UEFI Dual boot with Windows 7/8

From Gentoo Wiki
Jump to:navigation Jump to:search
Article status
This article needs wikification.

This article describes how to dual boot Microsoft Windows on a UEFI computer.

Prerequisites

This guide assumes you have a computer with Windows 7 or later installed on a GPT-partitioned drive and booting in UEFI mode.

Please read this to learn how to enable and disable Secure Boot for your UEFI system settings (also called BIOS)

Microsoft dictates the requirements that any computer bearing the windows logo has to follow. That means that any AMD64 computer with windows 8 or later preinstalled, has to be capable of disabling secure boot, and mange the secure boot keys from the UEFI System settings.

On the other hand, ARM devices with windows 8 or later preinstalled are forbidden from allowing the user to disable secure boot.

If the drive is empty, try installing Windows before installing Linux.

Disable "Fast Startup"

It is strongly recommended to disable "Fast Startup", aka "hybrid shutdown" or "hybrid boot" in Windows. Without it, Windows' filesystems are not unmounted even when you're using Linux, so editing Windows files can result in data loss. Even if you do not intend to share filesystems, the EFI System Partition is likely to be damaged on an EFI system.

To disable Fast Startup, see here for Windows 8 and here for Windows 10.

Shrink the Windows partition

Skip this if there's already room for Gentoo partitions.

Windows 7

Note
Windows 7 requires Secure Boot to be Disabled, Legacy ROMs to be Enabled and in any case does not have an Updated Microsoft Signature to pass Secure Boot.[1]
  1. Press the Windows-r to open the "Run" dialog, and enter diskmgmt.msc OR go to Control Panel/Administrative Tools and open Computer Management. Select the "Disk Management" option under "Storage" from the tree menu on the left.
  2. Right click on the target partition and choose “shrink volume”
  3. Provide the size of the shrink

Windows 8 or Windows 10:

  1. Press Windows-x (windows key and x key simultaneously).
  2. Choose “Disk Management”
  3. Right click on the target partition and choose “shrink volume”
  4. Provide the size of the shrink

BitLocker

Warning
BitLocker users: make a backup of your BitLocker recovery key NOW

If using BitLocker to encrypt your windows volumes, decide if this is going to be required moving forward. It is possible to keep using BitLocker, have the drives auto-unlock, and access the contents from Gentoo, but additional steps should be taken.

To remove the hassle of BitLocker, go to control panel > system and security > BitLocker drive encryption. Search for the drive, and click on "Turn off BitLocker". Your drives will begin decrypting, which will take a while.

A bit of background on how BitLocker works. Basically, it uses the computer's TPM to store the decryption keys of the C volume, which in turn contains the keys for the rest of the volumes, if present. BitLocker will require secure boot in order to auto-unlock.

The TPM will only release the decryption keys to the Operating System, if the state of the system is the same as when the encryption material was "sealed" inside the TPM. Any changes you make to the computer, such as disabling secure boot, changing some UEFI firmware configurations, or chain loading the windows boot-loader from grub, will change said state and the TPM will refuse to release the key.

Suspend bitlocker, so BitLocker can keep working even if any significant change is made to the system. While the protection is disabled, the encryption keys aren't protected, so any hardware or settings changes won't prevent BitLocker from accessing the decryption keys. When you resume the protection, the current system state is evaluated, and the decryption material is re-sealed. Any changes made after this point can prevent BitLocker from auto unlocking the boot drive.

Note
The Microsoft documentation states that "BitLocker protection will remain disabled for a particular drive until you manually resume it". This is not consistent with my experience, and the protection is automatically enabled during the next windows boot.

If the system is accidentally booted back into windows, before finalizing all the required changes (such as completing the Gentoo installation) make sure the protection is still disabled BEFORE rebooting or shutting down windows.

If the BitLocker recovery screen is shown instead of the normal windows boot process, you can safely reboot without taking any further step.

Bottomline: Archive dual booting while keeping BitLocker enabled, by suspending BitLocker during the Gentoo installation, and making sure to install the Gentoo bootloader as a new boot entry, without changing the default. When the installation is complete, enable secure boot, and boot into windows 2 times.

  • Windows: Enable secure boot, and choose the Windows bootloader on your bios boot menu or make it the default.
  • Gentoo: DISABLE secure boot, and choose the Gentoo bootloader on your bios boot menu, or make it the default.


To avoid the hassle of enabling and disabling secure boot, and / or using your bios boot menu, read the Secure Boot section, which will serve as guidance on how to enable secure boot for Gentoo, improving Gentoo's security and allowing its bootloader to chainload the windows bootloader while keeping BitLocker auto-unlock working.

Note
Reminder: Secure boot is needed for BitLocker Auto-Unlock. Trying to boot into windows with secure boot disabled will always result in the BitLocker recovery screen. If this were to happen to the system, just enable secure boot, and if there are no further problems with bitlocker auto-unlock, windows should boot normally.

Optional: Download and install rEFInd in Windows

Get rEFInd

Extract refind-bin-{version}.zip to a handy location. Suggest C:\.

