---
tags: Tutorials
---
# Install full encrypted Windows/Linux dual boot with shared Storage partition
## Introduction
Having a dual boot on your computer is a bit tedious but easily feasible, but when you want to activate some security best practices such as encryption of your data it gets a bit more trickier.
If your computer is stolen, it is not only a loss of hardware, but also the compromition of all the data it contains, encryption of your data strongly limit this risk by making difficult to an attacker to get your data by direct access on your disk.
Fortunately solutions exists to set up this protection such as bitlocker on Windows or luks containers on Linux, but they are not always the default choice and are hard to set up together.
In this tutorial we will set up a machine that can run Windows or Linux and share common data between the two systems whithout skimping on security by setting up encryption everywhere.
## Set up Firefox
- Firefox
- Duck duck go with custom theme
## Set up Bitwarden
- What is it ?
- How to use it ?
- Install browser extension (Ctrl+shift+L)
- Install app on your android phone
## Some other cool extentions
- Other extentions
/!\ Warning, save all your data before continue /!\
## Set up Windows
When you start with a new computer it generally comes with Windows installed on it. Once Windows, start by making space on the disk for further installations:
- Shrink Windows volume. In my case, on a 2 TB disk, I only use 200 GB for windows.
- Run all latest Windows updates
- Install [DriverCloud](https://www.driverscloud.com) client, run detection, the download and install latest drivers for your machine
- Create a new NTFS volume for data that will be shared between Windows and Linux or that should be independent from your system installation. In my case, on a 2 TB disk, I 1.4 TB for shared data.
- Windows encryption with bitlocker, during the process get the recovery and store it securely in a secret on bitwarden
- Activate windows pro, you can get Windows pro licence for around $1 such as this one on a french eCommerce website: [cdiscount](https://www.cdiscount.com) -> [windows 11 pro](https://www.cdiscount.com/informatique/logiciels-a-telecharger/windows-11-pro-en-telechargement/f-1077604-mic0687903321113.html?idOffre=1643341508#mpos=0|mp) (I tried it, it is an official license and it works like a charm).
## Set up Ubuntu boot key
Before leaving windows grab a USB key, download ubuntu LTS, and install Rufus, an utility to create bootable USB keys.
Start Rufus, select you USB key as drive and Ubuntu as target ISO.
Once your bootable USB key is ready, go to Windows setting sand search for Advanced startup options (in the same place as reset your PC).
## Install Ubuntu
From the advanced stratup menu, boot on Ubuntu USB and select.
Follow this tutorial to install Ubuntu in a LUKS container: [ Installer un Ubuntu chiffré avec LUKS, LVM et un partitionnement personnalisé](https://zestedesavoir.com/tutoriels/1653/installer-un-ubuntu-chiffre-avec-luks-lvm-et-un-partitionnement-personnalise/#1-important-pour-ubuntu-18-04-et-suivants).
- Encrypted disk `/` 200 GB
- Boot disk `/boot` 500MB
- Backup disk 30GB
Reboot once Ubuntu is installed. If it boot on Windows directly, go back to advanced stratup menu and open UEFI/Bios Settings. In boot order option, select Ubuntu as first choice.
Restart your PC you should see a screen where you can select to start Windows or Ubuntu. If you select Ubuntu, you have to enter the password you set up for the LUKS container, then enter the password for your session, now you are logged in Ubuntu !
Before to move to the next step, lets check if Windows boot properly. Restart your PC and select Windows on OS select screen. If you see Bitlocker revovery screen, enter the recovery key you stored in a secret on Bitwarden (you can access it from your phone), then Windows should start properly and you sould not be asked again for a recovery key next time.
