linux/doc/Hybrid-Boot/README.md

# 3-in-1 Hybrid Boot Disk (BIOS/UEFI)

This guide shows how to prepare a disk on Ubuntu
to be bootable from BIOS, 32-bit and 64-bit UEFI
with Secure Boot enabled.
The intention is to create a bootable USB stick
that can be used to boot a rescue system.

All commands should be executed as root.

For more technical information, see the [notes section](#notes) at the end.

Grub will be used as the bootloader.
Install the following packages:

	apt install grub-efi-amd64-bin grub-efi-ia32-bin grub-pc-bin
	apt install grub-efi-amd64-signed # grub-efi-ia32-signed not available on Ubuntu

## Partitioning

* The GUIDs are fixed for easier setup with Windows
* The last partition is optional: it can be used to make changes of Ubuntu persistent
* Set the `dev` variable accordingly

<!-- -->

	dev=/path/to/dev

	sgdisk --disk-guid=4b534944-4949-4949-b741-44495858580a $dev

	sgdisk --new=1:1M:+1M      --typecode=1:ef02 --partition-guid=1:42555247-4949-4949-b741-44495858580a $dev
	sgdisk --new=2:2M:+14M     --typecode=2:ef00 --partition-guid=2:49494645-4949-4949-b741-44495858580a $dev
	sgdisk --new=3:16M:+496M   --typecode=3:2700 --partition-guid=3:524e4957-4945-4949-b741-44495858580a $dev
	sgdisk --new=4:512M:+2048M --typecode=4:8300 --partition-guid=4:4e554255-5554-4949-b741-44495858580a $dev
	sgdisk --new=5:2560M:4G    --typecode=5:8300 --partition-guid=5:50534143-5245-4949-b741-44495858580a $dev
	sfdisk -A $dev 1

## Format

* Run `partprobe` before working with the disk references below
* The labels are set for easier configuration of GRUB
* The first partition is not formatted as it will be used by GRUB to store its executable code

<!-- -->

	mkdosfs -F 16 -n hybrid-boot   /dev/disk/by-partuuid/49494645-4949-4949-b741-44495858580a
	mkntfs     -Q -L hybrid-winre  /dev/disk/by-partuuid/524e4957-4945-4949-b741-44495858580a
	mkfs.ext4     -L hybrid-ubuntu /dev/disk/by-partuuid/4e554255-5554-4949-b741-44495858580a
	mkfs.ext4     -L casper-rw     /dev/disk/by-partuuid/50534143-5245-4949-b741-44495858580a

## Install GRUB

* Set the `mnt` variable accordingly

<!-- -->

	mnt=/path/to/mount

	mount /dev/disk/by-partuuid/4e554255-5554-4949-b741-44495858580a $mnt
	mkdir -p $mnt/boot/efi
	mount /dev/disk/by-partuuid/49494645-4949-4949-b741-44495858580a $mnt/boot/efi

	grub-install --root=$mnt --removable --no-nvram --uefi-secure-boot --target=x86_64-efi $dev
	grub-install --root=$mnt --removable --no-nvram --uefi-secure-boot --target=i386-efi   $dev
	grub-install --root=$mnt --modules='ext2 part_gpt'                 --target=i386-pc    $dev

Place the following configuration snippets in `$mnt/boot/grub/grub.cfg`.

### Ubuntu

	menuentry 'Ubuntu' {
		search --set --label hybrid-ubuntu
		linux /casper/vmlinuz boot=casper ignore_uuid persistent
		initrd /casper/initrd
	}

The `persistent` parameter is only useful, if the persistence partition was created.