Get directions; then install rEFInd from Windows to the Windows EFI System partition (ESP)

For simpler booting in some configurations, ensure that you've installed EFI filesystem drivers for the partition that holds the Linux kernel.

Screenshots from user Drake Donahue.

Obtain UEFI bootable Linux media

The latest gentoo LiveCD/USB/DVD is capable of UEFI boot. It is not compatible with secure boot, so there will be a need to disable it prior to trying to boot it.

Alternatively, the UBUNTU liveCD is signed by microsoft, so it should boot with secure boot enabled.

Install Gentoo

Quick and easy

With an EFI System Partition created by an installation of Windows or manually created, create the root (/) partition (and optionally other partitions) according to the Handbook and proceed with the installation until Architecture specific kernel configuration. Complete the kernel configuration according to EFI stub and proceed to Configuring the modules.

Reboot and enjoy a UEFI dual boot system!!

Alternative procedure

Exceptions/additions to the Gentoo Handbook:

Create partitions

Use gdisk instead of fdisk or parted for GPT disks. It's provided by sys-apps/gptfdisk.

START OF GDISK EXAMPLE:

 gdisk /dev/sda
 GPT fdisk (gdisk) version 0.8.6

 Partition table scan:
 MBR: protective
 BSD: not present
 APM: not present
 GPT: present

 Found valid GPT with protective MBR; using GPT.

 Command (? for help): p
 Disk /dev/sda: 500118192 sectors, 238.5 GiB
 Logical sector size: 512 bytes
 Disk identifier (GUID): C72786B7-C1FB-4A60-8F5F-216FA9097A98
 Partition table holds up to 128 entries
 First usable sector is 34, last usable sector is 500118158
 Partitions will be aligned on 2048-sector boundaries
 Total free space is 123357805 sectors (58.8 GiB)

 Number  Start (sector)    End (sector)  Size       Code  Name
 1            2048          616447   300.0 MiB   2700  Basic data partition
 2          616448          821247   100.0 MiB   EF00  EFI system partition
 3          821248         1083391   128.0 MiB   0C01  Microsoft reserved part
 4         1083392       376762367   179.1 GiB   0700  Basic data partition

 Command (? for help): n
 Partition number (5-128, default 5):
 First sector (34-500118158, default = 376762368) or {+-}size{KMGTP}:
 Last sector (376762368-500118158, default = 500118158) or {+-}size{KMGTP}: +100M
 Current type is 'Linux filesystem'
 Hex code or GUID (L to show codes, Enter = 8300):
 Changed type of partition to 'Linux filesystem'
 Entering GPTPart::SetName(const UnicodeString...)

 Command (? for help): n
 Partition number (6-128, default 6):
 First sector (34-500118158, default = 376967168) or {+-}size{KMGTP}:
 Last sector (376967168-500118158, default = 500118158) or {+-}size{KMGTP}: +1G
 Current type is 'Linux filesystem'
 Hex code or GUID (L to show codes, Enter = 8300): 8200
 Changed type of partition to 'Linux swap'
 Entering GPTPart::SetName(const UnicodeString...)

 Command (? for help): n
 Partition number (7-128, default 7):
 First sector (34-500118158, default = 379064320) or {+-}size{KMGTP}:
 Last sector (379064320-500118158, default = 500118158) or {+-}size{KMGTP}:
 Current type is 'Linux filesystem'
 Hex code or GUID (L to show codes, Enter = 8300):
 Changed type of partition to 'Linux filesystem'
 Entering GPTPart::SetName(const UnicodeString...)

 Command (? for help): p
 Disk /dev/sda: 500118192 sectors, 238.5 GiB
 Logical sector size: 512 bytes
 Disk identifier (GUID): C72786B7-C1FB-4A60-8F5F-216FA9097A98
 Partition table holds up to 128 entries
 First usable sector is 34, last usable sector is 500118158
 Partitions will be aligned on 2048-sector boundaries
 Total free space is 2014 sectors (1007.0 KiB)

 Number  Start (sector)    End (sector)  Size       Code  Name
 1            2048          616447   300.0 MiB   2700  Basic data partition
 2          616448          821247   100.0 MiB   EF00  EFI System Partition
 3          821248         1083391   128.0 MiB   0C01  Microsoft reserved part
 4         1083392       376762367   179.1 GiB   0700  Basic data partition
 5       376762368       376967167   100.0 MiB   8300  Linux filesystem
 6       376967168       379064319   1024.0 MiB  8200  Linux swap
 7       379064320       500118158   57.7 GiB    8300  Linux filesystem

 Command (? for help): w

 Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
 PARTITIONS!!

 Do you want to proceed? (Y/N): y
 OK; writing new GUID partition table (GPT) to /dev/sda.
 The operation has completed successfully.

Make file systems:

root #mkfs.ext2 /dev/sda5
root #mkfs.ext4 /dev/sda7
root #mkswap /dev/sda6
root #swapon /dev/sda6

As long as the EFI stub kernel is in an ext2, ext3, ext4, Btrfs, or FAT32 file system rEFInd will find it and add it to the menu.

