Update README.md
This commit is contained in:
123
README.md
123
README.md
@@ -1,6 +1,5 @@
|
|||||||
Microsoft Surface Pro 3 with Arch Linux and i3
|
Microsoft Surface Pro 3 with Arch Linux and i3
|
||||||
==============================================
|
==============================================
|
||||||
**!!! documentation unfinished !!!**
|
|
||||||
|
|
||||||
(Dual) Booting Arch Linux (and Windows) with UEFI and Secure Boot
|
(Dual) Booting Arch Linux (and Windows) with UEFI and Secure Boot
|
||||||
-----------------------------------------------------------------
|
-----------------------------------------------------------------
|
||||||
@@ -144,5 +143,125 @@ Set the Hardware Clock from the System Clock, and update the timestamps in
|
|||||||
|
|
||||||
hwclock --systohc --utc
|
hwclock --systohc --utc
|
||||||
|
|
||||||
|
Create an entry for your hostname in `/etc/hostname` (witch is a computer name):
|
||||||
|
|
||||||
...
|
surfacepro3
|
||||||
|
|
||||||
|
A matching entry in `/etc/hosts` is recommended
|
||||||
|
|
||||||
|
127.0.0.1 localhost.localdomain localhost surfacepro3
|
||||||
|
::1 localhost.localdomain localhost surfacepro3
|
||||||
|
|
||||||
|
Set the root password:
|
||||||
|
|
||||||
|
$ passwd
|
||||||
|
|
||||||
|
### Bootloader
|
||||||
|
Install the bootloader.
|
||||||
|
|
||||||
|
$ pacman -S efibootmgr efitools
|
||||||
|
$ bootctl --path=/boot install
|
||||||
|
|
||||||
|
Custom entries for the Systemd-boot must be made for linux kernels.
|
||||||
|
Edit `/boot/loader/loader.conf`
|
||||||
|
|
||||||
|
default arch
|
||||||
|
timeout 4
|
||||||
|
editor 0
|
||||||
|
|
||||||
|
Install the intel microcode updater and note the `PARTUUID` for the root `/`
|
||||||
|
partition on your Arch drive `/dev/sdx3` via `blkid`
|
||||||
|
|
||||||
|
$ pacman -S intel-ucode
|
||||||
|
$ blkid
|
||||||
|
|
||||||
|
Add the boot entry for the linux kernel in `/boot/loader/entries/arch.conf` and
|
||||||
|
load the intel microcode updater before `initramfs`
|
||||||
|
|
||||||
|
title Arch
|
||||||
|
linux /vmlinuz-linux
|
||||||
|
initrd /intel-ucode.img
|
||||||
|
initrd /initramfs-linux.img
|
||||||
|
options root=PARTUUID=THE-NUMBER-GIVEN-BY-BLKID rw
|
||||||
|
|
||||||
|
Download a Microsoft-signed loader and hashing tool, to generate compatible keys
|
||||||
|
for any kernel, tool, etc. Also, change (copy) the name of the standard systemd
|
||||||
|
bootloader so that the PreLoader will recognize it
|
||||||
|
|
||||||
|
$ cd /boot/EFI/systemd
|
||||||
|
$ pacman -S wget
|
||||||
|
$ wget http://blog.hansenpartnership.com/wp-uploads/2013/PreLoader.efi
|
||||||
|
$ wget http://blog.hansenpartnership.com/wp-uploads/2013/HashTool.efi
|
||||||
|
$ cp /boot/EFI/systemd/systemd-bootx64.efi /boot/EFI/systemd/loader.efi
|
||||||
|
|
||||||
|
The boot order on the motherboard NVRAM has to be changed so that PreLoader.efi
|
||||||
|
and HashTool.efi are present
|
||||||
|
|
||||||
|
$ efibootmgr -c -d /dev/sdx -p 1 -L PreLoader -l /EFI/systemd/PreLoader.efi
|
||||||
|
$ efibootmgr -c -d /dev/sdx -p 1 -L HashTool -l /EFI/systemd/HashTool.efi
|
||||||
|
|
||||||
|
and in the correct order; PreLoader, HashTool and Linux Boot Manager.
|
||||||
|
|
||||||
|
$ efibootmgr -v # get the numbers 000x
|
||||||
|
$ efibootmgr -o 000P,000H,000L # in my case it was 0003,0004,0000
|
||||||
|
|
||||||
|
Exit the root shell
|
||||||
|
|
||||||
|
exit
|
||||||
|
|
||||||
|
Unmount all the partitions
|
||||||
|
|
||||||
|
umount -R /mnt
|
||||||
|
|
||||||
|
Restart the machine
|
||||||
|
|
||||||
|
reboot
|
||||||
|
|
||||||
|
Turn secure boot back on. After reboot you should be loaded into a blue screen.
|
||||||
|
The screen prompts you that no signed binaries were found and that you need to
|
||||||
|
sign them (Enroll). Using the HashTool the following items MUST be signed for
|
||||||
|
the Linux kernel to boot correctly:
|
||||||
|
|
||||||
|
/boot/EFI/systemd/loader.efi
|
||||||
|
/boot/vmlinuz-linux
|
||||||
|
|
||||||
|
You can navigate back through folders using the ../ option. If you forgot to
|
||||||
|
sign something and can not boot, don’t worry. You can load up the live USB
|
||||||
|
(disable Secure Boot), and set HashTool.efi to be the first boot entry
|
||||||
|
using `efibootmgr`. Then, you can re-sign (enroll) as needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Installing Windows
|
||||||
|
Install windows normally.
|
||||||
|
|
||||||
|
Before you restart for the first time disable fast startup (Windows 10)
|
||||||
|
1. Type Control Panel in the search box.
|
||||||
|
2. Click Control Panel.
|
||||||
|
3. Click Power Options.
|
||||||
|
4. Click Choose what the power buttons do.
|
||||||
|
5. Click Change settings that are currently unavailable.
|
||||||
|
6. Scroll down to Shutdown settings and uncheck Turn on fast startup.
|
||||||
|
7. Click Save changes.
|
||||||
|
|
||||||
|
To make Systemd-boot able to load windows through PreLoader.efi the Windows boot
|
||||||
|
manager must be on the same ESP. But Windows will see the ESP and install it’s
|
||||||
|
manager to `/boot/EFI/Microsoft/`.
|
||||||
|
|
||||||
|
Windows will overwrite your existing boot order in NVRAM to place its boot
|
||||||
|
manager first. Load up the live USB again (disable Secure Boot) and change the
|
||||||
|
boot order back to PreLoader.efi being first:
|
||||||
|
|
||||||
|
$ mount /dev/sdx3 /mnt # the Arch / partition
|
||||||
|
$ mount /dev/sdx1 /mnt/boot # The Arch /boot partition
|
||||||
|
$ arch-chroot /mnt /bin/bash
|
||||||
|
$ efibootmgr -v # get the numbers 000x
|
||||||
|
$ efibootmgr -o 000P,000H,000L,000W
|
||||||
|
$ exit
|
||||||
|
$ umount -R /mnt
|
||||||
|
$ reboot
|
||||||
|
|
||||||
|
To make an entry in the systemd-boot menu as default select the entry and press
|
||||||
|
`d`.
|
||||||
|
It could be handy to make Windows the default entry because of automatic updates
|
||||||
|
that require multiple restarts, etc.
|
||||||
|
|||||||
Reference in New Issue
Block a user