For security reasons I would like to install a secondary completely independent operating system on a single-hard-drive computer using UEFI. Both installations should be able using different LUKS crypto partitions as root device (LVM on top of crypto) and need to be able to use their own kernels.
Having dual boot with two different operating systems is not a big deal. A Ubuntu and Fedora will not interfere and can share the EFI system partition, but two Ubuntu installations will fight with each other because they want both install their Grub instance on the same EFI location.
Is there a way to change Ubuntu to install Grub on a different location than
/boot/efi/EFI/ubuntu
during installation? I need a persistent way, so that package updates and kernel/grub updates still install in that path. Just like how Fedora's Grub would install in/boot/efi/EFI/fedora
. I can't find that configuration option in Grub. If I could, my Dell UEFI boot menu would allow me to choose which OS to load. Perhaps I'm missing some glue between efibootmgr and grub-efi here.Alternatively, would it be possible to use a single Grub installation from one of the two Ubuntu installations and have it automatically detect the right boot settings? I mean, I know
os-prober
will find the other/boot
partition with kernels, but how can it know the right boot parameters for that OS (e.g. LVM volume inside locked crypto volume as root filesystem)? I can understand it can with unencrypted single-partition installations, but it can't match a/boot
with its corresponding root filesystem, right? And it's completely impossible if encrypted. So that would require a lot of manual tweaking of the grub configuration files. I also dislike this option of a single shared bootloader configuration, making the two operating systems less isolated to some extent.
I'm fine with server text-based expert installation, by the way. Also some custom configuration as long as I don't have to repeat the steps for every kernel/Grub update.
I have two suggestions...
Option #1: Separate ESPs
Under EFI, the boot loader resides on "the" EFI System Partition (ESP). I put the word "the" in quotation marks because there's no rule that says you're limited to one ESP. If you create two ESPs on your hard disk, you can use one of them for your first installation and the second ESP for the second installation. This should work pretty seamlessly, although you'll have to create your partitions manually (using the "Something Else" option during installation), at least for your second Ubuntu installation.
One problem with this approach is that, although the EFI specification explicitly states that you can create as many ESPs as you like, some software might become confused by it. One prominent example of this is the Windows installer, at least through Windows 7 (I don't know about Windows 8 or later); when the Windows 7 installer sees a disk with two ESP, it flakes out and does weird things. IIRC, it doesn't complete its own installation properly. It's conceivable that Windows repair tools would suffer from the same problem. If you're not booting Windows on this system, this shouldn't be a big deal. If you are booting with Windows, you should simply be aware of the problem, because you can easily overcome it by temporarily changing the type code of the non-Windows ESP(s) if you run into problems. Note that Windows will boot just fine on a disk with multiple ESPs; it's just the installer that chokes on such disks.
Another issue is how you'd switch between your two distributions. You might need to customize one or both of your installations' GRUB setups using a tool like GRUB Customizer. Another (but not incompatible) option would be to use your firmware's own boot manager to switch between your two GRUB installations, and use each one to boot just its own version of Ubuntu.
Option #2: Abandon GRUB (or at least Ubuntu's GRUB tools)
The problem with GRUB for your situation is that you've got two installations and the GRUB maintenance tools are likely to become confused by that configuration. This observation leads to the obvious solution that you should simply not use those tools. There are several other EFI boot loaders for Linux, most of which are easier to manually maintain than GRUB. You could set up ELILO, SYSLINUX, Fedora's patched GRUB Legacy, gummiboot, or rEFInd and manage both your installations manually. In fact, because rEFInd detects kernels whenever it boots, rEFInd should be close to no-maintenance, once it's set up. Alternatively, but in a similar vein, you could hand-edit your
grub.cfg
file to do what you want, rather than rely on the GRUB setup scripts.Aside from rEFInd, all of these tools will require you to make configuration changes whenever you update a kernel, which will be a drag. There's also the question of when and how to install the extra boot program. I'd probably put it off until after your second Ubuntu installation, since each installation will register its own copy of GRUB as the default boot loader, and you want to override that default.
Note also that none of these tools can read a kernel from an encrypted filesystem or from an LVM, so you'll need to have a separate unencrypted
/boot
partition for each of your Ubuntu installations. This is the way most instructions I've seen say to set up an encrypted Ubuntu installation anyhow, so it's probably not a big deal unless you want to play on the "bleeding edge" of disk encryption.Some EFI boot loaders have additional specific partitioning or filesystem requirements. Most notably, ELILO, SYSLINUX, and gummiboot all require the kernel to reside on a FAT partition, and the ESP works best for this. You can do this by mounting the ESP at
/boot
, but this is an iffy solution in Ubuntu because some package updates require symbolic links. You'd also have trouble doing this with two separate Ubuntu installations because they'd both try to claim the same files. (In this case, "the ESP" really means "the partition from which the boot loader ran," so you can have just one ESP in this case.) GRUB Legacy and rEFInd are more flexible about this.My Recommendation
Personally, I'd use rEFInd for this -- but as I maintain rEFInd, I'm not exactly unbiased. In fact, I've got a computer that multi-boots between three Ubuntu installations, and rEFInd switches between them just fine. This particular system doesn't use encryption, but I doubt if that will cause any new problems from rEFInd's perspective.
That said, separate ESPs should work fine, too, with the caveat that you might need to use GRUB Customizer to tweak the settings of at least one of those GRUB copies.
Here are the steps I used to dual boot with two LUKS encrypted Ubuntu systems on a single hard drive with UEFI using option #2 recommended by Rod Smith previously. This was specifically with Ubuntu 18.04.1-desktop. Home directory encryption is no longer given as an option during install as there are concerns of the reliability and maintenance of eCryptfs. It is recommended to use LUKS instead, so I think is the best option to have multiple users with encrypted home partitions.
I use the following approach with a single ESP:
I created additional boot-loaders for each OS with
using a different
ID
for each operating system.Example:
I have Ubuntu 16.04 and Ubuntu 18.04 installed. I boot into Ubuntu 16.04 and run
Then from booted into Ubuntu 18.04 I run
In the UEFI-settings I see the new boot entries with the names
Ubuntu1604
andUbuntu1804
and rearrange the boot order to set one of the new entries to the first place.I can also see the folders with this names in the ESP.
When a system upgrade ships with a new version of grub, it will reinstall a fresh instance of grub to the
ubuntu
-folder on the ESP, it will not affect the boot-loaders I created myself, but I have to rearrange the boot-order again as theubuntu
-entry will be pushed to the first place in the boot-order.This is what
efibootmgr -v
shows in my configuration:I tried the approach with single ESP and separate bootloader-ids and it mostly works. I can confirm that update-grub detects all of the Ubuntu installations, even if they are on encrypted LVM with separate unencrypted /boot partitions.
I only had one issue that grub kept showing the boot menu of the "non-main" installation, even though the "main" was selected first in the EFI firmware. So I had to run grub-install once again without bootloader-id. Not sure why this is the case, it shouldn't use the grub.cfg from the default EFI/ubuntu at all.