Skip to content

Mounting a BitLocker encrypted USB drive on Ubuntu Linux

Jump to bottom
Ramón Casero edited this page Jul 6, 2020 · 2 revisions

We assume that you have a USB drive with an NTFS partition (the typical files system in Windows nowadays) and some data.

Using Windows, you have activated BitLocker encryption on it with the password option, so that when you plug it into Windows, it asks for the password, and after providing it, you see it mounted as an external drive.

There are pros and cons of using BitLocker on an external USB drive.

Pros:

  • BitLocker is integrated with Windows, so if you need to plug your external drive into a new Windows computer, e.g. at a conference, you don't need to install new software (unless the computer is very old).
  • You can activate/deactivate BitLocker encryption on the drive without having to delete and copy your data again.
  • It works both in Linux and Windows.
  • It doesn't seem to slow down reading/writing data from/to the external drive.

Cons:

  • It's proprietary software, so it could have backdoors or other issues.
  • You need to install software and configure it in every Linux machine you want to use.
  • I haven't found a way yet to integrate the mount/umount with the GNOME3 desktop, so you need to mount/umount with the command line.

Set up for Ubuntu Linux 20.04 Focal Fossa

  1. Install dislocker. This is the FUSE driver to read/write BitLocker encrypted partitions. 
    sudo apt install dislocker
  2. Create directories to mount your external drive (we'll use bitlocker to mount the encrypted device, and bitlockermount to access the drive as a virtual NTFS partition), and give them user access 
    cd /media/$USER
sudo mkdir -p bitlocker bitlockermount
sudo chown $USER:$USER bitlocker bitlockermount
  3. Plug in the external drive, and use blkid to find its PARTUUID number. This is better than using its assigned device (e.g. /dev/sda1), because PARTUUID will always be the same, but the assigned devide will change depending on what's plugged into the computer already. You will get something like this: 
    blkid
...
/dev/sda1: TYPE="BitLocker" PARTUUID="00c92103-01"
  4. Find out your uid and gid values. For example, assuming that you are user $USERNAME 
    id
uid=1000($USERNAME) gid=1000($USERNAME) ...
  5. Edit /etc/fstab and add the lines (replacing your own PARTUUID value, $USERNAME, uid and gid) 
    PARTUUID="00c92103-01"  /media/$USERNAME/bitlocker          fuse.dislocker user-password,nofail 0 0
/media/$USERNAME/bitlocker/dislocker-file /media/$USERNAME/bitlockermount auto loop,nofail,uid=1000,gid=1000 0 0
  6. Edit ~/.bashrc to add the following alias lines (here $USER is literal) 
    alias mount-mydrive='sudo mount /media/$USER/bitlocker && sudo mount /media/$USER/bitlockermount'
alias umount-mydrive='sudo umount /media/$USER/bitlockermount && sleep 1s && sudo umount /media/$USER/bitlocker'
  7. Load the new aliases on your terminal 
    source ~/.bashrc
  8. Now you can mount the encrypted external drive with (first password is your sudo password, and it won't be requested if you have used sudo recently; second password is your BitLocker encryption password) 
    mount-mydrive
[sudo] password for $USERNAME: 
Enter the user password: 
FUSE exfat 1.3.0
  9. After mounting, you can access your drive under /media/$USER/bitlockermount.
  10. You can umount your drive with 
    umount-mydrive
Clone this wiki locally