How to install for encrypted dual boot?

Hello,

I have a new laptop (amd renoir, 4700U) with Windows 10 installed and wanted to install EndeavourOS in dual boot, with luks encryption enabled. I wasn’t able to do this in the installer (the screen becomes blank during boot and stops there, also tried the fallback), but the live ISO works fine, so I probably did something wrong.

Is there a guide I can follow to do this, including which partitions and flags I need to set for dual-boot? The guides I’ve seen usually need to erase all partitions, which I don’t want to do.

Thanks

Welcome @anon27782493

We recommend GParted included on our live ISO for partitionning and flag boot esp the EFI/fat32 partition but DON’T FORMAT IT to not break your win10 just flag it…

Then install with encrypt…

Check our wiki also
https://endeavouros.com/docs/installation/calamares-offline-installer-tips/

2 Likes

Thanks, I’ll try again later today and report back.

2 Likes

Since I’ve never used GPT mode until now (only MBR), I’ve tried several times.

Using gparted, with boot esp flags (just setting them and exiting, no formatting, then run the installer) the install process reaches the end and then grub emits an error and then I only have windows, no linux.

If instead I use the boot grub flag as suggested in the installer (partition menu), I only have linux, but I guess it automatically formats the efi partition as windows is not recognized anymore and can’t be fixed by booting from its iso.

As I said I’ve tried several times, and had to reinstall Windows each time. I’m tired for today, maybe I’ll try again some other time.

You don’t have to reinstall all Win, you could repair your boot/EFI via Diskpart.

You run your usb or win10 cd as you will install it then you look at bottom left Repair computer click on it and choose first option repair then in advanced option you will see to open Terminal command.C:/

In this terminal :

diskpart

Now list your disk :

list disk

Select the (x) concerned disk that contains your win 10 :

select disk x

Now that your disk is selected see the volumes inside it with :

list volume

Select your good (x) volume C: :

select volume x

Then see all partitions in this volume with :

list partition

If your EFI is not here just create it :

create partition efi

Check that partition named system is here :

list partition

You could format it now :

format fs=fat32 quick

Then quit Diskpart

exit

Finally on x:\Sources> repair your boit with :

bcdboot C:\windows

Now quit the terminal command to come back on win option :

exit

And click continue to boot your win10

1 Like

Thanks!

Somehow I solved (kind of) by installing both windows and linux as MBR (legacy bios mode).

It’s an easy solution cause you could make work mbr + gpt depending your Bios setup…or even better the both gpt ! Mbr is limited to 2TB size.

I’m wondering if you didn’t forget to desactivate the fastboot in Bios ?

See here https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/boot-to-uefi-mode-or-legacy-bios-mode

Some devices only support one mode (either UEFI or BIOS). Other devices will only allow you to boot to BIOS mode by manually disabling the UEFI security features. To disable the security features, go to Security > Secure Boot and disable the feature.

Then read Archlinux about Dual boot with Windows. They said that the necessity of same firmware boot mode on dual booting Arch and Windows , is when you are on the same disk which is not your case !

https://wiki.archlinux.org/index.php/Dual_boot_with_Windows

2 Likes

I’ve looked everywhere and there is no secure boot / fast boot option in my bios. Anyway since partitions work now I’m just leaving it as is. Thanks for your help

1 Like

Could you give the result from this command :

inxi -M

if you don’t have inxi installed, then install it

sudo pacman -S inxi

I can’t give you the result of inxi as I have another problem now. However the model is Lenovo Ideapad 5 (14ARE05).

I’ve found the secure boot option, it was hidden because I’m using the legacy bios mode, but if I set it to UEFI it appears and it’s disabled by default.

If I disable the lightdm service with systemctl, linux boots normally in text mode, then I login and type “systemctl start lightdm” to start the dm manually and it works

Then if it works you could get inxi ?

I saw that is not an old laptop so you could use only GPT !
In using the latest BIOS E7CN26WW from 13 Jul 2020, you would have the mode options to boot from UEFI or MBR (sometimes a third mode which accepts both setup).

Try to see this simple way to convert your head MBR in GPT without loose your data :

GPT doesn’t like MBR / BIOS boot, but like UEFI boot.
Even if It’s possible to get the both work with bios-grub flag.

When you have all in GPT, and setup UEFI in your Bios then you would see your usb key (depending your trademark) as this :

UEFI Sandisk USB Flash Drive

in spite of :

USB Sandisk Flash Drive

1 Like

Yes I have the latest BIOS, as I said in my last comment the Secure Boot option was simply hidden because I chose legacy (mbr) mode instead of UEFI. However Security > Secure Boot is disabled by default so I guess the problem was elsewhere.

In order to run the systemctl command I had to boot in “single” mode. But it doesn’t actually “work”, I just have a linux console without desktop and without networking, so I can’t use yay. So for now I’ll leave partitions as they are while I’m trying to figure out why lightdm isn’t working.

Thanks anyway.