In this post, I will shortly list the steps to install debian using LVM and LUKS alongside a working Windows installation, as a dual boot system.
When you follow the following steps, you will have separate /home, root and swap partitions and all of them will be fully encrypted.
This is tested with debian 9 and Windows 10, 64-bit system with GPT partitioning structure.
- Create a free NTFS partition on your disk for Windows and a free disk space following the Windows partition for your Linux installation. I suggest at least 20G of disk size for Linux root partition. You may use debian live USB/CD and gparted for this purpose.
- Install Windows to the first partition.
- Plug the ethernet cable in and unplug all unnecessary USB disks except the installation one to prevent any mistake during installation and partitioning.
- Boot with a debian USB or compact disk and run the installer.
- Select a language: English
- Select your location: Choose yours.
- Configure locales: Choose yours or choose the US.
- Configure the keyboard: Choose yours.
- Detect network hardware: “Some of your hardware needs non-free firmware files to operate. The firmware can be loaded from removable media, such as a USB stick or floppy. In my case, the missing firmware file was “iwlwifi-7260-17.ucode”. “If you have such media available now, insert it, and continue. Load missing firmware from removable media“: No.
- Detect network hardware: “Some of your hardware needs non-free firmware files to operate. The firmware can be loaded from removable media, such as a USB stick or floppy. In my case, the missing firmware file was “rtl_nic/rtl8411-2.fw”. “If you have such media available now, insert it, and continue. Load missing firmware from removable media“: No.
- Please enter the hostname for this system: Choose yours. This will be the name of your computer and it may be visible on the local area network.
- Please enter the domain name. Choose yours or hit enter.
- Choose a mirror of the Debian archive: Choose yours. Hit enter when it asks you for a proxy if you don’t need one.
- Set up users and passwords: Just hit enter to disable root account.
- A user account will be created for you to use instead of the root account for non-administrative activities. Full name: Choose something or enter yours. Choose a password.
- Partition disks: Manual.
- Create a 500M partition at the beginning of the free disk space. Set its mount point as “/boot”, format it and use it as an ext4 journaling file system (In this guide boot partition will be unencrypted. It is possible to encrypt it and there are some tutorials about it online)
- “Configure encrypted volumes”. Write changes to the disk: Yes.
- “Please select the devices to be encrypted”: Select the free space. Write changes to the disk: Yes. The data will be overwritten: Yes. Erasing data… (This can take a little while)
- Choose a secure encryption passphrase.
- Configure the logical volume manager. Write the current partitioning scheme: Yes.
- Create volume group. Enter a name for volume group, such as “vg”.
- Select encrypted disk (/dev/mapper/sdx_crypt).
- Create a logical volume. Select vg. Give a logical volume name: root. Set its size. My suggestion: At least 20G.
- Create a logical volume. Select vg. Give a logical volume name: home. Set its size… Spare a few gigs for swap, if possible. Typically twice as your RAM size, but nowadays I think 4-8 gigs would be sufficient for most people.
- Create a logical volume. Select vg. Give a logical volume name: swap. Set its size. Give all the remaining space.
- Finish LVM configuration.
- Select LV root and configure it: Use as ext4, mount point /.
- Select LV home and configure it: Use as ext4, mount point /home.
- Select LV swap and configure it: Use as swap area.
- Finish partitioning and write changes to the disk.
- Installing the system… (This can take a while)
That’s it! Stay free & stay safe!
Was this post useful for you? I would be happy to read about it below.
Developing software, offering legal services, and gaming like it’s still the ’90s. LLM Exeter, PhD(c) in Private Int’l Law. Defender of Kaer Morhen.
But Windows partition will be still unencrypted, right?
Yes. Windows installation is unencrypted by default. You can use Bitlocker to have encryption on partition level on Windows, but it is only available in Pro versions.
I think windows need two partitions
Great guide thanks
Thanks for your comment, griffo.
I tried it awhile back but I’m not that familiar with Linux. My goal was to have a dual boot so I could use Windows but when I had time to try to figure out Linux to be able to boot to it for learning purposes. The problem I kept running into was every time id choose windows in Grub, Windows would load, and upon restarting the Windows bootloader would be changed back to being the default at startup and load straight to windows every time. I ended up installing Refind, which worked temporarily, but I forget what happened. Later on there was an issue with Refind. Something where after an update to Windows it stopped working and would go back to the Windows bootloader. Tried installing Refind again as a result but wouldnt work… Anyway, ended up giving up. Windows doesnt like dual boots with other operating systems
Hello John, thanks for your comment and sorry for my late reply, I somehow did not see this comment. I agree that Windows is not a fan of working in a dual-boot system. It assumes that it is the only one that owns the machine. I used to use Refind and it worked perfectly for me. But if you follow my instructions above you should not need to use that. I applied this guide again with Windows 10 and Debian 11.3 yesterday, and it still works. :)
Great guide, worked perfectly, thank you
Thanks for your comment, Antony. I’m glad that it worked for you.
I just wanna know, if I don’t create home partition during the process, will the home directory located in /home/user?
If you don’t specify a partition for /home, it will be created for you in the root partition, and yes, it will be mounted to /home/user.
Hello!
Very clear guide, I’ve been looking for this. Thanks!
May I ask some questions before I actually follow the guide?
1) When booting into Debian, how may times will I have to enter my passphrase? Three times for unlocking root, home and swap respectively? Or just once for all of them in one go?
2) Usually having or not having a separate home partition is a matter of preference. Is it still like that in your guide as well or are there encryption reasons for making home separate in the guide?
Hello Peter, thank you for your comment!
1) You enter your disk decryption password just once. Other than that, you will enter your user password to log in when you see your login screen.
2) You don’t need a separate home partition for encryption.
Hello, I was wondering if this is possible to do with two separate disks.
I have a 256 GB SSD and a 1 TB hard drive, and I was curious if there was any way that I could set up the SSD to dual boot both OS and then partition the hard drive for each storage on each OS. Is this possible to do?
Yes, that’s possible. Just follow the steps above to install both OS to your SSD. You can partition your 1TB disk however you want, just keep in mind that Windows won’t be able to read Linux partitions such as ext4.
2023 and I still use this guide. Thank you very much
simple instructions laid out well