## Set up encrypted shared partition
Restart your PC and log on Ubuntu
- Install Veracrypt
- Create a new crypted partition using Veracrypt for files shared between Windows and Ubuntu, create a key file named `.storage.key` in `/home/your-user/`
- Install `ntfs-3g`
- Decrypt and mount disk on boot:
- `sudo vim /etc/crypttab`, append this line `storage /dev/[DEVICE_ID] /dev/null tcrypt-veracrypt,tcrypt-keyfile=/home/your-user/.storage.key`, you can find `DEVICE_ID` in preinstalled `Disks` tool, the shape should be dev/`nvme0nXpY`
- `sudo vim /etc/fstab`, append this line `/dev/mapper/storage /home/your-user/Storage ntfs-3g noatime,rw,auto,gid=100,uid=1000,nls=utf8,umask=002 00`
- If you use an SSD, append `noatime` to all mounted disks, this prevent ubutu to record file access time which reduces amount on I/O on your disk
## Extras
- Wallpaper
- `sudo apt update && sudo apt upgrade`
- `sudo apt install ubuntu-restricted-extras`
- `gsettings set org.gnome.shell.extensions.dash-to-dock click-action 'minimize'`
- `sudo ufw enable`
- `sudo ufw default deny incoming`
- `sudo ufw default allow outgoing`
- `sudo ufw status verbose`
- `sudo apt install gnome-shell-extension-manager`
- `sudo apt install synaptic`
## Usefull Commands
#### List all system properties
`sudo inxi --admin --verbosity=7 --filter --no-host --width`
#### List all pacman installed packages
`sudo pacman -Qqe`
#### Boot from USB when grub does not load properly
```bash
ls
```
```bash
# Replace X and Y with values from ls
set root=(hdX,msdosY)
```
```bash
chainloader /efi/boot/grubx64.efi
```
```bash
boot
```
## Softwares
### Unity Hub (deprecated)
#### Install App Image
```bash
sudo apt-get install ffmpeg
```
```bash
mkdir ~/.local/bin/ && cd $_
```
```bash
wget https://public-cdn.cloud.unity3d.com/hub/prod/UnityHub.AppImage
chmod +x UnityHub.AppImage
```
```bash
./UnityHub.AppImage
```
#### Set Icon
```bash
mkdir ~/.local/share/icons/ && cd $_
```
```bash
wget https://unity.com/themes/contrib/unity_base/images/favicons/safari-pinned-tab.svg -O unity-logo.svg
```
```bash
mkdir ~/.local/share/applications/ && cd $_
```
```bash
echo "[Desktop Entry]
Name=Unity Hub
Icon=/home/${USER}/.local/share/icons/unity-logo.svg
StartupWMClass=unityhub
Comment=Manage multiple installations of the Unity Editor, create new projects, and access your work.
Exec="/home/${USER}/.local/bin/UnityHub.AppImage" %u
Version=2.4.6
Type=Application
Categories=Development;IDE;
Terminal=false
StartupNotify=true" > unity-hub.desktop
```
### JetBrains Toolbox
wget -cO jetbrains-toolbox.tar.gz "https://data.services.jetbrains.com/products/download?platform=linux&code=TBA"
tar -xzf jetbrains-toolbox.tar.gz
DIR=$(find . -maxdepth 1 -type d -name jetbrains-toolbox-\* -print | head -n1)
cd ..
rm -r $DIR
rm jetbrains-toolbox.tar.gz
### Timeshift
Backup file system (2/month)
```bash
sudo apt-get install timeshift
```
### Steam
sudo apt install steam-installer
### VLC
sudo apt-get install vlc
### Atom
sudo apt-get install atom
### Inkscape
sudo apt-get install inkscape
### Krita
sudo snap install krita
### Discord
sudo snap install discord
### P4merge
```bash
sudo apt-get install --reinstall libxcb-xinerama0
```
```bash
cd ~/Downloads
# Replace X, Y and Z by the latest version form:
# https://www.perforce.com/downloads/visual-merge-tool
wget https://cdist2.perforce.com/perforce/rX.Y/bin.linuxZx86_64/p4v.tgz
```
```bash
tar zxvf p4v.tgz
```
```bash
sudo mkdir /opt/p4v
# Replace X, Y and Z by the version in the extracted directory name:
cd p4v-X.Y.Z
sudo mv * /opt/p4v
sudo ln -s /opt/p4v/bin/p4merge /usr/local/bin/p4merge
```
### ~~Postman~~ Insomnia
sudo snap install postman
### Git
sudo apt install git-all
### NVM
wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.2/install.sh
nvm install node
### ZSH
sudo apt install zsh
chsh -s $(which zsh)
sh -c "$(wget -O- https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
sudo apt-get install fonts-powerline
### Docker
sudo apt-get remove docker docker-engine docker.io containerd runc
sudo apt-get update
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
sudo docker run hello-world // run hello-world container to test
### Gnome tweaks
- `sudo apt install gnome-tweaks`
### Gnome shell extensions manager
- `sudo apt install gnome-shell-extensions gnome-shell-extension-manager`
- Open `extension-manager`
- Search and install
- Dash to Panel
- // todo describe configuration
- Date Meny formatter
- // todo describe configuration
- User Themes
### Arc theme
sudo apt install arc-theme
### Peaper icon theme
sudo add-apt-repository -u ppa:snwh/ppa
sudo apt update
sudo apt-get install paper-icon-theme
## Ressources
- [Encrypt Ubuntu in a LUKS container](https://zestedesavoir.com/tutoriels/1653/installer-un-ubuntu-chiffre-avec-luks-lvm-et-un-partitionnement-personnalise/#1-important-pour-ubuntu-18-04-et-suivants)
- [Top Things to Do After Installing Ubuntu 22.04 LTS](https://ubuntuhandbook.org/index.php/2022/04/things-to-do-ubuntu-22-04/)
- [Things to do After Installing Ubuntu 22.04](https://itsfoss.com/things-to-do-after-installing-ubuntu-22-04/)
- [How to boot from USB using GRUB](https://linuxhint.com/boot-usb-using-grub/)