UEFI Dual boot with Windows 7/8

From Gentoo Wiki
Jump to:navigation Jump to:search
Article status
This article needs wikification.

This article describes how to dual boot Microsoft Windows on a UEFI computer.

Prerequisites

We assume you have a computer with Windows 7 or later installed on a GPT-partitioned drive and booting in UEFI mode.

You need to know how to enable and disable Secure Boot for your UEFI system settings (also called BIOS)

Microsoft dictates the requirements that any computer bearing the windows logo has to follow. That means that any AMD64 computer with windows 8 or later preinstalled, has to be capable of disabling secure boot, and mange the secure boot keys from the UEFI System settings.

On the other hand, ARM devices with windows 8 or later preinstalled are forbidden from allowing the user to disable secure boot.

If the drive is empty, try installing Windows before installing Linux.

Disable "Fast Startup"

It is strongly recommended to disable "Fast Startup", aka "hybrid shutdown" or "hybrid boot" in Windows. Without it, Windows' filesystems are not unmounted even when you're using Linux, so editing Windows files can result in data loss. Even if you do not intend to share filesystems, the EFI System Partition is likely to be damaged on an EFI system.

To disable Fast Startup, see here for Windows 8 and here for Windows 10.

Shrink the Windows partition

You can skip this if there's already room for Gentoo partitions.

Windows 7

Note
Windows 7 requires Secure Boot to be Disabled, Legacy ROMs to be Enabled and in any case does not have an Updated Microsoft Signature to pass Secure Boot.[1]
  1. Press the Windows-r to open the "Run" dialog, and enter diskmgmt.msc OR go to Control Panel/Administrative Tools and open Computer Management. Select the "Disk Management" option under "Storage" from the tree menu on the left.
  2. Right click on the target partition and choose “shrink volume”
  3. Provide the size of the shrink

Windows 8 or Windows 10:

  1. Press Windows-x (windows key and x key simultaneously).
  2. Choose “Disk Management”
  3. Right click on the target partition and choose “shrink volume”
  4. Provide the size of the shrink

BitLocker

Warning
BitLocker users: make a backup of your BitLocker recovery key NOW

If you are using BitLocker to encrypt your windows volumes, you need to decide if you want to keep using it. It is possible to keep using BitLocker, have the drives auto-unlock, and access its contents from Gentoo, but additional steps should be taken.

You can avoid all the hassle by disabling BitLocker and decrypting your volumes. If you want to do so, go to control panel > system and security > BitLocker drive encryption. Search for your drive, and click on Turn off BitLocker. Your drives will begin decrypting, witch will take a while.

If you want to keep using BitLocker, you need a little understanding on how it works. Basically, it uses your computer TPM to store the decryption keys of you C volume, which in turn contains the keys for the rest of the volumes, if presents. BitLocker will require secure boot in order to auto-unlock

The TPM will only release the decryption keys to the Operating System, if the state of the system is the same as when the encryption material was "sealed" inside the TPM. Any changes you make to the computer, such as disabling secure boot, changing some UEFI firmware configurations, or chain loading the windows boot-loader from grub, will change said state and the TPM will refuse to release the key.

You can suspend bitlocker, so BitLocker can keep working even if you make any significant change to your system. While the protection is disabled, the encryption keys aren't protected, so any hardware or settings changes won't prevent BitLocker from accessing the decryption keys. When you resume the protection, the current system state is evaluated, and the decryption material is re-sealed. Any changes made after this point can prevent BitLocker from auto unlocking the boot drive.

Note
The Microsoft documentation states that "BitLocker protection will remain disabled for a particular drive until you manually resume it" This is not consistent with my experience, and the protection is automatically enable during the next windows boot.

If you accidentally boot back into windows, before finalizing all the required changes (such as completing the Gentoo installation) make sure the protection is still disabled BEFORE rebooting or shutting down windows.

If the bitlocker recovery screen is shown instead of the normal windows boot process, you can safely reboot without taking any further step.

Bottomline: You can archive dual booting while keeping BitLocker enabled, by suspending BitLocker during the Gentoo installation, and making sure to install the Gent boot loader as a new boot entry, without changing the default. When the installation is complete, enable secure boot, and boot into windows 2 times.

  • Windows: Enable secure boot, and choose the Windows bootloader on your bios boot menu or make it the default.
  • Gentoo: DISABLE secure boot, and choose the Gentoo bootloader on you bios boot menu, or make it the default.


If you want to avoid the hassle of enabling and disabling secure boot, and / or using your bios boot menu, read the Secure Boot section, which will guide on how to enable secure boot for Gentoo, which will improve Gentoo's security and allow its bootloader to chainload the windows bootloader while keeping bitlocker auto-unlock working.

Note
Reminder: Secure boot is needed for BitLocker Auto-Unlock. Trying to boot into windows with secure boot disabled will always result in the BitLocker recovery screen. If this where to happen to you, just enable secure boot, and if there are no further problems with bitlocker auto-unlock, windows should boot normally.

