From 503084b5ccfaced68a1de24dcf62583b9994c6d5 Mon Sep 17 00:00:00 2001 From: Daniel Weschke Date: Mon, 29 Aug 2016 01:48:23 +0200 Subject: [PATCH] Update README.md --- README.md | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 121 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 62e4495..38e8da5 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ Microsoft Surface Pro 3 with Arch Linux and i3 ============================================== -**!!! documentation unfinished !!!** (Dual) Booting Arch Linux (and Windows) with UEFI and Secure Boot ----------------------------------------------------------------- @@ -144,5 +143,125 @@ Set the Hardware Clock from the System Clock, and update the timestamps in hwclock --systohc --utc +Create an entry for your hostname in `/etc/hostname` (witch is a computer name): -... + surfacepro3 + +A matching entry in `/etc/hosts` is recommended + + 127.0.0.1 localhost.localdomain localhost surfacepro3 + ::1 localhost.localdomain localhost surfacepro3 + +Set the root password: + + $ passwd + +### Bootloader +Install the bootloader. + + $ pacman -S efibootmgr efitools + $ bootctl --path=/boot install + +Custom entries for the Systemd-boot must be made for linux kernels. +Edit `/boot/loader/loader.conf` + + default arch + timeout 4 + editor 0 + +Install the intel microcode updater and note the `PARTUUID` for the root `/` +partition on your Arch drive `/dev/sdx3` via `blkid` + + $ pacman -S intel-ucode + $ blkid + +Add the boot entry for the linux kernel in `/boot/loader/entries/arch.conf` and +load the intel microcode updater before `initramfs` + + title Arch + linux /vmlinuz-linux + initrd /intel-ucode.img + initrd /initramfs-linux.img + options root=PARTUUID=THE-NUMBER-GIVEN-BY-BLKID rw + +Download a Microsoft-signed loader and hashing tool, to generate compatible keys +for any kernel, tool, etc. Also, change (copy) the name of the standard systemd +bootloader so that the PreLoader will recognize it + + $ cd /boot/EFI/systemd + $ pacman -S wget + $ wget http://blog.hansenpartnership.com/wp-uploads/2013/PreLoader.efi + $ wget http://blog.hansenpartnership.com/wp-uploads/2013/HashTool.efi + $ cp /boot/EFI/systemd/systemd-bootx64.efi /boot/EFI/systemd/loader.efi + +The boot order on the motherboard NVRAM has to be changed so that PreLoader.efi +and HashTool.efi are present + + $ efibootmgr -c -d /dev/sdx -p 1 -L PreLoader -l /EFI/systemd/PreLoader.efi + $ efibootmgr -c -d /dev/sdx -p 1 -L HashTool -l /EFI/systemd/HashTool.efi + +and in the correct order; PreLoader, HashTool and Linux Boot Manager. + + $ efibootmgr -v # get the numbers 000x + $ efibootmgr -o 000P,000H,000L # in my case it was 0003,0004,0000 + +Exit the root shell + + exit + +Unmount all the partitions + + umount -R /mnt + +Restart the machine + + reboot + +Turn secure boot back on. After reboot you should be loaded into a blue screen. +The screen prompts you that no signed binaries were found and that you need to +sign them (Enroll). Using the HashTool the following items MUST be signed for +the Linux kernel to boot correctly: + + /boot/EFI/systemd/loader.efi + /boot/vmlinuz-linux + +You can navigate back through folders using the ../ option. If you forgot to +sign something and can not boot, don’t worry. You can load up the live USB +(disable Secure Boot), and set HashTool.efi to be the first boot entry +using `efibootmgr`. Then, you can re-sign (enroll) as needed. + + + +# Installing Windows +Install windows normally. + +Before you restart for the first time disable fast startup (Windows 10) +1. Type Control Panel in the search box. +2. Click Control Panel. +3. Click Power Options. +4. Click Choose what the power buttons do. +5. Click Change settings that are currently unavailable. +6. Scroll down to Shutdown settings and uncheck Turn on fast startup. +7. Click Save changes. + +To make Systemd-boot able to load windows through PreLoader.efi the Windows boot +manager must be on the same ESP. But Windows will see the ESP and install it’s +manager to `/boot/EFI/Microsoft/`. + +Windows will overwrite your existing boot order in NVRAM to place its boot +manager first. Load up the live USB again (disable Secure Boot) and change the +boot order back to PreLoader.efi being first: + + $ mount /dev/sdx3 /mnt # the Arch / partition + $ mount /dev/sdx1 /mnt/boot # The Arch /boot partition + $ arch-chroot /mnt /bin/bash + $ efibootmgr -v # get the numbers 000x + $ efibootmgr -o 000P,000H,000L,000W + $ exit + $ umount -R /mnt + $ reboot + +To make an entry in the systemd-boot menu as default select the entry and press +`d`. +It could be handy to make Windows the default entry because of automatic updates +that require multiple restarts, etc.