UEFI Dual boot with Windows 7/8

This article Article description::describes how to dual boot Microsoft Windows on a UEFI computer.

Prerequisites
We assume you have a computer with Windows 7 or later installed on a GPT-partitioned drive and booting in UEFI mode.

You need to know how to enable and disable Secure Boot for your UEFI system settings (also called BIOS)

Microsoft dictates the requirements that any computer bearing the windows logo has to follow. That means that any AMD64 computer with windows 8 or later preinstalled, has to be capable of disabling secure boot, and mange the secure boot keys from the UEFI System settings.

On the other hand, ARM devices with windows 8 or later preinstalled are forbidden from allowing the user to disable secure boot.

If the drive is empty, try installing Windows before installing Linux.

Disable "Fast Startup"
It is strongly recommended to disable "Fast Startup", aka "hybrid shutdown" or "hybrid boot" in Windows. Without it, Windows' filesystems are not unmounted even when you're using Linux, so editing Windows files can result in data loss. Even if you do not intend to share filesystems, the EFI System Partition is likely to be damaged on an EFI system.

To disable Fast Startup, see here for Windows 8 and here for Windows 10.

Shrink the Windows partition
You can skip this if there's already room for Gentoo partitions.

Windows 7

 * 1) Press the Windows-r to open the "Run" dialog, and enter diskmgmt.msc OR go to Control Panel/Administrative Tools and open Computer Management. Select the "Disk Management" option under "Storage" from the tree menu on the left.
 * 2) Right click on the target partition and choose “shrink volume”
 * 3) Provide the size of the shrink

Windows 8 or Windows 10:

 * 1) Press - (windows key and x key simultaneously).
 * 2) Choose “Disk Management”
 * 3) Right click on the target partition and choose “shrink volume”
 * 4) Provide the size of the shrink

BitLocker
If you are using BitLocker to encrypt your windows volumes, you need to decide if you want to keep using it. It is possible to keep using BitLocker, have the drives auto-unlock, and access its contents from Gentoo, but additional steps should be taken.

You can avoid all the hassle by disabling BitLocker and decrypting your volumes. If you want to do so, go to control panel > system and security > BitLocker drive encryption. Search for your drive, and click on Turn off BitLocker. Your drives will begin decrypting, witch will take a while.

If you want to keep using BitLocker, you need a little understanding on how it works. Basically, it uses your computer TPM to store the decryption keys of you C volume, which in turn contains the keys for the rest of the volumes, if presents. BitLocker will require secure boot in order to auto-unlock

The TPM will only release the decryption keys to the Operating System, if the state of the system is the same as when the encryption material was "sealed" inside the TPM. Any changes you make to the computer, such as disabling secure boot, changing some UEFI firmware configurations, or chain loading the windows boot-loader from grub, will change said state and the TPM will refuse to release the key.

You can suspend bitlocker, so BitLocker can keep working even if you make any significant change to your system. While the protection is disabled, the encryption keys aren't protected, so any hardware or settings changes won't prevent BitLocker from accessing the decryption keys. When you resume the protection, the current system state is evaluated, and the decryption material is re-sealed. Any changes made after this point can prevent BitLocker from auto unlocking the boot drive.

Bottomline: You can archive dual booting while keeping BitLocker enabled, by suspending BitLocker during the Gentoo installation, and making sure to install the Gent boot loader as a new boot entry, without changing the default. When the installation is complete, enable secure boot, and boot into windows 2 times.


 * Windows: Enable secure boot, and choose the Windows bootloader on your bios boot menu or make it the default.
 * Gentoo: DISABLE secure boot, and choose the Gentoo bootloader on you bios boot menu, or make it the default.

If you want to avoid the hassle of enabling and disabling secure boot, and / or using your bios boot menu, read the Secure Boot section, which will guide on how to enable secure boot for Gentoo, which will improve Gentoo's security and allow its bootloader to chainload the windows bootloader while keeping bitlocker auto-unlock working.

Optional: Download and install rEFInd in Windows
Get rEFInd

Extract refind-bin-{version}.zip to a handy location. Suggest C:\.

Get directions; then install rEFInd from Windows to the Windows EFI System partition (ESP)

For simpler booting in some configurations, ensure that you've installed EFI filesystem drivers for the partition that holds your Linux kernel.

Screenshots from user Drake Donahue.

Obtain UEFI bootable Linux media
The latest gentoo LiveCD/USB/DVD is capable of UEFI boot. It is not compatible with secure boot, so you will need to disable it prior to trying to boot it.

Alternatively, the UBUNTU liveCD is signed by microsoft, so it should boot with secure boot enabled.

Quick and easy
With an EFI System Partition provided by installation of Windows or self created, create the root (/) partition (and optionally other partitions) according to the Handbook and proceed with installation until Architecture specific kernel configuration. Complete kernel configuration according to EFI stub and proceed from Configuring the modules.

Reboot and enjoy an UEFI dual boot system!!

Alternative procedure
Exceptions/additions to the Gentoo Handbook:

Create partitions
Use ''instead of  or  for GPT disks. It's provided by .''

START OF GDISK EXAMPLE:

gdisk /dev/sda GPT fdisk (gdisk) version 0.8.6

Partition table scan: MBR: protective BSD: not present APM: not present GPT: present

Found valid GPT with protective MBR; using GPT.

