Linux-Windows Vista dual boot with BitLocker and a TPM

Based on my earlier posts, I’ve recently written a whitepaper for Microsoft France on how to build a machine that is capable of dual booting either Linux or Windows Vista when the latter is protected by BitLocker leveraging a TPM chip.

If you understand French, you’ ll find the whitepaper, a webcast where I describe the steps and a video showing all the process and test of the final result on Microsoft’s France interoperability website ( To directly access the file please go to

The video (“Partie2”) is annotated with French callouts but it should be easy to understand even to non French speaking people. Here are the different sequences you can watch (the file embeds markers to jump directly to the different sections) :

0’00”: Linux OpenSuse install

Install Linux

4’28”: GRUB install out of MBR, on the Linux partition; get a copy of Linux boot sector

Install GRUB outside MBR - 1

Install GRUB outside MBR - 2

6’22”: Windows Vista install


Install Windows Vista - choose partition

Install Windows Vista

10’54”: add an entry for Linux/GRUB in Windows Vista Boot Manager, using bcdedit tool


13’11”: boot test with Linux BEFORE enabling BitLocker; NTFS partitions mount

NTFS partition view from Linux BEFORE BitLocker is enabled

15’09”: enable TPM in BIOS

TPM enablement in Dell D820 BIOS

15’32”: BitLocker enablement with TPM from Windows Vista

BitLocker enabling

Save recovery password - BitLocker with TPM

Turn on BitLocker after system check

BitLocker system check OK

BitLocker encryption

22’38”: boot test with Linux AFTER Bitlocker was enabled using a TPM; NTFS partitions mount fails

Partition encrypted by BitLocker not mountable by Linux

24’18”: boot test with Windows VistaAFTER BitLocker was enabled using a TPM; visualize partition with DiskScape tool

Low level view of partition encrypted by BitLocker, with DiskScape

encrypted partition with BitLocker seen in clear through BitLocker filter driver

25’23”: add entry for Boot Manager in GRUB

26’32”: secure startup test launching machine through Boot Manager then GRUB then Boot Manager

Secure startup with BitLocker - modified boot chain

Secure startup with BitLocker - modified boot chain, USB key requested

Secure startup with BitLocker - modified boot chain, recovery password entry

27’20”: secure startup test using a bootable DVD in startup chain

Comments (1)

  1. Anonymous says:

    Mon collègue Cyril Voisin vient de publier un webcast sur la configuration d’un dual boot Linux