I dual boot W10 and Ubuntu Mate, separate NVME. I have a number of other drives on my computer that I use, (or intended to use) exclusively on Mate. Windows system folders are creeping their way onto some of those drives in addition to, I’ve had to take permissions back from folders on the drive as in Mate I only had read only access.
I don’t want windows to even know these drives exist. I know you can tell Windows to “ignore the drive” but for my tin hat, curious if there is a way to do it in linux. if possible I would like to avoid encryption but if that’s the only solution I will explore it.
Well… When linux is not running, it simply doesn’t exist for Win.
What can be done hmm… As you mentioned disk encryption, you can try to use a file system that Win doesn’t support.
Maybe disable drives in BIOS before booting Win.
A hardware encryptor for hdd, though I doubt you’d want to play around with it.
Power switch per hdd… Before starting Win, you will turn off the power to the hdd so that Win cannot physically touch it.
That’s weird. Then again, it has been a while since I last dual booted with Windows (or even installed Windows on my machine). If they are on separate drives, this should be even less of an issue. Never had a similar issue, even when both operating systems where on the same drive. You sure your Windows install is not infected with malware or something? Is Windows configured not to touch your other drive?
i have 6 drive setup.
1 drive has kali
1 windows
4 have ntfs file system.
when i boot windows it sees all 5 drives from windows with 1 boot and 4 spare.
the linux drive while it does show up in disk managment doesnt have a drive letter assigned so doesn’t show up as accessible to windows.
if i boot into linux all drives show up but only the system is mounted. the other 5 drives i have to enter a password (normal behaviour) to mount then access.
so i would suggest you just dismount them from windows via removing there drive letters. via disk managment tools in windows.
windows will try to do things like create a recycler and system folder on any drive it sees.
it will also try to regularly defrag your data drives when your system is idle.
this is typical as windows auto mounts any drive with a valid drive letter and readable file system.
Well, a more civilized way instead of unplugging the cable from the hdd. Although I would absolutely not treat it as a hot-swap.
Nvme … here I would rather look for a high shelf with hot-swap or something because it’s easy to hurt the chip here if someone starts playing with the physical disconnection of the interface.
But there are a lot of hot-swap nvme solutions on the market, so there is no problem. Worse if we really want to have a nice button to disconnect. But here, anyway, we would be talking about something other than one nvme on the motherboard.
But this or a similar solution might be what the OP wanted in the form of physically disabling hdds.
You work on linux and want to switch to Win? Instead of reboot, I would give shutdown, wait for the pc to turn off, then press the buttons from hdd and finally power on and boot to Win. Simple and uncomplicated and the drive will not fall victim to anything because it sleeps without power.
Are they NTFS or FAT-based? Because you should probably be using a better filesystem anyway.
Windows doesn’t know how to interact with btrfs, ext4, zfs, or any other good filesystem, so it can’t put system files on there. It can only access Fat32, exfat, and ntfs filesystems.
Unless winbtrfs, OpenZFS on Windows, or something similar is installed. Not that I am saying that you should, given the maturity level these types of projects are at.
HW Encryption is such a good idea right up until the point you realise you have lost the key and therefore all data ever stored on that drive.
Especially if you have inherited drives this sucks, I remember building a new system, putting my 3 HW encrypted drives in the new system, selling the old one and only THEN realising the HW keys were stored in the motherboard of the old system. Awesome! Luckily these were just secondary game drives back in the day when 100 GB was a big drive.
Bricked your system during a BIOS update? Well crap. There goes all the data. Again.
Anyway, if you want Windows to ignore your drives make a small NTFS partition of 256 MB or so and then make the rest ext4 or whatever filesystem you consider better than ext4. Then Windows will not even pick up on that.
This is my biggest concern, I’ve never had luck trying to figure out how to “take ownership” of a drive/files after I’ve had to migrate. This is the LVM encryption right? If there is a ELI2 tutorial that’d be great. I think this would be most idea for my tin hat but I have a concern on personal execution.
Between btrfs and ext4 for a single drive setup, which do you think is better.
Is there a way to add encryption to an OS drive without reinstalling the OS?
I think everyone’s kind of missing the point here.
If you don’t want your drives to discovered at all, there is an option in diskpart to disable automatic drive mounting, this stops all physical mounting of //physicaldrive/ unless called manually. This lives with persistence through a reboot/shutdown.
diskpart automount disable
you can scrub(delete) any previously existing automounted drive(s)/medium(s) with diskpart automount scrub
this doesn’t wipe any manage-bde information for bitlocker or encryption, but stops windows from automatically mounting any mediums. So you will have to mount manually, but if you’re large into security like you’re wanting to do with FDE/SED then this shouldn’t be a hard task for you.
Noting that you can prevent windows from mounting using disk management tools or using a file system that Windows doesn’t natively support are all very good viable options.
If we pivot to, I had the biggest tin hat on that they were after me. They could still find a way to access those drives at which point encryption is the best option. Do you agree?
I snuck in about a year ago, they let me stay. They’re nice.
Encryption is good, but it is not impossible to bypass, I won’t go into it too much but if you want to use FDE to secure your data it’s a good idea. Generally, nobody will come after your drives. If windows attempted to list physical disks with the drive encrypted, it would show a volume - but require the key.
You’re probably safe with just disabling automount in Windows, but if you feel safer with encryption, then encrypt your NVMe for Ubuntu.
Although I would absolutely not treat it as a hot-swap.
