Setting up secure dual-boot system

FranklyFlawless:

You cannot, and this topic from the Qubes OS Forum lists additional concerns

IMO, those are factors that make sense to consider in the context of the threat models Qubes is built for, but somewhat out of scope or exaggerated for more common threat models. Not sure about OP’s threat model.

/boot is still unprotected and could be maliciously modified

This is true of single-boot as well. I don’t think it’s an issue introduced by dual-booting, and there are mitigations that a distro or a user can employ.

Also /boot can be encrypted, it just has some tradeoffs and only limited value (OpenSUSE would be an example of a distro that does this by default). Some form of measured boot would be another possible approach.

The other problem is firmware security - for example the other system could infect the BIOS firmware

Sure, but (imho) if OP is already trusting Windows enough to be willing to use it , it doesn’t really require any additional trust to accept the remote theoretical possibility that Windows would maliciously tamper with your bios or firmware in order to compromise your Linux boot process. Needing to trust Windows not to be outright malicious and hostile is already baked into the choice to use Windows, and it’s a very unlikely risk (imho).

greentarp8000:

How can I set up a dual boot system so one OS can’t access the data from the other?

My general advice about dual-booting is: if possible its best to only install one OS per physical drive. It’s not just easier to setup, it’s also more robust and resilient, easier to understand, and minimizes the chance of one OS doing something that screws with the other. It’d also make encryption simpler in a dual boot scenario. If using separate drives is not possible, I tend to advise against dual booting in most scenarios unless it is absolutely necessary.