Re: [qubes-users] Dual booting Qubes and Qubes?

2019-12-21 Thread Claudia
December 20, 2019 2:19 PM, "Claudia"  wrote:
> 
> I decided I'm going to try the dual-ESP approach first and see if it works. 
> If not, then I'll try
> the EFI directory hack.
> 
> I formatted my disk like: ESP, /boot, root, ESP, /boot, root, (swap); and 
> installed Qubes into the
> first "slot". I still have to install another Qubes instance into the second 
> "slot" and make sure
> they both work. I'll follow up when I do.

The dual ESP approach seems to be working fine for me, but you do have to 
manually fiddle around with efibootmgr. The installer overwrites existing Qubes 
entries, although I'm not sure what exactly it looks for. Maybe changing the 
label would be sufficient to preserve it.

Dual booting R4.1 and R4.0, both using btrfs on dm-crypt. I can't speak to how 
LVM or anything else might be affected.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b673b6683a5fa2bd9008f6e45a64e0a2%40disroot.org.


Re: [qubes-users] Dual booting Qubes and Qubes?

2019-12-20 Thread Claudia
December 19, 2019 3:44 PM, "awokd' via qubes-users" 
 wrote:

> Claudia:
> 
>> My original thought was to just give each one its own directory in
>> /boot/efi/EFI/, but the /boot/efi/EFI/qubes/ path seems to be hard coded
>> somewhere, probably either in the grub2-efi package (which installs a
>> precompiled efi binary to that directory) or in a grub2-install hook
>> somewhere. Not sure which of those methods Qubes uses. At least, I
>> couldn't figure out any way to persistently change the name of the EFI
>> directory. Of course you could make your own directories by copying the
>> files. e.g. /boot/efi/EFI/qubes{0,1}/, but when it updates (or you
>> reinstall one of them), they would both try to install to
>> /boot/efi/EFI/qubes/ again. And you'd have to manually change the path
>> each time with efibootmgr.
> 
> This is partly what I need to do anyways on an older UEFI system. I
> wrote a script that copies the updated files over to BOOTX64, and run it
> after every update that touches EFI. Shouldn't be too hard to add
> efibootmgr to it, and an edit to the .cfg file pointing at the
> appropriate root=. Ignore the redundant .efi copies at the end; I'm
> still not entirely sure which one my half broken UEFI implementation uses.
> 
> rm /boot/efi/EFI/BOOT/init*
> rm /boot/efi/EFI/BOOT/vmlinuz*
> cp /boot/efi/EFI/qubes/init* /boot/efi/EFI/BOOT/
> cp /boot/efi/EFI/qubes/vmlinuz* /boot/efi/EFI/BOOT/
> cp /boot/efi/EFI/qubes/xen.cfg /boot/efi/EFI/BOOT/BOOTX64.cfg
> ls /boot/efi/EFI/qubes/xen-*.efi
> cp /boot/efi/EFI/qubes/xen-*.efi /boot/efi/
> cp /boot/efi/EFI/qubes/xen-*.efi /boot/efi/EFI/BOOT/
> cp /boot/efi/EFI/qubes/xen-*.efi /boot/efi/EFI/BOOT/BOOTX64.efi
> 

I see. I'm guessing your firmware only attempts to read from 
/boot/efi/EFI/BOOT/BOOTX64.efi, even if the menu entry has a different path? I 
think an approach like this could work for managing EFI directories manually. 
Automated by a script of course, but still manual in the sense it's not handled 
by the OS.

I was really hoping there was a config setting or variable somewhere that could 
change the EFI directory, e.g. to /boot/efi/EFI//. On systems that 
use grub-install, this is specified by --bootloader-id= argument. So in that 
case you may be able replace /usr/bin/grub-install with a wrapper script that 
forces your desired --bootloader-id argument. However Fedora doesn't use 
grub-install, it uses a package which installs a prebaked grubx64.efi binary 
which is installed to the hardcoded path /boot/efi/EFI/fedora. This is in order 
to support Secure Boot. I'm assuming Qubes does it the same way. I'm also 
assuming that "fedora" gets changed to "qubes" by a patch or a compile-time 
variable but is not configurable at runtime. Maybe there's an option in Yum/dnf 
similar to apt's redirect option, to configure a file to be installed at a 
different path than what it's packaged as. I have no idea.

I did some research, and apparently this is a very common flaw. In fact, Mint 
uses the hardcoded directory /boot/efi/EFI/ubuntu/, meaning you can't dual boot 
Mint and Ubuntu from the same ESP. But the good news is that you can use more 
than one ESP, as long as your firmware supports it (it sounds like most of them 
do). So that's also an option. I was originally worried it would cause problems 
that they're using the same UUID, but actually they don't. I was confusing the 
filesystem UUID, which is unique, with the GPT partition identifier (GUID), 
which is a magic value. And I remembered you could also mount them by label 
anyway. 
https://www.zdnet.com/article/hands-on-linux-uefi-multi-boot-part-three-problem-solving/

So I guess I could use /boot/efi/EFI/qubes/ as a sort of staging area for both 
instances of Qubes, and then religiously after every update, run a script to 
move the directory to /boot/efi/EFI/qubes{0,1,...}, and then delete the 
newly-created efibootmgr entry for \EFI\qubes\grubx64.efi and (if necessary) 
re-create the one for \EFI\qubesN\grubx64.efi. Or, perhaps there's some way to 
prevent modification of efibootmgr entries so the package install hook (or 
whatever) can't mess with it.