Command (? for help): p Disk /dev/sda: 500118192 sectors, 238.5 GiB Logical sector size: 512 bytes Disk identifier (GUID): C72786B7-C1FB-4A60-8F5F-216FA9097A98 Partition table holds up to 128 entries First usable sector is 34, last usable sector is 500118158 Partitions will be aligned on 2048-sector boundaries Total free space is 123357805 sectors (58.8 GiB)

Number Start (sector)    End (sector)  Size       Code  Name 1           2048          616447   300.0 MiB   2700  Basic data partition 2         616448          821247   100.0 MiB   EF00  EFI system partition 3         821248         1083391   128.0 MiB   0C01  Microsoft reserved part 4        1083392       376762367   179.1 GiB   0700  Basic data partition

Command (? for help): n Partition number (5-128, default 5): First sector (34-500118158, default = 376762368) or {+-}size{KMGTP}: Last sector (376762368-500118158, default = 500118158) or {+-}size{KMGTP}: +100M Current type is 'Linux filesystem' Hex code or GUID (L to show codes, Enter = 8300): Changed type of partition to 'Linux filesystem' Entering GPTPart::SetName(const UnicodeString...)

Command (? for help): n Partition number (6-128, default 6): First sector (34-500118158, default = 376967168) or {+-}size{KMGTP}: Last sector (376967168-500118158, default = 500118158) or {+-}size{KMGTP}: +1G Current type is 'Linux filesystem' Hex code or GUID (L to show codes, Enter = 8300): 8200 Changed type of partition to 'Linux swap' Entering GPTPart::SetName(const UnicodeString...)

Command (? for help): n Partition number (7-128, default 7): First sector (34-500118158, default = 379064320) or {+-}size{KMGTP}: Last sector (379064320-500118158, default = 500118158) or {+-}size{KMGTP}: Current type is 'Linux filesystem' Hex code or GUID (L to show codes, Enter = 8300): Changed type of partition to 'Linux filesystem' Entering GPTPart::SetName(const UnicodeString...)

Command (? for help): p Disk /dev/sda: 500118192 sectors, 238.5 GiB Logical sector size: 512 bytes Disk identifier (GUID): C72786B7-C1FB-4A60-8F5F-216FA9097A98 Partition table holds up to 128 entries First usable sector is 34, last usable sector is 500118158 Partitions will be aligned on 2048-sector boundaries Total free space is 2014 sectors (1007.0 KiB)

Number Start (sector)    End (sector)  Size       Code  Name 1           2048          616447   300.0 MiB   2700  Basic data partition 2         616448          821247   100.0 MiB   EF00  EFI System Partition 3         821248         1083391   128.0 MiB   0C01  Microsoft reserved part 4        1083392       376762367   179.1 GiB   0700  Basic data partition 5      376762368       376967167   100.0 MiB   8300  Linux filesystem 6      376967168       379064319   1024.0 MiB  8200  Linux swap 7      379064320       500118158   57.7 GiB    8300  Linux filesystem

Command (? for help): w

Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING PARTITIONS!!

Do you want to proceed? (Y/N): y OK; writing new GUID partition table (GPT) to /dev/sda. The operation has completed successfully.

Make file systems:

As long as the EFI stub kernel is in an ext2, ext3, ext4, ReiserFS, Btrfs, or FAT32 file system rEFInd will find it and add it to the menu.

Run :

The partition PARTUUID will be used in the kernel configuration in the form root=PARTUUID=92d3d504-9e7e-4c3d-9e56-15e3bd43511b.

Keep it handy.

Continue with the handbook through "7. Configuring the Kernel".

Kernel configuration
Use either "7.b. Default: Manual Configuration" or "7.c. Alternative: Using genkernel" but start genkernel with verses just. In addition to the items specified in the handbook or set by genkernel, enable the following:

In menuconfig:

General setup CONFIG_BLK_DEV_INITRD=y CONFIG_INITRAMFS_SOURCE="" CONFIG_RD_GZIP=y CONFIG_RD_BZIP2=y CONFIG_RD_LZMA=y CONFIG_RD_XZ=y CONFIG_RD_LZO=y CONFIG_RD_LZ4=y

If an initramfs is to be used, add an initrd="/boot/ " to the kernel configuration item "CONFIG_CMDLINE" as in the following example:

If systemd is to be used, add "init=/usr/lib/systemd/systemd" to the kernel configuration item "CONFIG_CMDLINE" as in the following example:

If systemd and an initramfs are to be used; example:

Use to build a manual kernel. Finish the Handbook. No need to emerge or install grub or lilo or grub2. rEFInd will act as the boot manager.

Alternative booting
You may consider boot options suggested by refind Linux page. If you going to stick with refind config setup would be a better decision. In few words you're not required to hardcode kernel launch arguments, instead you should provide in the  partition next to the kernel binary. It's also possible to select described in file boot options at refind launch screen (press F2 to invoke additional boot options menu). You could find additional info with examples of at refind linux page.

Dynamic disk
"Dynamic disk" in Windows can be thought as an analog of LVM in Linux, which is not recommendable for dual boot. (See this ArchWiki article for more.)

In, an ebuild of "libldm", which provides read/write access to dynamic disks, is submitted.

External resources

 * How to repair Windows' EFI bootloader ... ... if it accidentally got deleted


 * Gentoo subsystem on Windows 10