Last update: Oct 2025
Motivation
I got a pretty neat refurbished Surface Laptop and I will use it as my swiss army knife when it comes to troubleshoot computer stuff. I have equipped it with a 2TB SSD.
In short we will do the following:
1. Preparation
– enable Secure Boot
– ensure there are no other boot entries
– boot up a Windows 11 machine and create a specific installation media
2. Installation of Windows 11
– Install/recover Windows from this installation media on the surface laptop
3. Disable drive encryption
– disable Bitlocker or device encryption
4. Adjust partitions
– Boot up Linux to adjust partition layout
– resize windows partition to your desired size. I use 512764 MiB.
– create a 500GB unformatted partition (for linux system)
5. Boot up Kubuntu from installation media and install it
– choose to replace the 500GB linux partition, using BTRFS, encrypt it
6. Security
– enable Bitlocker
Part 1: Preparing
Create a specific Windows 11 recovery media for your Surface Laptop
- Boot up some Windows 11 machine.
- Get yourself a USB drive on which we will install the recovery image.
- In the search box on the taskbar, enter ”recovery drive”, then select ”Create a recovery drive” or ”Recovery Drive”. This creates just a minimal bootable USB drive with about 600MB size.
- Now we need to download the recovery files from https://support.microsoft.com/en-us/surface-recovery-image, because a plain installation from a Windows 11 standard installation drive will fail due to missing drivers. Not even touchpad or mouse will be recognised.
- You will get a file similar to SurfaceLaptop4-AMD_BMR_176020_2025.521.10734482.zip
- Extract the whole zip file contents to the root of your USB recovery drive, while replacing files.
Ensure UEFI is on its latest version
Go into the Surface UEFI (hold volume up button + press power on button once) and check the version under “PC information”. In my case it’s System UEFI version 4.355.140 for a Surface Laptop 4 (AMD). Warning: I have had serious boot-up troubles while being NOT on the latest version. Neither did the machine boot up nor was it possible to get into the UEFI at all. In doubt start your current preinstalled Windows 11 and let Windows Update do the UEFI upgrade for you.
Adjust settings in UEFI
Go into the Surface UEFI (hold volume up button + press power on button once) and make sure:
Security > Secure Boot is enabled
Boot Configuration > there are only entries for Internal Storage, USB Storage and PXE network. If you see others delete them.
Boot Configuration > Boot from USB devices is enabled
Part 2: Install/recover Windows 11
Plug in your USB drive with the recovery image. Go into the Surface UEFI (hold volume up button + press power on button once) and boot from “USB storage” now under Boot Configuration. You have to swipe left with your finger on the item to make it boot from it.
- Choose your language
- Choose recover from a drive
- Choose remove files or clean drive
- Recover
Your system will automatically reboot several times. Finish the initial configuration of Windows 11. Ensure that the partition is not encrypted by Bitlocker.
Hints: If you want to skip the mandatory network part, you can open the shell with Shift + Fn + F10 and type in “oobe\bypassnro” at any time. If you choose a username without a password, you will not be obliged to create an MS account etc.
Our partition layout looks now as follows:
Part 3: Disable drive encryption
In some cases Windows encrypts the drive in the background. For part 3 it is mandatory to remove this encryption temporarily.
The drive encryption is done by Bitlocker or by Device encryption.
Open Bitlocker settings. If Bitlocker is on, turn it off here. If this is not the case, type “device encryption” in the search box and open those settings. We will have to disable it:
Wait until the decryption finished before you continue.
Part 4: Adjust partition layout on Windows or Linux
The Windows way
Open the disk management tool to shrink the partition C. You will be greeted by:
In my case the total size is 1906355 MB. If we shink the partition by 1393591, then we get C partition sized with 512764 MB.
Afterwards we want a partition to install Linux on. Create a new partition with 512764 MB without assigning a drive letter and without formatting.
The Linux way
We assume we have a 2TB drive /dev/nvme0n1. We need to boot up some live Linux like Ubuntu to change the partition layout while using the GUI partition tool called gparted. Type in the terminal: “sudo gparted”.
- Resize your Windows partition (/dev/nvme0n1p3) from 1,8TB to 512764 MiB. Thats exactly 500 GB if you check the Windows Explorer later.
- Create a new partition (/dev/nvme0n1p4) with 500 GB for Linux.
- Apply changes.
Part 5: Install Kubuntu Linux
Boot up Kubuntu live installer from an USB drive and install it.
When asked for the location for installation, choose to replace a partition, using BTRFS. Click on your 500 GB partition you created for linux in the previous step and encrypt it with a password. The rest of the installation is easy forward.
Part 6: Security
Enable Bitlocker encryption on Windows
Boot into your Windows installation and type in “bitlocker” into the search box. Save your encryption key on a safe place and continue with enabling it. When this process is finished, your Windows partition is successfully encrypted.
This means that your Windows and your Linux are both encrypted now.
Tweaks
Time jumps between Windows and Linux
If you are not living in a region with timezone UTC, you will notice the system time differs between Windows and Ubuntu. To fix that simply issue “sudo timedatectl set-local-rtc 1” in the Ubuntu terminal. Once you set up your time correctly within Windows, your system time will not jump around any more.
Disabling jumping application icon on click
This reminds me on a behaviour 20y ago. To disable it: System Settings > Appearance > Cursors > Configure Launch Feedback > None.
Useful information
Successfully tested with
– Windows 11 24H2
– Kubuntu 24.04 LTS
Links and sources