Qubes booting in machine with Windows and Linux

311 views
Skip to first unread message

robert...@gmail.com

unread,
Nov 12, 2019, 5:38:26 AM11/12/19
to qubes-users

Hi. I have a triple boot system. When it was just Windows and Linux, Grub 2 let me choose which to boot into. Qubes was the last OS to be installed. I installed it via USB. After installation of Qubes, the computer would only boot into Qubes directly. I tried to follow the instructions of the official Qubes Multibooting document, however, it appears that neither /boot/grub2/grub.cfg or /etc/grub.d/40_custom exists in my Qubes system. In /boot/efi/EFI/qubes there is xen.cfg , xen.efi , xen-4.8.5-7.fc25.efi and a few other files.


When the computer starts up, I am able to boot into Bios setup and manually select which OS to boot into, or change the boot sequence priority . Partition 2 of my computer contains /boot/efi but it does not have /boot/grub or /etc/grub.d . That’s on Partition 3 of my computer, which is where Linux is, along with grubx64.efi . And I believe all 3 OSes are set to UEFI.


My question is, how do I get Qubes into my Grub so that I can select between the 3 OSes when I turn on my computer? Or is it more secure this way, where I need to boot into Bios to boot into Qubes? I’m a rookie, so please point me in the right direction with specific instructions. Thanks in advance!

Charles Peters

unread,
Nov 12, 2019, 12:40:13 PM11/12/19
to robert...@gmail.com, qubes-users
On Tue, Nov 12, 2019 at 5:38 AM <robert...@gmail.com> wrote:

Hi. I have a triple boot system. When it was just Windows and Linux, Grub 2 let me choose which to boot into. Qubes was the last OS to be installed. I installed it via USB. After installation of Qubes, the computer would only boot into Qubes directly. I tried to follow the instructions of the official Qubes Multibooting document, however, it appears that neither /boot/grub2/grub.cfg or /etc/grub.d/40_custom exists in my Qubes system. In /boot/efi/EFI/qubes there is xen.cfg , xen.efi , xen-4.8.5-7.fc25.efi and a few other files.


When the computer starts up, I am able to boot into Bios setup and manually select which OS to boot into, or change the boot sequence priority . Partition 2 of my computer contains /boot/efi but it does not have /boot/grub or /etc/grub.d . That’s on Partition 3 of my computer, which is where Linux is, along with grubx64.efi . And I believe all 3 OSes are set to UEFI.


My question is, how do I get Qubes into my Grub so that I can select between the 3 OSes when I turn on my computer?


You can reinstall grub to the master boot loader using the OS which originally controlled grub, (ie, something like grub-install /dev/sda". then regenerate the grub menu with "update-grub".  Or you can modify the grub settings in qubes to provide the menus you want.

Or is it more secure this way, where I need to boot into Bios to boot into Qubes?


Depends on your threat model.  Qubes is meant to be installed as the only operating system, so you are potentially opening up some risk.


Chuck

robert...@gmail.com

unread,
Nov 13, 2019, 11:41:44 PM11/13/19
to qubes-users
Thanks Chuck! I'll give this a try.

robert...@gmail.com

unread,
Dec 13, 2019, 6:37:18 AM12/13/19
to qubes-users
I tried doing what you mentioned. It seems that I can either boot to Qubes OR Grub where I can choose between Linux and Windows. I would like the Qubes boot manager to control everything so when I start the computer, I can choose between the 3 OSes. What do I need to put into either Grub or Qube's configuration file to do this? I've looked up and tried different lines of code with no success, but I have no coding experience. Thanks for your help.

robert...@gmail.com

unread,
Jan 8, 2020, 7:48:03 AM1/8/20
to qubes-users
Any other recommendations? Thanks!

Rafael Reis

unread,
Jan 11, 2020, 11:58:33 PM1/11/20
to qubes-users
Easiest way is to GPT / UEFI all disks and add all entries to your native BIOS UEFI bootloader. Then just use the specific f-key at power on to call the boot menu and choose your OS. Eliminate grub altogether.

trueriver

unread,
Jan 13, 2020, 10:53:03 AM1/13/20
to qubes-users


On Tuesday, 12 November 2019 17:40:13 UTC, Charles Peters wrote:
...

