[reddytowns]

If you're not using secure boot* and an encrypted Linux partition you are not secure.

(*Or a boot loader on a separate USB drive which is never plugged in while running Windows)

[mcsofake]

I don't think that will help. Windows can patch the bootloader to cache the encryption password. Since Microsoft controls the secure boot signing keys, they can sign the patched bootloader too, so even secure boot cannot protect you. Having the bootloader on a USB drive is probably a good idea though.