I’m new to CachyOS / Arch but I’ve been doing dualboot with encrypted Linux partitions for years. Mostly Debian and Ubuntu so far. Since the Ubuntu installer does support this quite well out of the box I never really had to dig into UEFI specifics.
Now I want to set up CachyOS and I uses a slightly different approach and I have some questions. Ubuntu would use an unencrypted /boot partition while CachyOS prefers to encrypt that as well.
My system has two M.2 SSDs. One for windows and one for Linux.
Windows is already set up and working, but I’ll need to make sure that I can chain load the Windows boot loader from the Linux boot manager.
Q: Can I use dualboot when the entire Linux disk is encrypted? I don’t think this should work since the sytem will need an EFI partition, correct?
If a fully encrypted disk doesn’t work, how should I partition the Linux disk to make this work?
I was thinking about having a small UEFI partition, an unecrypted boot partition (not optimal, I know, but acceptable for my use case) and then I wanted to make the rest a LUKS partition with btrfs inside.
The installer would ask me to also have an unformatted 8MiB partition with the boot-grub tag. What is that for?
And finally: Which boot manager should I use? I know systemd-boot won’t support dual boot. But is there any advantage using rEFInd over GRUB? I don’t really care about any features or themes as long as I can dualboot to either Linux or Windows.
I don’t know where you got that info but it’s untrue. We prefer systemd-boot and rEFInd over GRUB. While I don’t know about rEFInd, I certainly know that systemd-boot doesn’t support encrypting the /boot (EFI) partition.
Where did u get this info too? systemd-boot works fine with dual boot.
This sounds like you’re using MBR/CSM enabled. You shouldn’t need this
Yes. The installer has a checkbox to enable encryption. That should be enough.
I did get the impression after reading Offered Boot Managers | CachyOS. But looking at it again I see that it doesn’t explicitly say that dual boot isn’t supported. In that case systemd-boot might be just what I’m looking for. Thank you.
You are right. I was mislead. Thanks.
That was a test in a VM. I guess I should double check this on the physical machine.
Thanks, then I’ll try that.
Maybe one additional question: How do I make sure that my existing ESP (EFI system partition) is used correctly? The ESP is on my Windows SSD (because I did install Windows before Linux). Will the installer auto-detect it or do I need to mount it to /efi manually during setup?
If the installer detects an existing EFI partition, it will use it. Use the correct installation method accordingly (replace a partition or install alongside). Make sure the EFI partition is big enough, you’ll probably need 2GBs of space to dual boot.
If anyone is wondering: I ended up using systemd-boot and that seems to work great for me.
I did try GRUB at first but that would always fail to decrypt my disk after 2 or 3 reboots. Not sure what was wrong there, but I didn’t feel like spending too much time to investigate. But after a fresh reinstall with systemd-boot everything seems to work as I’d like it to. Adding Windows chain-loading to the boot menu did require me to create the loader config myself, but that was pretty easy and now that seems to work as well.