Optional: Download and install rEFInd in Windows

Get rEFInd

Extract refind-bin-{version}.zip to a handy location. Suggest C:\.

Get directions; then install rEFInd from Windows to the Windows EFI System partition (ESP)

For simpler booting in some configurations, ensure that you've installed EFI filesystem drivers for the partition that holds your Linux kernel.

Screenshots from user Drake Donahue.

Obtain UEFI bootable Linux media

The latest gentoo LiveCD/USB/DVD is capable of UEFI boot. It is not compatible with secure boot, so you will need to disable it prior to trying to boot it.

Alternatively, the UBUNTU liveCD is signed by microsoft, so it should boot with secure boot enabled.

Install Gentoo

Quick and easy

With an EFI System Partition provided by installation of Windows or self created, create the root (/) partition (and optionally other partitions) according to the Handbook and proceed with installation until Architecture specific kernel configuration. Complete kernel configuration according to EFI stub and proceed from Configuring the modules.

Reboot and enjoy an UEFI dual boot system!!

Alternative procedure

Exceptions/additions to the Gentoo Handbook:

Create partitions

Use gdisk instead of fdisk or parted for GPT disks. It's provided by sys-apps/gptfdisk.

START OF GDISK EXAMPLE:

 gdisk /dev/sda
 GPT fdisk (gdisk) version 0.8.6

 Partition table scan:
 MBR: protective
 BSD: not present
 APM: not present
 GPT: present

 Found valid GPT with protective MBR; using GPT.

 Command (? for help): p
 Disk /dev/sda: 500118192 sectors, 238.5 GiB
 Logical sector size: 512 bytes
 Disk identifier (GUID): C72786B7-C1FB-4A60-8F5F-216FA9097A98
 Partition table holds up to 128 entries
 First usable sector is 34, last usable sector is 500118158
 Partitions will be aligned on 2048-sector boundaries
 Total free space is 123357805 sectors (58.8 GiB)

 Number  Start (sector)    End (sector)  Size       Code  Name
 1            2048          616447   300.0 MiB   2700  Basic data partition
 2          616448          821247   100.0 MiB   EF00  EFI system partition
 3          821248         1083391   128.0 MiB   0C01  Microsoft reserved part
 4         1083392       376762367   179.1 GiB   0700  Basic data partition

 Command (? for help): n
 Partition number (5-128, default 5):
 First sector (34-500118158, default = 376762368) or {+-}size{KMGTP}:
 Last sector (376762368-500118158, default = 500118158) or {+-}size{KMGTP}: +100M
 Current type is 'Linux filesystem'
 Hex code or GUID (L to show codes, Enter = 8300):
 Changed type of partition to 'Linux filesystem'
 Entering GPTPart::SetName(const UnicodeString...)

 Command (? for help): n
 Partition number (6-128, default 6):
 First sector (34-500118158, default = 376967168) or {+-}size{KMGTP}:
 Last sector (376967168-500118158, default = 500118158) or {+-}size{KMGTP}: +1G
 Current type is 'Linux filesystem'
 Hex code or GUID (L to show codes, Enter = 8300): 8200
 Changed type of partition to 'Linux swap'
 Entering GPTPart::SetName(const UnicodeString...)

 Command (? for help): n
 Partition number (7-128, default 7):
 First sector (34-500118158, default = 379064320) or {+-}size{KMGTP}:
 Last sector (379064320-500118158, default = 500118158) or {+-}size{KMGTP}:
 Current type is 'Linux filesystem'
 Hex code or GUID (L to show codes, Enter = 8300):
 Changed type of partition to 'Linux filesystem'
 Entering GPTPart::SetName(const UnicodeString...)

 Command (? for help): p
 Disk /dev/sda: 500118192 sectors, 238.5 GiB
 Logical sector size: 512 bytes
 Disk identifier (GUID): C72786B7-C1FB-4A60-8F5F-216FA9097A98
 Partition table holds up to 128 entries
 First usable sector is 34, last usable sector is 500118158
 Partitions will be aligned on 2048-sector boundaries
 Total free space is 2014 sectors (1007.0 KiB)

 Number  Start (sector)    End (sector)  Size       Code  Name
 1            2048          616447   300.0 MiB   2700  Basic data partition
 2          616448          821247   100.0 MiB   EF00  EFI System Partition
 3          821248         1083391   128.0 MiB   0C01  Microsoft reserved part
 4         1083392       376762367   179.1 GiB   0700  Basic data partition
 5       376762368       376967167   100.0 MiB   8300  Linux filesystem
 6       376967168       379064319   1024.0 MiB  8200  Linux swap
 7       379064320       500118158   57.7 GiB    8300  Linux filesystem

 Command (? for help): w

 Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
 PARTITIONS!!

 Do you want to proceed? (Y/N): y
 OK; writing new GUID partition table (GPT) to /dev/sda.
 The operation has completed successfully.

