I have been using a usb-installation to run LEAP in a non-intrusive way on my company’s laptop. I just had to hit F9 to select boot from USB when needed.
Today, my company laptop has been upgraded to Win 10 with UEFI SecureBoot (native, without CSM), like this. Unfortunately, I cannot use my as-is USB system anymore and need a plan to make it work again. I imagine that upgrading it to UEFI-enabled booting should help but I am not familiar with UEFI. My key questions:
Can I simply add a EFI partition to my existing system and point my UEFI boot order to USB hard drive? If yes, where can I find the right instructions to do so?
What about SecureBoot? Can/must I deactivate it? If yes, would it impact my Win 10 installation?
In any case, I cannot touch the win 10 partition and boot record (I know that does not exist anymore, but anything of that kind that is no undo-able or affecting the normal boot sequence).
It might be possible to add a second ESP (EFI System Partition) to your system. My notebook Sony Vaio E Series was shipped with 2 ESP on it. We don’t know what your EFI firmware aka EFI BIOS is, and I assume that your EFI firmware is password protected.
So you can’t disable Secure Boot, and it would be impossible to register the 2nd ESP to your firmware. Anyway, you will have to clear the procedure with your IT department.
Why? You still should be able to boot in legacy mode, unless it was intentionally disabled (one reason to disable it is to secure boot).
Can I simply add a EFI partition to my existing system and point my UEFI boot order to USB hard drive?
Should be possible if you have space to create additional partition. UEFI implementation quirks withstanding …
If yes, where can I find the right instructions to do so?
I do not know if there is detailed description, but to boot in UEFI from removable medium you need
Create EFI System Partition. It must have specific partition type/GUID. In principle it should be possible to have ESP on MBR (at least, standard requires it).
Format this partition as FAT.
Create directory \EFI\BOOT
Place EFI compatible bootloader in this directory with name either BOOTIA32.EFI or BOOTX64.EFI, depending on whether your firmware is 32 or 64 bit.
On boot select in your firmware boot menu your removable USB HDD. How to do it is system dependent. You need to make sure to select EFI boot.
What about SecureBoot? Can/must I deactivate it?
It must not, but having secure boot complicates configuration. As I said, you should be able to boot your existing disk using legacy boot if secure boot is disabled.
If yes, would it impact my Win 10 installation?
It should not, but are you allowed to do it by your company policy? If yes, try to disable it and check whether you can now boot from your existing external disk.
I have been using a usb-installation to run LEAP in a non-intrusive way
on my company’s laptop. I just had to hit F9 to select boot from USB
when needed.
Today, my company laptop has been upgraded to Win 10 with UEFI
SecureBoot (native, without CSM), ‘like this’
(http://tinyurl.com/gr2pynl). Unfortunately, I cannot use my as-is USB
system anymore and need a plan to make it work again. I imagine that
upgrading it to UEFI-enabled booting should help but I am not familiar
with UEFI. My key questions:
Can I simply add a EFI partition to my existing system and point my
UEFI boot order to USB hard drive? If yes, where can I find the right
instructions to do so?
What about SecureBoot? Can/must I deactivate it? If yes, would it
impact my Win 10 installation?
In any case, I cannot touch the win 10 partition and boot record (I know
that does not exist anymore, but anything of that kind that is no
undo-able or affecting the normal boot sequence).
Hi
Since your on a HP, press F9 and select “boot from efi” file rather than
usb device, then select the usb device and browse to the openSUSE
shim.efi, select and boot.
–
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.1|GNOME 3.16.2|4.1.26-21-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
Thanks for your replies (and sorry for my absence, I was on vacation). I successfully achieved the following:
resize the partitions, create the ESP, mkdir /EFI/BOOT and copy the bootx64.efi, grub.efi, grub.cfg, MokManager.efi (I got them from distribution/leap/42.1/repo/oss/EFI/BOOT/) [all from chroot on another box]
turn off secure boot and point my boot order to my USB drive
Now I have Grub showing up (in console mode) but it is not able to load my system because my grub.cfg is not correct (just copied it from the install volume).
How can I update the grub config to make sure it now loads everything correctly (the entries, the theme, etc)? If needed, I can boot my system in legacy mode on another box to perform the actions.
NB: I did not edit the fstab to mount my ESP, yet. I imagine the mountpoint is /boot/efi (leading to a /boot/efi/EFI/BOOT path)?
That won’t work. grub.cfg under /boot/grub2 expects that grub already knows its installation directory, and grub.efi from installation media is generic one, that needs additional information to find where /boot/grub2 is located. Just copy /boot/grub2/x86_64/grub.efi instead; it normally contains reference to /boot/grub2 location. It won’t work with secure boot, but you disabled it anyway.
IMHO, we, the community, are in a difficult position here:
the concerned hardware is not owned by the thread’s originator;
it’s owned by the thread originator’s employer.
IMHO, we, the community, need to point out to the thread’s originator (possibly an employee of that company) that, we will attempt to not suggest anything which may be construed as being contrary to the company policies of the thread originator’s employer.