Dual boot and security

Hello,
I want to give Fedora a chance and dual boot it with windows. The problem is that most of tutorials say I should disable secure boot and bitlocker. This would worsen security on windows, but ensure better compatibility. Do you think I should disable them?

I dual boot Fedora and Win. Secure boot works 100% no problem. You don’t need to disable secure boot. Make sure your installer is UEFI installer.

I never could get Bitlocker to work with dual-boot, but only spent a couple hours on it. Win/Bitlocker always freaked out and wanted the recovery code. I ended up just using Veracrypt, which is disappointing.

If we’re lucky someone will come along with a link or instructions for getting Bitlocker to work with dual/multi boot.

If you just want to test it out you can also consider using a VM. That might be easier.

1 Like

Windows will be encrypted with this setup, but will the Linux partition be? Also, I would rather not use proprietary Bitlocker encryption on Linux partition if it is possible to use LUKS or something like BTRFS encryption on that partition. Ideally, LUKS would be used on Linux with Bitlocker on Windows, but I’m wondering whether that’s possible on a single drive

I just remembered rhat you only ever need to disable SecureBoot if you are using an Nvidia GPU. So if you are on an AMD or Intel GPU, leave it on.

If you are ok with having bad GPU performance (by using the open source driver noveau), you could also leave it on and not use the proprietary drivers.

I have a vague recollection that at least some distros have solved this problem. At least Ubuntu has and it seems there is a not-too-difficult manual process to achieve the same in Fedora

1 Like

I never needed to do anything on Fedora and Ubuntu.

I only time I had to modify files was when I tried to manually sign the kernel on my laptop with Nvidia GPU. I tried it just once but since Fedora updates their kernel somewhat frequently, it became a chore.

I also tried to use Linux Mint Cinnamon “Edge”. They made you add a temporary password during install, reboot the system and enroll the MOK key to SecureBoot. I would have probably sticked with Mint if it had wayland support.