I recently created a HD for dual boot Win 11 and Pop Os. I created a shared partition for Data, and separate partitions for the respective OS. I used gParted to create the partitions. It looks like Win then added bitlocker to this data partition.

(It’s not really encrypted, I guess, because I didn’t create a microsoft account, and didn’t receive a recovery key)

So now I can’t access that partition when booted into Pop OS without entering a password (which I don’t have).

I’m wondering a couple of things: what’s the best practice in these scenarios? Have the shared data drive not be encrypted with Bitlocker? If so, is there something else that should be done for security purposes? If not, it looks like using Dislocker is a common solution to access the drive in Linux?

  • ITeeTechMonkey@lemmy.world
    link
    fedilink
    arrow-up
    6
    ·
    10 months ago

    If you don’t need/want Bitlocker simply boot into Windows go into the bitlocker settings and turn off bitlocker (dont use suspend as bitlocker will be re-enabled the next time you boot into Windows). You will need to wait for Bitlocker to decrypt before shutting down - there will be a small status window that appears showing the progress and it shouldn’t take too long.

    • speck@kbin.socialOP
      link
      fedilink
      arrow-up
      2
      ·
      10 months ago

      Thank you! I think part of what I’m curious to hear input on is whether I should disable bitlocker for that shared data partition. Any thoughts? Is it a best practice to have it on?

      • ITeeTechMonkey@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        10 months ago

        If you keep Bitlocker enabled on that partition you will have to enter the recovery key everytime you boot into your Linux partition. Since you don’t have that key backed up you’ll need to turn it off and then re-enable it if you wish to continue to use Bitlocker.

        If you manually enable bitlocker you will be prompted to back up the key with a few different options: to a file (but if I recall you’ll need to save the file to a drive that isn’t be encrypted by Bitlocker) or to a Microsoft account.

        To answer your question regarding best practice, Full Disk Encryption is best practice. Now to achieve that in Windows you use Bitlocker, Linux there is Luks, and macOS has filevault.

        If your machine isn’t going anywhere outside your home then it’s not as big of a deal if the drive isn’t encrypted.

        Regarding your situation FDE is going to be a bit of a pain whether you use Bitlocker or Luks. I suggest using db2’s suggestion and run a VM creating a shared folder between host and guest. Then you can encrypt the entire drive using the best encryption tool for the host OS (which I suggest be Linux).

        Edit: Replaced the ‘b’ with a space between “db2’s” and “suggestion”

        • speck@kbin.socialOP
          link
          fedilink
          arrow-up
          2
          ·
          10 months ago

          I appreciate the additional info. Since I want to make Linux primary (one of my two main points in this little project is getting familiar with Linux!), I’ll look into Luks for that partition

          The db2 / vm suggestion is a little over my head, currently, but I’ll research that as well!

          • BunnyKnuckles@startrek.website
            link
            fedilink
            arrow-up
            1
            ·
            10 months ago

            Also, bitlocker is not the only disk encryption software for Windows. It’s just the built in one. If you wanted, you could use something like Veracrypt which is open source and will play nicely with all your OSes.