### Windows

	menuentry 'Windows (UEFI)' {
		search --set --label hybrid-boot
		chainloader /EFI/Microsoft/Boot/bootmgfw.efi
	}

	menuentry 'Windows (BIOS)' {
		search --set --label hybrid-winre
		ntldr /Boot/bootmgr
	}

## Copy OS Files

### Ubuntu

* Set the `cdrom` variable accordingly

<!-- -->

	cdrom=/path/to/ubuntu-iso

	cp -r $cdrom/casper $cdrom/preseed $mnt

### Windows

* Set the `cdrom` and `winre` variables accordingly

<!-- -->

	cdrom=/path/to/windows-iso
	winre=/path/to/winre-mnt

	mount /dev/disk/by-partuuid/524e4957-4945-4949-b741-44495858580a $winre

	wim=$cdrom/sources/install.wim

	dir=$winre/Recovery
	mkdir $dir
	7z e -o$dir $wim 1/Windows/System32/Recovery/Winre.wim
	7z e -o$dir $wim 1/Windows/System32/boot.sdi

	dir=$winre/Boot
	mkdir $dir
	7z e -o$dir $wim 1/Windows/Boot/PCAT/bootmgr

	dir=$mnt/boot/efi/EFI/Microsoft/Boot
	mkdir -p $dir
	7z e -o$dir $wim 1/Windows/Boot/EFI/bootmgfw.efi

#### BCD

Copy [winre-uefi.bcd](winre-uefi.bcd) and [winre-bios.bcd](winre-bios.bcd):

	cp winre-uefi.bcd $mnt/boot/efi/EFI/Microsoft/Boot/BCD
	cp winre-bios.bcd $winre/Boot/BCD

## Windows Hybrid Boot

Windows can not be booted from BIOS and UEFI with the same configuration.

The above procedure enables Windows to boot using UEFI.

Do *not* use `sgdisk` for MBR modifications,
because it wipes the MBR boot code of GRUB.

### Boot from BIOS

Windows needs an MBR to boot from BIOS:

	printf 'label-id:0x4b534944\n1,0x7fff,ee,*\n0x8000,0xf8000,27' | sfdisk -Y dos $dev

If you try to boot without the above configuration,
the following message appears in the blink of an eye:

	ata1 master: Unknown device

### Boot from UEFI

Remove the hybrid MBR:

	printf 'label-id:0x00000000\n1,,ee,*' | sfdisk -Y dos $dev

If you try to boot without the above configuration,
the following message appears:

	BlInitializeLibrary failed 0xc00000bb

## Notes

### BIOS Boot

GRUB does not need the active/bootable flag,
but some BIOS firmwares check for it and refuse to boot, if it is not present.
The following message may appear:

	Non-System disk or disk error
	replace and strike any key when ready

To improve hybrid booting capability, the flag is always set on the first partition.

### Windows Bootloaders

The Windows bootloader is configured using a file called `BCD` (Boot Configuration Data).
The file is a binary Windows Registry file and references IDs from the partition table.
This can make Windows boot problems cumbersome to fix.

The above BCD files are usable if the disks were created using the described IDs.
They were created in a VM using BCDEdit:
[create-winre-uefi.bat](create-winre-uefi.bat) and
[create-winre-bios.bat](create-winre-bios.bat).

The UEFI bootloader `bootmgfw.efi` uses the disk and partition GUIDs from the GPT.
The BIOS bootloader `bootmgr` uses the disk signature and partition start offsets in the MBR.

To change GUIDs in a BCD, partitions with the same GUIDs can be recreated in a VM
and BCDEdit can be used to recreate a BCD: [create-minimal.bat](create-minimal.bat).

Alternatively `hivexsh` can be used to change the GUIDs in an existing BCD.

### Casper Persistence

The casper manual mentions the use of a file,
but this only works on FAT, see
[find_cow_device in casper-helpers](https://git.launchpad.net/ubuntu/+source/casper/tree/scripts/casper-helpers).
New Hybrid Boot documentation 2019-01-07 15:31:11 +01:00			`# 3-in-1 Hybrid Boot Disk (BIOS/UEFI)`

			`This guide shows how to prepare a disk on Ubuntu`
			`to be bootable from BIOS, 32-bit and 64-bit UEFI`
			`with Secure Boot enabled.`
			`The intention is to create a bootable USB stick`
			`that can be used to boot a rescue system.`

			`All commands should be executed as root.`

			`For more technical information, see the [notes section](#notes) at the end.`

			`Grub will be used as the bootloader.`
			`Install the following packages:`

			`apt install grub-efi-amd64-bin grub-efi-ia32-bin grub-pc-bin`
			`apt install grub-efi-amd64-signed # grub-efi-ia32-signed not available on Ubuntu`