You can reinstall grub to the master boot loader using the OS which originally controlled grub, (ie, something like grub-install /dev/sda". then regenerate the grub menu with "update-grub".  Or you can modify the grub settings in qubes to provide the menus you want.


This does not work, because the standard Linux grub-install and grub-update commands rely on the existence of grub.cfg to pick up each target system.

The way I "solved" it was to leave the machine booting into grub by defualt, but to bring up the boot menu when I wanted Qubes. This has a slight security-by-obscurity advantage in that it is good for demonstrating that this is a fully working system, witout making the presence of Qubes obvious to a casual check. However, as with all s-by-obs its no defence against expert opposition!

I continue to seek a full solution, especially as one of my machines refuses to bring up the boot menu: manufacturer advice is to select an alternative boot target before closing down windows 10. Happily my machine has not had W 10 since half an hour after I unboxed it... and that is the hidden flaw (for some hardware systems) with Rafael's suggestion.

robert...@gmail.com

unread,
Jan 16, 2020, 4:26:59 AM1/16/20
to qubes-users
Rafael and trueriver, you mean boot into BIOS each time to choose the OS? That's the way I have it now. I hit f1 upon turning the computer on to go into BIOS, and then I have the choice between Qubes or Debian (which is done through Grub, which also gives me the option to choose Windows). Or if I don't boot into BIOS with f1, it goes directly to Grub. Is that what you guys mean?

As I mentioned in my first post, it seems that there might be a security benefit having it this way. Like trueriver said, people can potentially miss the fact that you have Qubes. And I think if the OSes aren't linked or don't know about each other, it's better for security.

Rafael Reis

unread,
Jan 16, 2020, 10:56:10 AM1/16/20
to robert...@gmail.com, qubes-users
Exactly! 

I called my Qubes entry in UEFI bootloader “Recovery” 

That way if someone checks for other boot sources they will only see Windows and Recovery. I keep a windows install in a secondary disk for decoy purposes. It’s the default boot if I press nothing after powering up the system. A little stealth is always welcome.

Em qui, 16 de jan de 2020 às 06:27, <robert...@gmail.com> escreveu:
Rafael and trueriver, you mean boot into BIOS each time to choose the OS? That's the way I have it now. I hit f1 upon turning the computer on to go into BIOS, and then I have the choice between Qubes or Debian (which is done through Grub, which also gives me the option to choose Windows). Or if I don't boot into BIOS with f1, it goes directly to Grub. Is that what you guys mean?

As I mentioned in my first post, it seems that there might be a security benefit having it this way. Like trueriver said, people can potentially miss the fact that you have Qubes. And I think if the OSes aren't linked or don't know about each other, it's better for security.

--
You received this message because you are subscribed to a topic in the Google Groups "qubes-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/qubes-users/S-a9mrCjO2g/unsubscribe.
To unsubscribe from this group and all its topics, send an email to qubes-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7128ce7e-98ee-4221-a663-43def84432d1%40googlegroups.com.

trueriver

unread,
Jan 19, 2020, 8:05:25 AM1/19/20
to qubes-users
Em qui, 16 de jan de 2020 às 06:27, <robert...@gmail.com> escreveu:
Rafael and trueriver, you mean boot into BIOS each time to choose the OS? That's the way I have it now. I hit f1 upon turning the computer on to go into BIOS, and then I have the choice between Qubes or Debian (which is done through Grub, which also gives me the option to choose Windows). Or if I don't boot into BIOS with f1, it goes directly to Grub. Is that what you guys mean?


Exactly (but in my case it is esc, not F1)

R~~

Rafael Reis

unread,
Jan 20, 2020, 10:25:05 AM1/20/20
to trueriver, qubes-users
Most BIOSes don't require you to go into the setup to do that. There is usually and F-key to override the default boot option, and let you choose in a menu which boot drive / partition you'd like to boot. Google your specific machine / laptop / motherboard model manual, or simply ask google something like "dell function key boot menu" and you'll find out that for Dell systems, F12 does the trick.

You have to configure your boot options only once, and then use the F key as a shortcut to the boot menu.

--
You received this message because you are subscribed to a topic in the Google Groups "qubes-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/qubes-users/S-a9mrCjO2g/unsubscribe.
To unsubscribe from this group and all its topics, send an email to qubes-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/989b10ed-5150-42fc-9638-4d6013492609%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages