\ Warning, save all your data before continue /!\ ## Set up Windows When you start with a new computer it generally comes with Windows installed on it. Once Windows, start by making space on the disk for further installations: - Shrink Windows volume. In my case, on a 2 TB disk, I only use 200 GB for windows. - Run all latest Windows updates - Install [DriverCloud](https://www.driverscloud.com) client, run detection, the download and install latest drivers for your machine - Create a new NTFS volume for data that will be shared between Windows and Linux or that should be independent from your system installation. In my case, on a 2 TB disk, I 1.4 TB for shared data. - Windows encryption with bitlocker, during the process get the recovery and store it securely in a secret on bitwarden - Activate windows pro, you can get Windows pro licence for around $1 such as this one on a french eCommerce website: [cdiscount](https://www.cdiscount.com) -> [windows 11 pro](https://www.cdiscount.com/informatique/logiciels-a-telecharger/windows-11-pro-en-telechargement/f-1077604-mic0687903321113.html?idOffre=1643341508#mpos=0|mp) (I tried it, it is an official license and it works like a charm). ## Set up Ubuntu boot key Before leaving windows grab a USB key, download ubuntu LTS, and install Rufus, an utility to create bootable USB keys. Start Rufus, select you USB key as drive and Ubuntu as target ISO. Once your bootable USB key is ready, go to Windows setting sand search for Advanced startup options (in the same place as reset your PC). ## Install Ubuntu From the advanced stratup menu, boot on Ubuntu USB and select. Follow this tutorial to install Ubuntu in a LUKS container: [ Installer un Ubuntu chiffré avec LUKS, LVM et un partitionnement personnalisé](https://zestedesavoir.com/tutoriels/1653/installer-un-ubuntu-chiffre-avec-luks-lvm-et-un-partitionnement-personnalise/#1-important-pour-ubuntu-18-04-et-suivants). - Encrypted disk `/` 200 GB - Boot disk `/boot` 500MB - Backup disk 30GB Reboot once Ubuntu is installed. If it boot on Windows directly, go back to advanced stratup menu and open UEFI/Bios Settings. In boot order option, select Ubuntu as first choice. Restart your PC you should see a screen where you can select to start Windows or Ubuntu. If you select Ubuntu, you have to enter the password you set up for the LUKS container, then enter the password for your session, now you are logged in Ubuntu ! Before to move to the next step, lets check if Windows boot properly. Restart your PC and select Windows on OS select screen. If you see Bitlocker revovery screen, enter the recovery key you stored in a secret on Bitwarden (you can access it from your phone), then Windows should start properly and you sould not be asked again for a recovery key next time. ## Set up encrypted shared partition Restart your PC and log on Ubuntu - Install Veracrypt - Create a new crypted partition using Veracrypt for files shared between Windows and Ubuntu, create a key file named `.storage.key` in `/home/your-user/` - Install `ntfs-3g` - Decrypt and mount disk on boot: - `sudo vim /etc/crypttab`, append this line `storage /dev/[DEVICE_ID] /dev/null tcrypt-veracrypt,tcrypt-keyfile=/home/your-user/.storage.key`, you can find `DEVICE_ID` in preinstalled `Disks` tool, the shape should be dev/`nvme0nXpY` - `sudo vim /etc/fstab`, append this line `/dev/mapper/storage /home/your-user/Storage ntfs-3g noatime,rw,auto,gid=100,uid=1000,nls=utf8,umask=002 00` - If you use an SSD, append `noatime` to all mounted disks, this prevent ubutu to record file access time which reduces amount on I/O on your disk ## Extras - Wallpaper - `sudo apt update && sudo apt upgrade` - `sudo apt install ubuntu-restricted-extras` - `gsettings set org.gnome.shell.extensions.dash-to-dock click-action 'minimize'` - `sudo ufw enable` - `sudo ufw default deny incoming` - `sudo ufw default allow outgoing` - `sudo ufw status verbose` - `sudo apt install gnome-shell-extension-manager` - `sudo apt install synaptic` ## Usefull Commands #### List all system properties `sudo inxi --admin --verbosity=7 --filter --no-host --width` #### List all pacman installed packages `sudo pacman -Qqe` #### Boot from USB when grub does not load properly ```bash ls ``` ```bash # Replace X and Y with values from ls set root=(hdX,msdosY) ``` ```bash chainloader /efi/boot/grubx64.efi ``` ```bash boot ``` ## Softwares ### Unity Hub (deprecated) #### Install App Image ```bash sudo apt-get install ffmpeg ``` ```bash mkdir ~/.local/bin/ && cd $_ ``` ```bash wget https://public-cdn.cloud.unity3d.com/hub/prod/UnityHub.AppImage chmod +x UnityHub.AppImage ``` ```bash ./UnityHub.AppImage ``` #### Set Icon ```bash mkdir ~/.local/share/icons/ && cd $_ ``` ```bash wget https://unity.com/themes/contrib/unity_base/images/favicons/safari-pinned-tab.svg -O unity-logo.svg ``` ```bash mkdir ~/.local/share/applications/ && cd $_ ``` ```bash echo "[Desktop Entry] Name=Unity Hub Icon=/home/${USER}/.local/share/icons/unity-logo.svg StartupWMClass=unityhub Comment=Manage multiple installations of the Unity Editor, create new projects, and access your work. Exec="/home/${USER}/.local/bin/UnityHub.AppImage" %u Version=2.4.6 Type=Application Categories=Development;IDE; Terminal=false StartupNotify=true" > unity-hub.desktop ``` ### JetBrains Toolbox wget -cO jetbrains-toolbox.tar.gz "https://data.services.jetbrains.com/products/download?platform=linux&code=TBA" tar -xzf jetbrains-toolbox.tar.gz DIR=$(find . -maxdepth 1 -type d -name jetbrains-toolbox-\* -print | head -n1) cd .. rm -r $DIR rm jetbrains-toolbox.tar.gz ### Timeshift Backup file system (2/month) ```bash sudo apt-get install timeshift ``` ### Steam sudo apt install steam-installer ### VLC sudo apt-get install vlc ### Atom sudo apt-get install atom ### Inkscape sudo apt-get install inkscape ### Krita sudo snap install krita ### Discord sudo snap install discord ### P4merge ```bash sudo apt-get install --reinstall libxcb-xinerama0 ``` ```bash cd ~/Downloads # Replace X, Y and Z by the latest version form: # https://www.perforce.com/downloads/visual-merge-tool wget https://cdist2.perforce.com/perforce/rX.Y/bin.linuxZx86_64/p4v.tgz ``` ```bash tar zxvf p4v.tgz ``` ```bash sudo mkdir /opt/p4v # Replace X, Y and Z by the version in the extracted directory name: cd p4v-X.Y.Z sudo mv * /opt/p4v sudo ln -s /opt/p4v/bin/p4merge /usr/local/bin/p4merge ``` ### ~~Postman~~ Insomnia sudo snap install postman ### Git sudo apt install git-all ### NVM wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.2/install.sh nvm install node ### ZSH sudo apt install zsh chsh -s $(which zsh) sh -c "$(wget -O- https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" sudo apt-get install fonts-powerline ### Docker sudo apt-get remove docker docker-engine docker.io containerd runc sudo apt-get update sudo apt-get install \ apt-transport-https \ ca-certificates \ curl \ gnupg-agent \ software-properties-common curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - sudo add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) \ stable" sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io sudo docker run hello-world // run hello-world container to test ### Gnome tweaks - `sudo apt install gnome-tweaks` ### Gnome shell extensions manager - `sudo apt install gnome-shell-extensions gnome-shell-extension-manager` - Open `extension-manager` - Search and install - Dash to Panel - // todo describe configuration - Date Meny formatter - // todo describe configuration - User Themes ### Arc theme sudo apt install arc-theme ### Peaper icon theme sudo add-apt-repository -u ppa:snwh/ppa sudo apt update sudo apt-get install paper-icon-theme ## Ressources - [Encrypt Ubuntu in a LUKS container](https://zestedesavoir.com/tutoriels/1653/installer-un-ubuntu-chiffre-avec-luks-lvm-et-un-partitionnement-personnalise/#1-important-pour-ubuntu-18-04-et-suivants) - [Top Things to Do After Installing Ubuntu 22.04 LTS](https://ubuntuhandbook.org/index.php/2022/04/things-to-do-ubuntu-22-04/) - [Things to do After Installing Ubuntu 22.04](https://itsfoss.com/things-to-do-after-installing-ubuntu-22-04/) - [How to boot from USB using GRUB](https://linuxhint.com/boot-usb-using-grub/)