You are not logged in.

#1 2023-11-20 21:35:10

satchmosgroove
Member
From: Long Beach, NY
Registered: 2010-01-13
Posts: 88

Protect EFI partition when dual boot with windows

How can I (and do I need to) protect my EFI partition from windows making changes to it?

I read on the wiki for EFI system partition that there is supposed to be a difference between mounting it under /boot and /efi. But is this making a difference? How would windows see them different, if they are not mounted, because I am not in Arch, when windows would see the partition?

I had a mounting error for the boot partition and when I looked, the kernel images were gone. not sure why that happened, could have been an arch update as well, but I am guessing Windows messed with it. It's a work laptop and windows always does sneaky stuff without me realizing or even prompting anything. Once I reinstalled linux and linux-lts, the msising files were created and I could boot normally again. Can I prevent this from happening?

I have an ecrypted root and mount my own efi partition under /boot

Offline

#2 2023-11-20 22:08:07

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 23,074

Re: Protect EFI partition when dual boot with windows

Mounting makes no difference to Windows whatsoever.

The mounting error removing your kernel images is either filesystem corruption in general or you not having sufficient ESP space, how big is your /boot partition?

Generally speaking Windows does not mess with your linux files residing on the same ESP. FAT partitions in general are brittle because FAT as a filesystem is. If you want to have better peace of mind , offload your kernel images to a different partition (if you use a bootloader that is able to read your encrypted root/use that, otherwise make a distinct ext4 or so partition mounted to /boot carrying your kernel images and leave a not often changing and small bootloader on the ESP)

Offline

#3 2023-11-20 23:13:32

satchmosgroove
Member
From: Long Beach, NY
Registered: 2010-01-13
Posts: 88

Re: Protect EFI partition when dual boot with windows

okay, thanks. You made me check. I have several installations, always 512M for /boot.
That one work laptop is my only dual boot with windows and has 183M available on that partition.

But, it also has folders /boot/EFI/[Microsoft,HP,Boot], which the others don't have. So, MS is putting stuff in there.

I might mount to /boot/efi going forward, seems to avoid space and FAT limitations according to the wiki.

Offline

#4 2023-11-20 23:20:30

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 23,074

Re: Protect EFI partition when dual boot with windows

Of course MS is putting stuff there, it's how it (and any operating system) is booting. It will (generally) not actively touch anything that isn't from MS but not sure whether you have some company policy shenanigans going on.

Mounting simply tells your linux system you want "partition X visible at location Y". It does not change anything about what would happen to anything that handles said partition outside of your linux system.

If you do that naively, you will end up with an unbootable system at the latest when the next kernel update arrives as your bootloader won't be configured to load kernel images from your root parittion (where /boot is now a plain folder). Since your system is encrypted this will not be completely trivial.

If you want help with this, state the approach you want to take and which bootloader you're currently using.

Offline

#5 2023-11-20 23:40:46

satchmosgroove
Member
From: Long Beach, NY
Registered: 2010-01-13
Posts: 88

Re: Protect EFI partition when dual boot with windows

I see what you mean. Thanks for the offer.

I somehow thought I created a second EFI partition, only for Arch, but now I can only see one. That's maybe, what threw me off as well.

Next time this happens I might change it and then figure it out while staying encrypted. The tinkerer in me would then try to figure this out on my own, first :-)

Offline

Board footer

Powered by FluxBB