I’ve been writing about how to dual-boot Ubuntu and Windows with encryption for a long time. I first wrote about it back in 2020, where I described a four-part process with 19 total steps to get dual-boot working with encryption. The process was very complicated, involving manual setup of LUKS. In Ubuntu 24.04, the process got significantly easier due to a quirk in the installer that allowed you to select both the dual-boot and the LUKS encryption options in the new Ubuntu installer GUI. Now, in Ubuntu 25.04+, the GUI installer has full support for installing Ubuntu alongside windows with encryption!

Instructions (Tl;dr)

Installing Ubuntu 25.04+ with dual-boot encryption is very easy because the Ubuntu GUI installer now has built-in support for doing so!

1. Windows should already be installed, and BitLocker should be disabled.

2. Run the Ubuntu installer. Go through the initial installer screens to choose your language and set up internet access. Choose an interactive install process, and select the software you want to install as you continue through the installer wizard.

3. When you get to the “How do you want to install Ubuntu?” screen, choose to “Install Ubuntu alongside Windows Boot Manager”.

   

4. When choosing “Encryption and file system”, choose to “Encrypt with a passphrase” (using LUKS and LVM).

   

5. Finish the installer, completing the steps to choose a password and setup your user account. Here’s what my summary screen looks like at the end.

   

6. After Ubuntu finishes installing, you have an encrypted Ubuntu partition. Boot into Windows and enable BitLocker to encrypt the Windows partition.

That’s it! Congratulations, you have a dual-boot system where Ubuntu is encrypted with LVM (LUKS) and Windows is encrypted with BitLocker. It’s awesome that in Ubuntu 25.04+, the GUI installer includes the option to set up dual boot and simultaneously encrypt the Ubuntu partition with LUKS – this is much less tedious than it used to be, and I’m grateful for the work of everyone who contributed to the new Ubuntu installer!

Important Notes

The process is really straight-forward since the Ubuntu installer does all the hard parts. Still, there are a few places you might get stuck along the way. Hopefully these notes help.

• As with any new OS installation, you should back up any important data before proceeding. These instructions will modify partitions on your hard disk and could result in data loss. Proceed at your own risk; I’m not responsible for any damage or data loss.
• Your BIOS must be configured to boot with UEFI.
• Windows BitLocker should be turned off when Ubuntu is installed. The primary reason for this is the Ubuntu installer can’t shrink an encrypted Windows partition.
• When you enable BitLocker, make sure you save your BitLocker recovery key before rebooting, and consider selecting the checkbox to test BitLocker when setting it up. There’s a chance your boot sequence will prevent BitLocker from automatically unlocking the drive and you’ll need the recovery key.
• If BitLocker repeatedly requires the recovery key after rebooting (or fails to the system test before starting encryption), try booting directly into Windows from your UEFI BIOS boot menu (e.g. on a Dell, hit F12 during boot to bring up the boot menu) rather than using Ubuntu’s Grub bootloader when booting Windows. Inserting Grub into the boot sequence can mess with BitLocker.
• If you’re using your BIOS (rather than Grub) to boot Windows, you should also be able to adjust the boot order in your BIOS if you prefer to boot Windows by default.
• Likewise, if you expect Grub to be the default and it is not, you should be able to configure that in your UEFI BIOS settings.
• If you want to access the Windows BitLocker drive from Linux, this should be possible with the recovery key.

Additional Details

If you’re comfortable with all the above, you might not need any additional information. But I think the details below will help some people who either need additional help with some steps, or are curious about some of the more advanced details.

BIOS Setup

Before starting, ensure your computer is running the latest BIOS available. This is important because an out-of-date BIOS can have bugs, and those bugs sometimes affect things like UEFI, non-Windows operating systems, or other components we’ll be touching.

You should also ensure your BIOS Boot List Option is set to UEFI. While you’re looking at BIOS settings, it’s worth noting that TPM Security is required for BitLocker in Windows.

Installing Windows

If Windows is already installed, just do the steps outlined above. The Ubuntu installer is capable of shrinking the Windows partition, and I’d recommend you just let it do so.

If Windows isn’t installed, you should install Windows first. Leaving extra space on the hard drive for Linux would be fine, but for simplicity I think it’s easiest to just do a normal Windows install followed by the steps above. The Windows partition will shrink quickly if it’s mostly empty. If you need a Windows USB stick, the easiest way to make one is to use the Windows Media Creation Tool from a computer that’s already running Windows.

Ubuntu USB Stick

The easiest way to make a bootable Ubuntu USB stick is to download the ISO and use the Startup Disk Creator on a computer that’s already running Ubuntu. If you don’t already have a computer running Ubuntu, you can use balenaEtcher to flash the image to the USB stick.

Final Partition Scheme

As a reference, here’s the final state of my hard drive after allowing the installer to shrink my Windows partition and installing Ubuntu with LVM and encryption. Note that your partition sizes might be different than mine based on the size of your disk and the way you split it up, but the number of partitions and their types will probably be the same. In the scheme below, partition (3) is C: in Windows. Partitions (2) and (4) are used by Windows. Partition (5) is /boot for Ubuntu and partition (6) is the encrypted LVM partition for Ubuntu.

$ sudo sgdisk --print /dev/sda
Disk /dev/sda: 976773168 sectors, 465.8 GiB
 
Number  Start (sector)    End (sector)  Size       Code  Name
   1            2048         2099199   1024.0 MiB  EF00  EFI
   2         2099200         2131967   16.0 MiB    0C01  Microsoft reserved ...
   3         2131968       157882367   75.2 GiB    0700  Basic data partition
   4       975652864       976771071   546.0 MiB   2700  
   5       157882368       162076671   2.0 GiB     8300
   6       162076672       975652863   387.9 GiB   8300

Why encryption is important

I began using encrypted storage on all my personal computers more than ten years ago after noticing that all the companies I’d worked for required it, and had good reason to. Laptops get lost and stolen all the time. They’re high-value items that are small and easy to carry. And when a thief gets your laptop, there’s tons of valuable information on it that they can use or sell. Even if you use a password to login, it’s easy for an attacker to gain access to your data if your disk isn’t encrypted – for example, by using a live USB stick. And once they have that data, they might get access to online accounts, bank statements, emails, and tons of other data. For me, an encrypted hard disk isn’t optional anymore – it’s a necessity.

Congratulations!

Congratulations, you’ve created a dual-boot system with Ubuntu 25.04 and Windows 11 with all your data encrypted! I hope you found this guide useful! I’m excited to see that full-disk encryption with Ubuntu has become much easier, with full support in the GUI installer since I wrote my original dual-boot with encryption guide back in 2020! I’d love to hear from you if you validate these steps on your own computer (or if you notice any problems with the guide itself). The best way to reach me is on Twitter or via email.