Make file systems:

root #mkfs.ext2 /dev/sda5
root #mkfs.ext4 /dev/sda7
root #mkswap /dev/sda6
root #swapon /dev/sda6

As long as the EFI stub kernel is in an ext2, ext3, ext4, ReiserFS, Btrfs, or FAT32 file system rEFInd will find it and add it to the menu.

Run blkid:

user $blkid
/dev/sda7: UUID="1f43e373-f923-4ec2-a62e-6a0d98927583" TYPE="swap" PARTLABEL="Linux filesystem" PARTUUID="92d3d504-9e7e-4c3d-9e56-15e3bd43511b"

The / partition PARTUUID will be used in the kernel configuration in the form root=PARTUUID=92d3d504-9e7e-4c3d-9e56-15e3bd43511b .

Keep it handy.

Continue with the handbook through "7. Configuring the Kernel".

Kernel configuration

Use either "7.b. Default: Manual Configuration" or "7.c. Alternative: Using genkernel" but start genkernel with genkernel --menuconfig all verses just genkernel all. In addition to the items specified in the handbook or set by genkernel, enable the following:

In menuconfig:

General setup
CONFIG_BLK_DEV_INITRD=y
CONFIG_INITRAMFS_SOURCE=""
CONFIG_RD_GZIP=y
CONFIG_RD_BZIP2=y
CONFIG_RD_LZMA=y
CONFIG_RD_XZ=y
CONFIG_RD_LZO=y
CONFIG_RD_LZ4=y

KERNEL
-*- Enable the block layer  --->

Partition Types ---> [*] PC BIOS (MSDOS partition tables) support [*] EFI GUID Partition support

Processor type and features ---> [*] EFI runtime service support [*] EFI stub support [*] EFI mixed-mode support [*] Built-in kernel command line (root=PARTUUID=92d3d504-9e7e-4c3d-9e56-15e3bd43511b ro) Built-in kernel command string EXAMPLE USE CORRECT PARTUUID FOUND WITH BLKID [*] Built-in command line overrides boot loader arguments

Firmware Drivers ---> <*> EFI Variable Support via sysfs

Device Drivers ---> Graphics support ---> <*> Support for frame buffer devices ---> [*] EFI-based Framebuffer Support

File systems ---> Pseudo filesystems ---> -*- /proc file system support [*] /proc/kcore support [*] Tmpfs virtual memory file system support (former shm fs) [*] Tmpfs POSIX Access Control Lists -*- Tmpfs extended attributes [*] HugeTLB file system support

<*> Userspace-driven configuration filesystem

If an initramfs is to be used, add an initrd="/boot/<your initramfs name>" to the kernel configuration item "CONFIG_CMDLINE" as in the following example:

KERNEL
Processor type and features --->
[*] Built-in kernel command line
(initrd=/boot/initramfs root=PARTUUID=92d3d504-9e7e-4c3d-9e56-15e3bd43511b ro) Built-in kernel command string EXAMPLE USE CORRECT PARTUUID FOUND WITH BLKID
[*] Built-in command line overrides boot loader arguments

If systemd is to be used, add "init=/usr/lib/systemd/systemd" to the kernel configuration item "CONFIG_CMDLINE" as in the following example:

KERNEL
Processor type and features --->
[*] Built-in kernel command line
(root=PARTUUID=92d3d504-9e7e-4c3d-9e56-15e3bd43511b ro init=/usr/lib/systemd/systemd quiet) Built-in kernel command string EXAMPLE USE CORRECT PARTUUID FOUND WITH BLKID
[*] Built-in command line overrides boot loader arguments

If systemd and an initramfs are to be used; example:

KERNEL
Processor type and features --->
[*] Built-in kernel command line
(initrd=/boot/initramfs root=PARTUUID=92d3d504-9e7e-4c3d-9e56-15e3bd43511b ro init=/usr/lib/systemd/systemd quiet) Built-in kernel command string EXAMPLE USE CORRECT PARTUUID FOUND WITH BLKID
[*] Built-in command line overrides boot loader arguments

Use make && make modules_install && make install to build a manual kernel. Finish the Handbook. No need to emerge or install grub or lilo or grub2. rEFInd will act as the boot manager.

Alternative booting

You may consider boot options suggested by refind Linux page. If you going to stick with refind config setup would be a better decision. In few words you're not required to hardcode kernel launch arguments, instead you should provide refind_linux.conf in the /boot partition next to the kernel binary. It's also possible to select described in refind_linux.conf file boot options at refind launch screen (press F2 to invoke additional boot options menu). You could find additional info with examples of refind_linux.conf at refind linux page.

Dynamic disk

"Dynamic disk" in Windows can be thought as an analog of LVM in Linux, which is not recommendable for dual boot. (See this ArchWiki article for more.)

In bug #700960, an ebuild of "libldm", which provides read/write access to dynamic disks, is submitted.

See also

External resources

References