			`## Partitioning`

			`* The GUIDs are fixed for easier setup with Windows`
			`* The last partition is optional: it can be used to make changes of Ubuntu persistent`
			* Set the `dev` variable accordingly

			`<!-- -->`

			`dev=/path/to/dev`

			`sgdisk --disk-guid=4b534944-4949-4949-b741-44495858580a $dev`

			`sgdisk --new=1:1M:+1M --typecode=1:ef02 --partition-guid=1:42555247-4949-4949-b741-44495858580a $dev`
			`sgdisk --new=2:2M:+14M --typecode=2:ef00 --partition-guid=2:49494645-4949-4949-b741-44495858580a $dev`
			`sgdisk --new=3:16M:+496M --typecode=3:2700 --partition-guid=3:524e4957-4945-4949-b741-44495858580a $dev`
			`sgdisk --new=4:512M:+2048M --typecode=4:8300 --partition-guid=4:4e554255-5554-4949-b741-44495858580a $dev`
			`sgdisk --new=5:2560M:4G --typecode=5:8300 --partition-guid=5:50534143-5245-4949-b741-44495858580a $dev`
Hybrid Boot: Add active/bootable flag 2019-03-18 10:39:40 +01:00			`sfdisk -A $dev 1`
New Hybrid Boot documentation 2019-01-07 15:31:11 +01:00
			`## Format`

			* Run `partprobe` before working with the disk references below
			`* The labels are set for easier configuration of GRUB`
			`* The first partition is not formatted as it will be used by GRUB to store its executable code`

			`<!-- -->`

			`mkdosfs -F 16 -n hybrid-boot /dev/disk/by-partuuid/49494645-4949-4949-b741-44495858580a`
			`mkntfs -Q -L hybrid-winre /dev/disk/by-partuuid/524e4957-4945-4949-b741-44495858580a`
			`mkfs.ext4 -L hybrid-ubuntu /dev/disk/by-partuuid/4e554255-5554-4949-b741-44495858580a`
			`mkfs.ext4 -L casper-rw /dev/disk/by-partuuid/50534143-5245-4949-b741-44495858580a`

			`## Install GRUB`

			* Set the `mnt` variable accordingly

			`<!-- -->`

			`mnt=/path/to/mount`

			`mount /dev/disk/by-partuuid/4e554255-5554-4949-b741-44495858580a $mnt`
			`mkdir -p $mnt/boot/efi`
			`mount /dev/disk/by-partuuid/49494645-4949-4949-b741-44495858580a $mnt/boot/efi`

			`grub-install --root=$mnt --removable --no-nvram --uefi-secure-boot --target=x86_64-efi $dev`
			`grub-install --root=$mnt --removable --no-nvram --uefi-secure-boot --target=i386-efi $dev`
			`grub-install --root=$mnt --modules='ext2 part_gpt' --target=i386-pc $dev`

			Place the following configuration snippets in `$mnt/boot/grub/grub.cfg`.

			`### Ubuntu`

			`menuentry 'Ubuntu' {`
			`search --set --label hybrid-ubuntu`
			`linux /casper/vmlinuz boot=casper ignore_uuid persistent`
			`initrd /casper/initrd`
			`}`

			The `persistent` parameter is only useful, if the persistence partition was created.

			`### Windows`

			`menuentry 'Windows (UEFI)' {`
			`search --set --label hybrid-boot`
			`chainloader /EFI/Microsoft/Boot/bootmgfw.efi`
			`}`

			`menuentry 'Windows (BIOS)' {`
			`search --set --label hybrid-winre`
			`ntldr /Boot/bootmgr`
			`}`

			`## Copy OS Files`

			`### Ubuntu`

			* Set the `cdrom` variable accordingly

			`<!-- -->`

			`cdrom=/path/to/ubuntu-iso`

			`cp -r $cdrom/casper $cdrom/preseed $mnt`

			`### Windows`

			* Set the `cdrom` and `winre` variables accordingly

			`<!-- -->`

			`cdrom=/path/to/windows-iso`
			`winre=/path/to/winre-mnt`

			`mount /dev/disk/by-partuuid/524e4957-4945-4949-b741-44495858580a $winre`

			`wim=$cdrom/sources/install.wim`

			`dir=$winre/Recovery`
			`mkdir $dir`
			`7z e -o$dir $wim 1/Windows/System32/Recovery/Winre.wim`
			`7z e -o$dir $wim 1/Windows/System32/boot.sdi`

