How to enable BitLocker when booting Windows 10 from a non-Microsoft boot manager?

Question

My setup

I have ThinkPad P1 Gen 3 laptop and want it to dual boot Linux and Windows 10. For that I want to use a boot manager supporting both Linux and Windows; currently I'm using rEFInd. I also want to have Secure Boot on and have my Windows drive encrypted using BitLocker.

The problem: BitLocker doesn't work

The problem is I cannot encrypt my drive using BitLocker. When I boot Windows using rEFInd BitLocker doesn't work. I identified that it gets disabled, because PCR7 binding is not possible - in System Information it says:

PCR7 Configuration: Binding Not Possible

Device Encryption Support: Reasons for failed automatic device encryption: PCR7 binding is not supported; Un-allowed DMA capable bus/device(s) detected

All that seems to be related to Trusted Platform Module (TPM) somehow, but I'm still reading more about this subject, which is new to me.

On the other hand when I boot Windows directly from UEFI entry, omitting rEFInd, PCR7 binding is possible and BitLocker works fine.

I tested other boot managers supporting Linux, e.g. systemd-boot, and the problem was the same. So the problem is not unique to rEFInd, but to any boot manager that's not Windows Boot Manager ran directly by UEFI.

Question

Why is PCR7 binding not possible when booting Windows from other boot manager? How can I fix that?

Answer 1

Why is PCR7 binding not possible when booting Windows from other boot manager?

PCR7 is the register which logs all Secure Boot parameters – the full contents of PK/KEK/db, as well as the specific certificates used to validate each boot application (i.e. rEFInd, Bootmgfw, Winload.efi).

BitLocker appears to have a deliberate restriction that it will only bind to PCR7 if its value indicates that the entire boot chain is signed exclusively using Microsoft's "Windows Production PCA" certificates. It will refuse if something along the way (e.g. rEFInd or other third-party bootloader) was signed using a different certificate, even if that other certificate is trusted by your UEFI configuration.

This is most likely meant to isolate operating systems in a dual-boot environment, e.g. prevent someone from simply rebooting into arbitrary unsecured Linux via Shim and gaining access to your Windows files that way.

(Note: BitLocker's PCR7 usage does not prevent you from having custom certificates installed in PK, KEK, or db – it's okay to have a custom-keyed Secure Boot setup for Linux purposes, as long as those custom db entries don't participate in the Windows boot process.)

Of course, if Secure Boot is off and rEFInd wasn't signed at all, then PCR7 has no useful information in the first place and cannot be used.

How can I fix that?

If you are using the "Device Encryption" feature (Windows 10 Home/Pro), you cannot avoid this – this trimmed-down version of BitLocker always requires Secure Boot and TPM PCR7 usage.

If you are using the full version of BitLocker (Windows 10 Pro only), all of this doesn't prevent BitLocker from using the TPM in general – it can still use the alternative method of binding to PCR0/2/4/11 (PCR4 is the register containing the exact hashes of boot files). The problem is that PCR0/2/4 usage is slightly more fragile and tends to result in Recovery Key prompts more often. For example, every time you update Shim or rEFInd, the PCR4 value will change and you will need the recovery key.

Finally, usage of the TPM isn't actually mandatory for BitLocker. If it's causing too many problems, there is a Group Policy setting and a manage-bde command which will allow you to use a basic password-based protector instead. (Again, this only works with the full BitLocker in Windows Pro.)

(Note: If you enable BitLocker with PCR7 binding active, then reboot via rEFInd so that PCR7 is now unusable, you will be prompted for a recovery key and BitLocker will automatically re-bind against PCR0/2/4/11 instead. And vice versa, rebooting from UEFI menu directly into Windows will cause BitLocker to try re-binding against PCR7 after the recovery key is input.)

My suggestion: Just always use the firmware-provided UEFI boot menu to select your OS. If it's ugly or inconvenient, then use the "BootNext" feature via efibootmgr --boot-next or bcdedit.exe /bootsequence to directly boot into the requested OS. (This even allows you to have "Linux" as a Windows desktop shortcut, for example.)

I think BitLocker isn't limited to encrypting the whole disk.

BitLocker in "Software encryption" mode never encrypts the whole disk – it encrypts the Windows partition, exactly like one would use LUKS to encrypt their Linux partition.

All other partitions remain unaffected. In particular, because UEFI firmware generally doesn't have built-in BitLocker support, the "EFI System Partition" has to remain unencrypted.

Is it possible to use two UEFI partitions?

Yes, but 1) you don't need to, 2) it won't really help you. There is no difference between using two partitions, and putting both Windows and Linux boot files in the same partition – only the files themselves matter at all.

Answer 2

I have a dual boot laptop, UEFI with secure boot, Ubuntu with LUKS and Windows 10 Pro with Bitlocker. The downside of my installation is that I don't use the TPM module and have to type in a password to unlock bitlocker. I don't remember the exact steps, I believe I followed the standard procedure for dual boot without Bitlocker, then enabled Bitlocker afterwards. I have no idea what a PCR7 binding is. I use Grub2 as boot manager.

EDIT: Just remembered that I followed this guide: Mike Kasberg - How to Dual-Boot Ubuntu 20.04 and Windows 10 with Encryption

Answer 3

I had the same issue, and was linked to @u1686_grawity's answer from the Arch Linux forums. It explains the situation very well, and because of that I was able to figure out a way around this, at least for Windows 11 Pro.

I currently have a dual-boot Arch Linux/Windows 11 system using rEFInd with Secure Boot enabled and BitLocker working correctly, as well as LVM on LUKS encryption for my Arch install.

The trick is to force BitLocker to separate itself from Secure Boot, and restrict its use of the TPM, disallowing BitLocker from using PCR 7 or ANY PCR that gets changed by rEFInd or your other OS.

I'm not going to deny that there are potential security implications here in terms of weakening Windows's ability to detect tampering of the system, and I probably wouldn't employ this in a corporate setting, but for my home system it's Good Enough™ for me.

First, you have to start with BitLocker fully disabled, and clear your TPM through Windows. Then open up the Group Policy Editor (gpedit.msc) and navigate to Computer Configuration -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Operating System Drives

• Disable the policy "Allow Secure Boot for integrity verification".
• Enable the policy "Configure TPM platform validation profile for native UEFI firmware"
• Untick all of the PCRs except for 11: BitLocker Access Control.

You may wish to look carefully at some of them to keep enabled, such as the first two that check the firmware (warning: firmware upgrades will trigger BitLocker Recovery mode if you don't suspend it first before updating). I can tell you from personal experience that 4 and 7 both have to be disabled, though.

Close the Group Policy Editor, reboot, and BitLocker should work normally even if chain-loaded through a different bootloader such as rEFInd.

I know this answer is a bit late, considering how long ago it was asked, but I hope it helps somebody. I spent the previous week figuring this all out myself as well as installing both OSes on my new hardware. Cheers!