Dual booting + Virtualizing Windows under Arch (with Bitlocker)

So I got a new machine at work and am free to set it up how I see fit.
While I daily drive Linux, I like having a dual-boot of Windows just in case a customer requires specific software on the spot, which only runs on Windows (not unheard of sadly).

In an ideal world I’d like the following setup:

  • Dual booting Windows and Arch
  • Having the installed Windows also run as a VM under Arch i.e. I’d like to use the windows installation both as a VM and as a directly bootable OS
  • If at all possible I’d like to have this all working with Bitlocker and some form of FDE for Arch too. Arch FDE should be easy, but I’m not sure Bitlocker will play nicely with dual boot, and I have no idea on whether running it in a VM will be possible like that at all.

If any of you know whether what I’m looking for is achievable that would really help! I’m not super optimistic that it’s doable, but I figured if there’s people who know how, I’ll find them here haha!

I can’t speak for Arch, but I’m running dual boot Ubuntu LUKS and Windows 11 Bitlocker (TPM and Secure Boot) without any issues. The only quirk with running dual boot Bitlocker is you’ll have to use the BIOS’s boot select screen (typically F12) to choose the Windows EFI entry. If you try to boot Windows from grub BitLocker will fail and prompt for your recovery key every time.

This is the guide I followed which includes important partitioning details

1 Like

Thanks!
I don’t really mind booting via F12 selection, since I (hopefully) will only use windows quite rarely!
I guess if I want to then boot the windows installation as a VM I’ll have to supply the recovery key every time, no?

Edit: I’m not sure you can point a VM’s storage toward a partition on a physical disk. Additionally I think drivers will be a mess if you could get it working.

There really isn’t a need to use Bitlocker if the Windows VM is being stored on a LUKS encrypted volume. But to answer your question, no it’s not going to ask for a recovery key every time since the VM won’t be using TPM. You’ll actually have to set a Bitlocker group policy setting to even enable Bitlocker without TPM.

Sorry, I just re-read this and understand what you’re asking now. I’ve never heard of anyone attempting to do this.

Well I’ve seen it done, and have done it in the past under Ubuntu.
For reference here’s someone mentioning some basic steps in Stackoverflow.
I just haven’t tried it with Bitlocker, and back then I only got it working with separate disks (which isn’t an option now as my employ er only supplies a laptop without expansion options).

I find it interesting there isn’t much out there. Seems to useful to me. Using windows natively for more involved tasks, but if you just need a few basics you can just run a VM for a few minutes.

I had a similar setup with Manjaro and W10. I was doing GPU + PCI-E USB card + 1 SATA SSD passthrough to the Windows VM, while booting and running Manjaro off of a M.2 NVME SSD. I could reboot and choose to boot into Windows from GRUB and it would work fine. As in, it was just “preparing devices” every time I switched between running windows as a VM and directly on the host, but other than that, it was pretty much flawless.

I was using a Pentium G4560 and a MSI B250M Pro-VH. So I know for a fact that this can passthrough individual SATA ports / devices to a VM.

What do you have? You might not need PCI-E passthrough if you don’t need direct input and output (as in, using a separate kb+mouse and having a separate display, or at least a different display input on your monitor). But the only thing I think you will need is being able to pass a SATA port / drive, or alternatively a M.2 PCI-E passthrough.

Its a Dell Precision workstation. Basically the XPS-15 equivalent.
I hope I can get it working without too much passthrough, since it’s a Laptop and that would be annoying.
It has Thunderbolt and everything so technically that should still be possible somehow, but I’d prefer not having to run around with dongles when on the go.

So, if you don’t need a GPU and dedicated peripherals, hopefully you can give it a sata drive to the VM and be ready to go. You can just install Windows on the drive, get all its drivers, then when you create a VM under arch, main disk will be the physical disk and not a virtio or virtual scsi drive.