How to mount a BitLocker encrypted Windows partition on Linux

This is a guide on how to access BitLocker-encrypted Windows volumes from Linux, which is useful in the case of dual booting Windows 10, 8 or 7 and Linux distributions. It covers how to decrypt and mount BitLocker partition from the command line, and how to add it to /etc/fstabSo it mounts automatically at boot time.BitLocker It is the logical volume encryption system included with Microsoft Windows. BitLocker is available in Pro and Enterprise editions of Windows 10, 8 and 8.1, as well as in Education Edition of Windows 10. It also works on older Windows 7, Vista Ultimate and Enterprise.
To decrypt and mount the BitLocker volume, we will use Unlocker, A tool for reading BitLocker encrypted partitions on Linux and macOS. Dislocker has read / write support for BitLocker encrypted partitions on Windows 10, 8.1, 8, 7, and Vista (AES-CBC, AES-XTS, 128 or 256-bit, with or without Elephant diffuser). It also supports BitLocker-To-Go encrypted partition (USB / FAT32 partition).1. Install the unlocker

  • Debian, Ubuntu (from Ubuntu 18.04), Linux Mint (from Linux Mint 19), base OS (5.0 Juno +), and other Linux distributions based on Debian or Ubuntu:
sudo apt install dislocker

and also Unlock PPA Available for Ubuntu 16.04 and 14.04 / Linux Mint 18.x and 17.x.

  • Fedora:
sudo dnf install dislocker

In other Linux distributions, search for Dislocker in the repository. You might also find user-created packages like this Arch Linux AUR package. You can also choose Build it From source 2. Create two folders to decrypt and install BitLocker encrypted Windows partition

sudo mkdir -p /media/bitlocker
sudo mkdir -p /media/bitlockermount

3. Identify partitions encrypted with BitLocker
you can use it sudo fdisk -l with lsblk To see all available partitions from the command line-you have to figure out which one is using BitLocker encryption.
Alternatively, you can use GParted, it shows bitlocker In the File System column of the BitLocker encrypted partition, it is easy to see which partition to look for:Bitlocker partition GParted

As the screenshot shows, in my case the BitLocker encrypted partition was /dev/sdb2.4. Decrypt and install BitLocker encrypted partition on Linux
The first command decrypts a BitLocker-encrypted file system, and the second command mounts it to /media/bitlockermount:

sudo dislocker  -u -- /media/bitlocker

sudo mount -o loop /media/bitlocker/dislocker-file /media/bitlockermount

Replace Partitions encrypted using BitLocker (e.g. /dev/sda1, /dev/sdb2Etc.), and The user password for the BitLocker volume. You can add -r Decrypt and install these two commands as read-only.
Instead of user password (-uPASSWORD), You can also use a recovery password (-pPASSWORD), Use the clear key (-c) Or use a BEK file (-f BEKFILE). No space between -u Either -p And password, this is not a typo!
You should now be able to access Windows BitLocker encrypted volumes from your Linux desktop. It should appear in the file manager and be available in the save as dialog, and so on. Note that using Nautilus may see an extra bitlocker (/ media / bitlocker) volume-ignore it. You will find the files in /media/bitlockermountIs not /media/bitlocker:Unlocking BitLocker NautilusEncryption related:

  • How to use VeraCrypt to encrypt USB drives (compatible with Windows, macOS, and Linux)
  • How to encrypt home folder in Ubuntu 18.04

(Optional) Add the BitLocker-encrypted partition to the boot by adding it to the boot /etc/fstab

If you want to automatically mount BitLocker encrypted volumes at startup, use Dislocker Readme There is an example of installing BitLocker partition using /etc/fstab (Although incomplete-it doesn’t have the dislocker-file line I added):

 /media/bitlocker fuse.dislocker user-password=,nofail 0 0

/media/bitlocker/dislocker-file /media/bitlockermount auto nofail 0 0

Replace Use BitLocker partition (for example /dev/sdb2),as well as Use user password. you can use it recovery-password Instead user-password. I assume that there is also the option to use BEK files for authentication (bekfile Option), although not specified in the document.
You need to add these two lines (modified as described above) to your /etc/fstab Select File if you want to automatically mount BitLocker-encrypted partitions at startup. Edit fstab File because it can easily cause the system to fail to boot! Before adding it to the fstab file, it is best to try it manually.
You can edit /etc/fstab Using a console text editor, such as Nano:

sudo nano /etc/fstab

Paste the two modified lines to the bottom, save and exit Nano (use Ctrl + O, Enter Save and then Ctrl + X Exit) and reboot the system to try.


Related Posts