I have just installed Ubuntu side-by-side to a Windows 10 partition shipped on a new laptop.
Meaning, the laptop shipped with Windows 10, and I installed Ubuntu alongside the Windows partition using an Ubuntu Desktop installation ISO through a flash drive.
Now every time I boot into the Windows boot manager, BitLocker wants me to enter the long BitLocker recovery key. A few questions ―
- Why actually is BitLocker affected by the new boot loader set up by Ubuntu? a naive thought would be that the BitLocker decryption key is stored on the motherboard TPM, and isn't affected by a new boot loader installation, and that is probably true as otherwise Windows would no longer be able to read its own files. So why is BitLocker even requiring the recovery key now?
- The Ubuntu side-by-side install said something about fiddling boot protection, but it remains elusive whether that's related to the TPM or a separate security mechanism.
- The Ubuntu installer even asked for a pass-phrase that should help re-establish secure boot, but I was not prompted to use it anywhere after booting with neither the Ubuntu nor the Windows boot loaders, after the install.
- How do I make BitLocker trustful again? in Windows 10, I only see an option to disable disk encryption altogether, but am not sure why can't it just keep going.
- Turning encryption off and then on (in Windows) seems like an overkill and I've no idea, whether it will scramble my Ubuntu partition while at it.
In Windows, after supplying the recovery key, I can see that device encryption is on. So my understanding is that my Windows partition is still decrypting its own files, whereas my Ubuntu partition isn't asking the TPM to encrypt its files when writing them nor decrypt them when reading them.