			`dir=$winre/Boot`
			`mkdir $dir`
			`7z e -o$dir $wim 1/Windows/Boot/PCAT/bootmgr`

			`dir=$mnt/boot/efi/EFI/Microsoft/Boot`
			`mkdir -p $dir`
			`7z e -o$dir $wim 1/Windows/Boot/EFI/bootmgfw.efi`

			`#### BCD`

			`Copy [winre-uefi.bcd](winre-uefi.bcd) and [winre-bios.bcd](winre-bios.bcd):`

			`cp winre-uefi.bcd $mnt/boot/efi/EFI/Microsoft/Boot/BCD`
			`cp winre-bios.bcd $winre/Boot/BCD`

			`## Windows Hybrid Boot`

			`Windows can not be booted from BIOS and UEFI with the same configuration.`

			`The above procedure enables Windows to boot using UEFI.`

			Do not use `sgdisk` for MBR modifications,
			`because it wipes the MBR boot code of GRUB.`

			`### Boot from BIOS`

			`Windows needs an MBR to boot from BIOS:`

Hybrid Boot: Add active/bootable flag 2019-03-18 10:39:40 +01:00			`printf 'label-id:0x4b534944\n1,0x7fff,ee,*\n0x8000,0xf8000,27' \| sfdisk -Y dos $dev`
New Hybrid Boot documentation 2019-01-07 15:31:11 +01:00
			`If you try to boot without the above configuration,`
			`the following message appears in the blink of an eye:`

			`ata1 master: Unknown device`

			`### Boot from UEFI`

			`Remove the hybrid MBR:`

Hybrid Boot: Add active/bootable flag 2019-03-18 10:39:40 +01:00			`printf 'label-id:0x00000000\n1,,ee,*' \| sfdisk -Y dos $dev`
New Hybrid Boot documentation 2019-01-07 15:31:11 +01:00
			`If you try to boot without the above configuration,`
			`the following message appears:`

			`BlInitializeLibrary failed 0xc00000bb`

			`## Notes`

Hybrid Boot: Add active/bootable flag 2019-03-18 10:39:40 +01:00			`### BIOS Boot`

			`GRUB does not need the active/bootable flag,`
			`but some BIOS firmwares check for it and refuse to boot, if it is not present.`
			`The following message may appear:`

			`Non-System disk or disk error`
			`replace and strike any key when ready`

			`To improve hybrid booting capability, the flag is always set on the first partition.`

New Hybrid Boot documentation 2019-01-07 15:31:11 +01:00			`### Windows Bootloaders`

			The Windows bootloader is configured using a file called `BCD` (Boot Configuration Data).
			`The file is a binary Windows Registry file and references IDs from the partition table.`
			`This can make Windows boot problems cumbersome to fix.`

			`The above BCD files are usable if the disks were created using the described IDs.`
			`They were created in a VM using BCDEdit:`
			`[create-winre-uefi.bat](create-winre-uefi.bat) and`
			`[create-winre-bios.bat](create-winre-bios.bat).`

			The UEFI bootloader `bootmgfw.efi` uses the disk and partition GUIDs from the GPT.
			The BIOS bootloader `bootmgr` uses the disk signature and partition start offsets in the MBR.

			`To change GUIDs in a BCD, partitions with the same GUIDs can be recreated in a VM`
			`and BCDEdit can be used to recreate a BCD: [create-minimal.bat](create-minimal.bat).`

			Alternatively `hivexsh` can be used to change the GUIDs in an existing BCD.

			`### Casper Persistence`

			`The casper manual mentions the use of a file,`
			`but this only works on FAT, see`
			`[find_cow_device in casper-helpers](https://git.launchpad.net/ubuntu/+source/casper/tree/scripts/casper-helpers).`