Using GRUB is a little harder than using syslinux, but it is required if you want UEFI support. Here’s how to use GRUB2 for UEFI and LUKS encrypted volumes for the .Arch Linux side and still dual boot into Windows 10
[UPDATE: I should have mentioned that this article is built upon previous work I did using LVM on LUKS on an MBR system. There are scripts with comments that can be used to be a recipe for that at https://github.com/JDCNS/ArchVMInstall.]
This article is partly the result of Microsoft’s constant giving of five confusing names for the same thing and just plain backwards way of doing things. It is also partly because overall GRUB is such a flexible and customizable tool that finding all of the information in one spot is unlikely.
Let’s just get one thing out of the way: Microsoft is stupid. Furthermore, none of this would have been necessary if their Windows 10 programmers spent half the time they spend on trying to spy on you in actually writing good code. Even the error messages are stupid. “Your system reserved partition is full.” What? Why? Who filled it up? Oh, yeah, Microsoft did.
In addition, reinstalling Windows 10 the lazy way still had the weird arrangement where the EFI, aka “boot partition”, is second after the restore partition. Why? I still don’t know. After all, shouldn’t the boot partition be the first partition? If not, why not? Doesn’t it make sense since booting is the first thing you’ll likely want to do after a BIOS check?
This is the same stupid “logic” of how MSDOS had the upside-down scheme where the important information started at 640K in RAM because, you know, no one will ever need more than 640K of RAM. </sarcasm> Meanwhile *Nix variants have always put the important stuff at the beginning of memory, since, after all, it is something that everyone needs first.
Having said that, Linux also has its warts. I believed the line that the UUID form of defining disks and partitions was superior because partition names can change. Well, guess what? UUIDs can change, too!
So, I was left with trying to reinstall everything and doing it intelligently so that Microsoft won’t screw everything up and Linux won’t lose its mind in the process. It actually was a bigger headache than it needed to be. For instance, that default install of Windows 10 I was telling you about? It still only creates a 100MB EFI, aka “System Reserved”, partition, even though it is supposed to be at least 250MB!
So, I started with planning how to do the Windows 10 partitions. I wanted at least 350MB for the EFI/ESP partition, which is followed by the required 16MB Microsoft Reserved (MSR) partition.
I then wanted that followed by the recovery partition tools partition, sometimes referred to as the WRE. How large to make it? That was a good question, and it still has a confusing answer:
This partition must be at least 300 MB.
This partition must have enough space for the Windows Recovery Environment tools image (winre.wim, typically between 250-300MB, depending on base language and customizations added), plus enough free space so that the partition can be captured by backup utilities:
- If the partition is less than 500 MB, it must have at least 50 MB of free space.
- If the partition is 500 MB or larger, it must have at least 320 MB of free space.
- If the partition is larger than 1 GB, we recommend that it should have at least 1 GB free.
~ Microsoft MSDN, “UEFI/GPT-based hard drive partitions“
About as clear as mud, right? So, if the partition is 1.1GB, I must have 1GB free? How am I supposed to know how much it needs? Anyhow, the in-between route seemed safer, so I made it 820MB.
In any event, I used the rules in the above article to create a file called CreatePartitions-UEFI.txt, which contained:
rem == CreatePartitions-UEFI.txt ==
rem == These commands are used with DiskPart to
rem create four partitions
rem for a UEFI/GPT-based PC.
rem Adjust the partition sizes to fill the drive
rem as necessary. ==
select disk 0
clean
convert gpt
rem == 1. System partition =========================
create partition efi size=350
rem ** NOTE: For Advanced Format 4Kn drives,
rem change this value to size = 260 **
format quick fs=fat32 label="ESP"
assign letter="S"
rem == 2. Microsoft Reserved (MSR) partition =======
create partition msr size=16
rem === 4. Recovery tools partition ================
create partition primary size=820
format quick fs=ntfs label="Recovery tools"
assign letter="R"
set id="de94bba4-06d1-4d40-a16a-bfd50179d6ac"
gpt attributes=0x8000000000000001
rem == 3. Windows partition ========================
rem == a. Create the Windows partition ==========
create partition primary size=100000
rem == b. Create space for the recovery tools ===
rem shrink minimum=500
rem ** NOTE: Update this size to match the
rem size of the recovery tools
rem (winre.wim) plus free space **
rem == c. Prepare the Windows partition =========
format quick fs=ntfs label="Windows"
assign letter="W"
list volume
exit
Then, I created a command (batch) file called CreatePartitions.cmd, which contained:
DiskPart /s CreatePartitions-UEFI.txt
I put them both on a USB stick, booted up to Windows 10 install and chose the command prompt to run the command file. Thus having prepped the disk, I rebooted and selected the 100GB partition at the end to install Windows 10 to.
I’ll spare the reader all the weird and wonderful of getting it back into the Insider Program and in developer mode so I could install bash on Windows. It would help if they would quit moving all of the stuff on the dialogs around, not to mention a little bit of feedback before sitting around several hours and then it suddenly just starts downloading everything.
You know, people complain about Arch, but seriously I’ve yet to see very much that has been as seriously screwed up in their rolling releases as this.
So, after about a week of seriously pounding on it (just to make sure), it was time to dive into installing Arch. Actually installing the actual Arch Linux component for use with GRUB2 for UEFI and LUKS encrypted volumes is quite easy. There is my own GitHub repository with shell scripts (you can read through them and run the commands manually as well) in ArchVMInstall, and there are also instructions for Minimal instructions for installing arch linux.
However, the difficulty comes in configuring GRUB. I noticed 2 problems right away:
- I did not have Windows in the GRUB menu.
- It complained about no device for resume.
The first one was because the instructions seem to leave out installing the os-prober module. Therefore, after doing everything else you want to do in the arch-chroot environment, you need to start with:
pacman -S grub efibootmgr os-prober
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=mygrub
I chose “/boot” because Dell creates an EFI (note all caps) directory already in the EFI/ESP partition, but your manufacturer might do something different, which adds to the confusion. I also decided to name it “mygrub”, but you can call it whatever you want. In the end, the minimal install directions simply run “grub-install”, and I assume that would work in 90% of the cases.
Next, you will need to tell Arch to boot from an encrypted volume and use the LVM volume set aside for swap to do a resume. In addition, I like to have the system boot the last operating system I used rather than setting a fixed default, so these lines need to change in /etc/default/grub:
GRUB_DEFAULT=saved
GRUB_TIMEOUT=5
...
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda5:luks5 resume=/dev/mapper/vg0-swap"
While looking up some of this, I couldn’t help but add the following in /etc/grub.d/40_custom:
menuentry "System shutdown" {
echo "System shutting down..."
halt
}
menuentry "System restart" {
echo "System rebooting..."
reboot
}
I actually doubt the reboot option will do much good (after all, didn’t you just do that in order to get here?), but there have been times I’ve hit “restart” instead of “shutdown”, and so in it goes!
Now, just run the grub-mkconfig command, and you should have Windows, Arch, shutdown and restart in the GRUB menu. In addition, you should be able to use the available tools to hibernate and resume, but in all frankness this part is flaky at best.
Now, you should have a dual-boot system between Windows 10 and Arch, using GRUB2 for UEFI and LUKS encrypted volumes.