Encrypting TUXEDO OS in a Dual Boot Scenario - TUXEDO Computers

How to Encrypt TUXEDO OS in Dual Boot – Find Out in This Article

Guided Encryption of TUXEDO OS

Recently, we explained in an article how to encrypt TUXEDO OS during installation using the Calamares installer with LUKS2. If you choose encryption at the beginning of the installation, we will guide you through the individual steps.

However, due to technical reasons, this guided method is not suitable for encrypting two operating systems on a single storage device, as the guided encryption occupies the entire storage medium. To encrypt multiple distributions on one device, you will need to configure it manually. It doesn’t matter whether the other system is Windows or another Linux distribution. However, if it is Windows, you must install and encrypt it first if needed.

In this article, we present two possible ways to encrypt two operating systems. Whether you choose X11 or Wayland as your session type in Linux is entirely up to you.

Encrypting Two Distributions on the Same Storage Medium

To encrypt two operating systems or distributions on the same storage medium, start the TUXEDO OS installer and do not select the Encrypted Installation option. Instead, choose Standard Installation.

Here, confirm or select your desired language. In the next step, you will reach the partitioning section, where you need to choose Manual Partitioning.

In the next window, you will see the available storage size at the top and various options at the bottom. Here, the option New Partition Table at the bottom left is of interest.

Click New Partition Table at the bottom left and, in the following window, select GUID Partition Table (GPT) for a UEFI-based installation. The Master Boot Record (MBR) option is for the outdated Legacy BIOS.

In the next window, click Free Space at the top and then Create at the bottom to open the partition creation menu.

Partitioning the Storage Medium

In the following steps, you will split your storage medium into multiple partitions. You need at least three partitions for an encrypted installation:

/boot

• Remains unencrypted and must be at least 2 GB in size. This partition contains everything needed for system boot, including the kernel.

/boot/efi

• Also remains unencrypted. This is the mount point for the EFI System Partition (ESP) on UEFI systems. The file system must be either FAT32 or FAT16, where FAT32 is preferred.

/

• The root partition, where the system will be installed. This partition will be encrypted.

Additionally, you can create partitions for Home, Swap, or other sections of the Filesystem Hierarchy Standard (FHS). However, in this article, we will stick to the standard setup.

In the partition creation menu, first create the boot partition. Set Size to 2048 MIB, select Ext4 as the File System. The mount point is /boot, a flag is necessary for /boot.

Clicking OK confirms the setup, and the new partition will appear, showing the remaining free space below. Next, create the /boot/efi partition, which only needs to be created once and can be used for additional distributions. 300 MB is sufficient for its size. Select FAT32 as the file system and don’t forget to check the bootable flag.

Using the same method, create the root partition. Keep the default Ext4 file system or select another one such as XFS or Btrfs if needed. Below the file system selection, check Encrypt, enter a secure password and repeat it. Use / as the Mount Point. No flags need to be set for the root partition.

This completes the partitioning setup for an encrypted TUXEDO OS installation. If you want additional partitions, create them using the same method.

Once all the desired partitions for TUXEDO OS are set up, proceed with the installation. Before finalizing, you will see a summary of the steps to be performed. If everything looks correct, start the installation process.

After a few minutes, the installation will be complete, and the system will first ask for your encryption password. Then, the boot process starts, during which you will have to enter your user password before reaching the desktop environment.

Dual Boot with Another Distribution

To install an additional distribution for a dual-boot system, launch the installer of the respective distribution from the live medium. If using Calamares, follow the same process as for the first installation, but do not create /boot/efi again. Also, skip creating a new partition table, as this would erase the existing partitioning.

Other installers may have their own encryption setup instructions. A detailed guide for Ubuntu can be found here. If the installer does not offer encryption options, you can set it up manually following this guide.

Encrypting Two Distributions on two Single Storage Media

Another way to encrypt two operating systems is, to installe them encrypted each on their own SSD/NVMe drive. For TUXEDO OS you can then use the guided apprach mentioned in the beginning. For the other OS you have to use whatever encryption method they use. One one hand this approach simplifies the partitioning, on the other hand it can make it harder to switch from one OS to the other.

To do so without configuration, you can go into the BIOS/UEFI and choose, which OS to boot. If you want more comfort, you will have to configure a bootloader such as GRUB to offer both OS to choose at startup.