How To Mount BitLocker-Encrypted Windows Partitions On Linux

BitLocker Linux Dislocker

This is a guide on how to access a BitLocker-encrypted Windows volume from Linux, useful in cases of dual-booting Windows 10, 8 or 7, and a Linux distribution. It covers how to decrypt and mount the BitLocker partition from the command line, as well as how to add it to /etc/fstab, so it's automatically mounted on boot.

BitLocker is the logical volume encryption system included with Microsoft Windows. BitLocker is available in the Pro and Enterprise editions of Windows 10, 8, and 8.1, as well as in the Education editions of Windows 10. It's also available for the older Windows 7 and Vista Ultimate and Enterprise.

To decrypt and mount BitLocker volumes we'll use Dislocker, a tool for reading BitLocker encrypted partitions on Linux and macOS. Dislocker features read/write support for BitLocker encrypted partitions on Windows 10, 8.1, 8, 7 and Vista (AES-CBC, AES-XTS, 128 or 256 bits, with or without the Elephant diffuser). It also supports BitLocker-To-Go encrypted partitions (USB/FAT32 partitions).

1. Install Dislocker

  • Debian, Ubuntu (starting with Ubuntu 18.04), Linux Mint (starting with Linux Mint 19), elementary OS (5.0 Juno +), and other Debian or Ubuntu based Linux distributions:
sudo apt install dislocker

There's also a Dislocker PPA for Ubuntu 16.04 and 14.04 / Linux Mint 18.x and 17.x.

  • Fedora:
sudo dnf install dislocker

On other Linux distributions search for Dislocker in the repositories. You may be able to find user-created packages as well, like this Arch Linux AUR package. There's also the option of building it from source.

2. Create two folders for decrypting and mounting the BitLocker-encrypted Windows partition

sudo mkdir -p /media/bitlocker
sudo mkdir -p /media/bitlockermount

3. Identify the partition that's encrypted using BitLocker

You can use sudo fdisk -l and lsblk to see all the available partitions from the command line - you'll have to figure out which uses BitLocker encryption.

Or, you could use GParted, which shows bitlocker in the File System columns for BitLocker-encrypted partitions, so it's very easy to see the partition you're looking for:

Bitlocker partition GParted

As shown in the screenshot, in my case the BitLocker-encrypted partition is /dev/sdb2.

4. Decrypt and mount the BitLocker-encrypted partition on Linux

The first command decrypts the BitLocker-encrypted filesystem, and the second command mounts it to /media/bitlockermount:

sudo dislocker <partition> -u<password> -- /media/bitlocker

sudo mount -o loop /media/bitlocker/dislocker-file /media/bitlockermount

Replace <partition> with the partition that uses BitLocker encryption (for example /dev/sda1, /dev/sdb2, etc.) which you identified in step 3, and <password> with the user password for that BitLocker volume. You can add -r to both commands to decrypt and mount it as read-only.

Instead of the user password (-u PASSWORD), you could also decrypt the BitLocker volume using the recovery password (-p PASSWORD), using a clear key (-c) or using the BEK file (-f BEKFILE).

You should now be able to access your Windows BitLocker-encrypted volume from your Linux desktop. It should show up in your file manager, be available in the save as dialogs, and so on. A note that using Nautilus, you may see an extra bitlocker (/media/bitlocker) volume - ignore it. You'll find your files in /media/bitlockermount, and not /media/bitlocker:

Dislocker BitLocker Nautilus

Encryption-related:


Optionally mount the BitLocker-encrypted partition on boot by adding it to /etc/fstab


If you want to have the BitLocker encrypted volume automatically mounted on boot, the Dislocker README has an example for mounting a BitLocker partition using /etc/fstab (though incomplete - it didn't have the dislocker-file line, which I added):

<partition> /media/bitlocker fuse.dislocker user-password=<password>,nofail 0 0

/media/bitlocker/dislocker-file /media/bitlockermount auto nofail 0 0

Replace <partition> with the BitLocker partition (e.g. /dev/sdb2), and <password> with the user password. You may use recovery-password instead of user-password. I assume there's also the option of authenticating this with a BEK file (bekfile option), though this is not specified in the documentation.

You'll need to add these two lines (modified as mentioned above) to your /etc/fstab file if you want to have the BitLocker-encrypted partition automatically mounted on boot. Be careful when editing the fstab file as it can easily cause your system not to boot! It's probably best to try the manual steps before adding this to your fstab file.

You can edit /etc/fstab with a console text editor, like Nano:

sudo nano /etc/fstab

Paste those two modified lines at the bottom, save and exit Nano (use Ctrl + O, Enter to save, then Ctrl + X to exit), and reboot your system to try it out.