Run blkid:

user $blkid
/dev/sda7: UUID="1f43e373-f923-4ec2-a62e-6a0d98927583" TYPE="swap" PARTLABEL="Linux filesystem" PARTUUID="92d3d504-9e7e-4c3d-9e56-15e3bd43511b"

The / partition PARTUUID will be used in the kernel configuration in the form root=PARTUUID=92d3d504-9e7e-4c3d-9e56-15e3bd43511b .

Keep it handy.

Continue with the handbook through "7. Configuring the Kernel".

Kernel configuration

Use either "7.b. Default: Manual Configuration" or "7.c. Alternative: Using genkernel" but start genkernel with genkernel --menuconfig all verses just genkernel all. In addition to the items specified in the handbook or set by genkernel, enable the following:

In menuconfig:

General setup
CONFIG_BLK_DEV_INITRD=y
CONFIG_INITRAMFS_SOURCE=""
CONFIG_RD_GZIP=y
CONFIG_RD_BZIP2=y
CONFIG_RD_LZMA=y
CONFIG_RD_XZ=y
CONFIG_RD_LZO=y
CONFIG_RD_LZ4=y

KERNEL
-*- Enable the block layer  --->
Partition Types  --->
[*]   PC BIOS (MSDOS partition tables) support
[*]   EFI GUID Partition support

Processor type and features  --->
[*] EFI runtime service support
[*]   EFI stub support
[*]     EFI mixed-mode support
[*] Built-in kernel command line
(root=PARTUUID=92d3d504-9e7e-4c3d-9e56-15e3bd43511b ro) Built-in kernel command string  EXAMPLE USE CORRECT PARTUUID FOUND WITH BLKID
[*]   Built-in command line overrides boot loader arguments

Firmware Drivers  --->
<*> EFI Variable Support via sysfs

Device Drivers  --->
Graphics support  --->
<*> Support for frame buffer devices  --->
[*]   EFI-based Framebuffer Support

File systems  --->
Pseudo filesystems  --->
-*- /proc file system support
[*]   /proc/kcore support
[*] Tmpfs virtual memory file system support (former shm fs)
[*]   Tmpfs POSIX Access Control Lists
-*-   Tmpfs extended attributes
[*] HugeTLB file system support
<*> Userspace-driven configuration filesystem

If an initramfs is to be used, add an initrd="/boot/<your initramfs name>" to the kernel configuration item "CONFIG_CMDLINE" as in the following example:

KERNEL
Processor type and features --->
[*] Built-in kernel command line
(initrd=/boot/initramfs root=PARTUUID=92d3d504-9e7e-4c3d-9e56-15e3bd43511b ro) Built-in kernel command string EXAMPLE USE CORRECT PARTUUID FOUND WITH BLKID
[*] Built-in command line overrides boot loader arguments

If systemd is to be used, add "init=/usr/lib/systemd/systemd" to the kernel configuration item "CONFIG_CMDLINE" as in the following example:

KERNEL
Processor type and features --->
[*] Built-in kernel command line
(root=PARTUUID=92d3d504-9e7e-4c3d-9e56-15e3bd43511b ro init=/usr/lib/systemd/systemd quiet) Built-in kernel command string EXAMPLE USE CORRECT PARTUUID FOUND WITH BLKID
[*] Built-in command line overrides boot loader arguments

If systemd and an initramfs are to be used; example:

KERNEL
Processor type and features --->
[*] Built-in kernel command line
(initrd=/boot/initramfs root=PARTUUID=92d3d504-9e7e-4c3d-9e56-15e3bd43511b ro init=/usr/lib/systemd/systemd quiet) Built-in kernel command string EXAMPLE USE CORRECT PARTUUID FOUND WITH BLKID
[*] Built-in command line overrides boot loader arguments

Use make && make modules_install && make install to build a manual kernel. Finish the Handbook. No need to emerge or install grub or lilo or grub2. rEFInd will act as the boot manager.

Alternative booting

Consider the boot options suggested by refind Linux page. If the system is using refind, the config setup would be the best option. In a few words, one should provide refind_linux.conf in the /boot partition next to the kernel binary rather than hardcoding kernel launch arguments. It's also possible to select the boot options described in refind_linux.conf at the refind launch screen (press F2 to invoke additional boot options menu). Find additional info with examples of refind_linux.conf at refind linux page.

Dynamic disk

"Dynamic disk", which in Windows can be thought of as analogous to LVM in Linux, is not recommended for dual boot. (See this ArchWiki article for more.)

In bug #700960, an ebuild of "libldm", which provides read/write access to dynamic disks, is submitted.

See also

  • EFI stub — describes EFI stub kernels, i.e. kernels directly executable from UEFI.
  • EFI System Partition — a FAT formatted partition containing the primary EFI boot loader(s) for installed operating systems.
  • Efibootmgr — a tool for managing UEFI boot entries.
  • REFInd — a boot manager for UEFI platforms.
  • NTFS — a proprietary disk filesystem by Microsoft for Windows and Windows-based operating systems.

External resources

References