I decided I'm going to try the dual-ESP approach first and see if it works. If 
not, then I'll try the EFI directory hack.

I formatted my disk like: ESP, /boot, root, ESP, /boot, root, (swap); and 
installed Qubes into the first "slot". I still have to install another Qubes 
instance into the second "slot" and make sure they both work. I'll follow up 
when I do.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f5c224eda7a05920ab205a2224c58b64%40disroot.org.


Re: [qubes-users] Dual booting Qubes and Qubes?

2019-12-19 Thread 'awokd' via qubes-users
Claudia:
> My original thought was to just give each one its own directory in
> /boot/efi/EFI/, but the /boot/efi/EFI/qubes/ path seems to be hard coded
> somewhere, probably either in the grub2-efi package (which installs a
> precompiled efi binary to that directory) or in a grub2-install hook
> somewhere. Not sure which of those methods Qubes uses. At least, I
> couldn't figure out any way to persistently change the name of the EFI
> directory. Of course you could make your own directories by copying the
> files. e.g. /boot/efi/EFI/qubes{0,1}/, but when it updates (or you
> reinstall one of them), they would both try to install to
> /boot/efi/EFI/qubes/ again. And you'd have to manually change the path
> each time with efibootmgr.

This is partly what I need to do anyways on an older UEFI system. I
wrote a script that copies the updated files over to BOOTX64, and run it
after every update that touches EFI. Shouldn't be too hard to add
efibootmgr to it, and an edit to the .cfg file pointing at the
appropriate root=. Ignore the redundant .efi copies at the end; I'm
still not entirely sure which one my half broken UEFI implementation uses.

rm /boot/efi/EFI/BOOT/init*
rm /boot/efi/EFI/BOOT/vmlinuz*
cp /boot/efi/EFI/qubes/init* /boot/efi/EFI/BOOT/
cp /boot/efi/EFI/qubes/vmlinuz* /boot/efi/EFI/BOOT/
cp /boot/efi/EFI/qubes/xen.cfg /boot/efi/EFI/BOOT/BOOTX64.cfg
ls /boot/efi/EFI/qubes/xen-*.efi
cp /boot/efi/EFI/qubes/xen-*.efi /boot/efi/
cp /boot/efi/EFI/qubes/xen-*.efi /boot/efi/EFI/BOOT/
cp /boot/efi/EFI/qubes/xen-*.efi /boot/efi/EFI/BOOT/BOOTX64.efi

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/93e03a28-1ce8-e9dd-a1f5-b6538dc6f608%40danwin1210.me.


[qubes-users] Dual booting Qubes and Qubes?

2019-12-15 Thread Claudia
I'm wondering what the best way is to go about installing two instances 
of Qubes 4.1 on the same machine, which are more or less independent of 
each other.


It's fairly easy to dual boot different OSes because they each have 
their own EFI directory, e.g. /boot/efi/EFI/{qubes,fedora,ubuntu}, but 
what happens when you want to dual boot two of the same OS? (Or two 
different releases of the same OS?)


My original thought was to just give each one its own directory in 
/boot/efi/EFI/, but the /boot/efi/EFI/qubes/ path seems to be hard coded 
somewhere, probably either in the grub2-efi package (which installs a 
precompiled efi binary to that directory) or in a grub2-install hook 
somewhere. Not sure which of those methods Qubes uses. At least, I 
couldn't figure out any way to persistently change the name of the EFI 
directory. Of course you could make your own directories by copying the 
files. e.g. /boot/efi/EFI/qubes{0,1}/, but when it updates (or you 
reinstall one of them), they would both try to install to 
/boot/efi/EFI/qubes/ again. And you'd have to manually change the path 
each time with efibootmgr.


My other thought is to give each instance its own EFI partition, /boot 
partition, and root partition. efibootmgr allows you to specify which 
partition, by index, the path resides on for a given boot menu entry. 
However it's technically out of spec to have more than one EFI partition 
on the same device and I don't know if UEFI implementations know how to 
handle multiple EFI partitions correctly. Additionally, since EFI 
partitions all use the same magic UUID, the OS wouldn't know which one 
to mount at /boot/efi, so they could easily get mixed up. I guess you 
could reconfigure /etc/fstab to mount based on partition number, e.g. 
/dev/sda1, /dev/sda4, but that brings its own set of problems. 
Nevertheless it seems like this might be the best option.


Another option is to uninstall grub on one of them, so that only one 
instance ever touches /boot/efi/EFI/qubes. And then write a custom 
grub.cfg with a menuentry for each instance. However I don't know how 
you'd prevent the installer ISO from trying to install a boot loader 
initially. A major reason for having two separate instances is so that I 
can reinstall one or the other from ISO without much trouble. So I don't 
want the installer clobbering my boot loader every time. Additionally 
you'd have to manually modify your grub config with the new UUIDs every 
time you reinstall.


I'm still new to UEFI systems so I don't know if any of these would 
work. Anyone have any ideas or insights? (Funny how UEFI redesigned the 
entire boot process, and it's still just as messy as it was before.)


-
This free account was provided by VFEmail.net - report spam to ab...@vfemail.net

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a87e590b-7cd8-e081-58bc-1bf7c61d0a8c%40vfemail.net.