Multi-booting Windows 10 and OpenBSD

Introduction

This information is condensed and refined (or rEFInd?) from my earlier narrative-style blog post about the same topic

Steps

  1. Ensure you have recovery media for your computer. You may need to download it and burn it to DVD or write it to a USB drive. 
  2. Disable Windows' BitLocker, if enabled, using the BitLocker Drive Encryption control panel. 
  3. Disable Windows' "Fast Boot" by opening an administrator-level cmd.exe or powershell window and running "powercfg /h off
  4. Download the OpenBSD Installer and write it to optical media or a USB drive according to the OpenBSD FAQ
  5. Download the gParted Live media and create a Live CD or Live USB according to the gParted installation instructions
  6. On any modern computer, you need to reboot and enter your computer's boot settings and disable Secure Boot mode to continue.
  7. Boot from the gParted live media. Note the device name in the upper right corner. You'll need that later. 
  8. Shrink the Windows partition by the amount of storage you wish to allocate to OpenBSD.
  9. Create a new partition in the free space. Just make it a Linux ext4 partition, you will have to edit it later because gParted doesn't know about OpenBSD partitions. Apply the changes and exit the gParted utility.
  10. Open a Terminal (icon on the desktop) and run "gdisk" followed by the device name noted in step 6. On my laptop, that was "gdisk /dev/nvme0n1"
  11. Use the "p" option to display the partition entries, and look for the "Linux" partition you created. 
  12. Use the "t" menu option to edit the "Linux" partition and then set the type to A600, which is the identifier for OpenBSD disklabel partitions.
  13. Optionally, use the "b" menu option to make a backup of the partition table just in case. Store it on the gparted usb stick.
  14. use the "w" menu option in gdisk to write the new GPT to disk. 
  15. Reboot. Windows should still be working fine. If it doesn't, something has gone wrong, and you'll need to start over.
  16. Shut down, then boot into the OpenBSD installer. Walk through the options, but pay very close attention to the disk setup. Use the "OpenBSD Area" option. If you choose "whole disk" or "gpt" you will destroy your windows partition. Set up the OpenBSD disklabel as you want, but I typically recommend newcomers make one big root filesystem for workstations and laptops. Once the installation is complete, do not reboot.
  17. Insert some other storage media formatted as FAT, make a directory called /usb, and mount it to /usb. Copy the OpenBSD EFI bootloader to the USB drive:
    mkdir /usb
    mount /dev/sd1i /usb  # sd1i is an example, your device name may vary
    cp /mnt/usr/mdec/BOOTX64.EFI /usb/bootx64_openbsd.efi
    umount /usb
  18. Remove the OpenBSD install media and the second USB drive with the OpenBSD EFI bootloader, then reboot. Windows should still come up. If you got this far, you're pretty much in the clear.
  19. Download rEFInd and then follow the Windows Installation Instructions.
  20. While you're installing rEFInd, you will have an R: virtual drive available, from the step where you ran "mountvol R: /S" from within an administrator cmd.exe window. Attach the USB Drive containing the bootx64_openbsd.efi file, and from within the administrator cmd.exe window, run "COPY E:\bootx64_openbsd.efi R:\EFI\boot\bootx64_openbsd.efi"- You may also optionally download a cute OpenBSD logo and save it as R:\EFI\refind\icons\os_openbsd.png
  21. Add the following text to the end of the refind.conf file while following the installation instructions:
    menuentry “OpenBSD”
    {
    icon \EFI\refind\icons\os_openbsd.png
    loader \EFI\boot\bootx64_openbsd.efi
    }
  22. Go ahead and reboot. You should get a screen similar to the photo at the top of this article. 
  23. You may wish to re-enable Windows BitLocker Full-Disk encryption at this point. Be absolutely certain to make a backup of your BitLocker recovery key. Store it somewhere safe. You can also save it to your Windows Live account, which I think is relatively safe for the typical laptop user, provided your Windows Live account has two-factor authentication enabled.
  24. Windows Update will occasionally override rEFInd. Follow the information at the end of this post for some help with that. 

Dealing with Windows BitLocker and Boot Coups

Windows update may occasionally override rEFInd as the default boot manager, and boot straight into Windows without giving you the rEFInd menu. If you have BitLocker enabled, any changes to the boot manager or other system integrity critical system will trigger Windows to require your BitLocker Recovery Key. This is a 48-digit-long mess that you will not feel like typing in once a month (or, weekly for folks like me using the Windows Insider program). You can temporarily suspend bitlocker and its system integrity protection from within a PowerShell window, and you can then safely re-assert rEFInd as the default boot manager. Paste this into a PowerShell window and you should be good to go. This is how I've been handling Windows' Boot Coup syndrome. 

Suspend-BitLocker -MountPoint "C:" -RebootCount 1 

start-process -verb RunAs bcdedit -ArgumentList "/set {bootmgr} path \EFI\refind\refind_x64.efi"

When you reboot, you should see the rEFInd boot manager again.

blog comments powered by Disqus