Get Linux on an Untrusted Laptop

Get Linux on an Untrusted Laptop

Some of the changes in modern kits, especially portable ones, seem to be intentionally inconvenient for Linux users, but you can usually work around them.

The Reg The FOSS office recently reported on this year’s Ubuntu laptop from Dell. It’s a good thing to have a shipping kit approved and certified for Linux by major vendors, but it doesn’t help if you have an unapproved model. We recently fought with such a machine – this is the report from the front line. For reference, this is a Dell Latitude 5420, UEFI, Core i5, SSD only, USB-C and USB-3.

We’re going to assume that your laptop comes with Windows pre-installed, simply because most of them do. Apple laptops are a whole other world of suffering, and since those from Intel are on the way out and the only distro for the Arm-powered kit isn’t here yet, we’ll leave that for another day.

The first things you should do are easier on Windows though, so don’t erase it just yet. In fact, we suggest not wiping it at all. As a general rule of thumb, unless you’re very short on space, we recommend dual booting. You can drastically shrink a Windows C drive, and having a rescue operating system handy can come in handy in an emergency.

Second, if it’s a company machine, check with the IT department that you’re authorized to do so. Many won’t let you and it’s not worth losing your job.

Before you touch anything, we suggest you prepare a Ventoy USB drive with the ISO file for your Linux distribution of choice, along with a copy of the ISO installer for your version of Windows from the page download from Microsoft. The often handy SystemRescue wouldn’t hurt either.

Step 1: Update your firmware

For convenience, we’ll call it BIOS, although on a new box it’s almost certainly UEFI. Determine the exactly model number. A really easy way to do this that a surprising number of people overlook is to just flip the thing over and look for a sticker on the base. Next, search the manufacturer’s website for the latest BIOS and compare it to the current one. If you are booting Linux from a USB key, the command dmidecode -s bios-version will usually tell you.

How to update it varies wildly from brand to brand. You might be able to download and run a Windows application, or download a file and write it to a blank USB drive and then boot from it, or just copy a file to USB and read it from the BIOS itself. same. It varies. Google for the BIOS hotkeys for this machine, as they vary a lot: they can be Esc, Del, F1, F2, F10, F12 or even a combination. Ideally, the two you need are the key combination to enter BIOS setup and, if possible, the one to choose a boot device.

Step 2: Make sure Linux can see and read your disks

As The Reg The FOSS desktop favors older ThinkPads with full-travel keyboards, this 2021 model came as a bit of a shock. For example, it has a power button where the delete key should be, because apparently product designers don’t type.

What was more surprising was that Linux couldn’t read its hard drive. He didn’t even know there was one.

We found that the machine came with an encrypted hard drive, using Windows 10’s Bitlocker, although we never set a password. Your provider may publish instructions on how to disable this. Otherwise, Microsoft does. Disable it and wait for the job to complete.

Even so, Linux couldn’t see the disk. Although it’s a thin laptop with a single SSD slot, Dell ships it configured for RAID with Intel’s “Rapid Storage Technology” driver. This means that third-party operating systems cannot see the drive. Although it’s easy to change this in the BIOS, the problem is that Windows won’t boot.

So don’t change the BIOS setting yet. First, start Windows and configure it to start in safe mode. Open a command prompt in administrator mode and enter this command:

bcdedit /set {current} safeboot minimal

Then you can enter BIOS and change the setting to normal AHCI mode. Windows will load into safe mode, detect and install the new storage driver. Reboot to verify that it works, then disable safe mode again from an Admin command prompt:

bcdedit /deletevalue {current} safeboot

Kudos to “LinuxSecurityFreak” for the second response to this issue on StackExchange.

After that, Windows should start normally.

Step 3: Minimize windows

You can now do some housekeeping in Windows to make room. A hibernate file in an operating system you don’t use is a waste of disk space, and disabling it also disables Windows “Fast Boot” mode which prevents Linux from mounting the disk. Again, open an Admin command prompt and type:

powercfg /h off

If the machine has been in use for a while, it’s a good plan to run a disk check. Open an Admin command prompt again and type:

chkdsk c: /f

Answer yes with a Y, then reboot.

We also recommend that you run Disk Cleanup twice. The first time, run it in normal mode, check all the boxes and let it do its thing. Then run it again, click “Clean up system files” and run it Again. The second time usually takes a lot longer, but cleans more stuff, including hard-to-remove stubborn stains like Windows Update backups.

The rest is somewhat up to you. If you don’t expect to need Windows, you can do a pretty thorough job. For example, use Control Panel to uninstall all optional extras in sight, then PowerShell to remove all “modern” apps.

Step 4: Delete excess partitions

Windows usually tends to come with a “recovery partition”, but since you can reinstall using Microsoft’s ISO file, you don’t really need it. Just make sure you know which is your UEFI system partition (or ESP for short) and your primary Windows partition (the C: drive). You should keep the ESP, and we recommend keeping your C: drive.

Trick : Write down on paper what’s where, order and sizes, and volume labels, if any. You may not need it, but if you do, it could save your life.

You can use Windows Disk Management to check and shrink the C drive. We just press the Windows key and Rtype diskmgmt.msc then press Return, but in a way that suits you.

If any partitions don’t have drive letters, now is a good time to assign letters to them, then exit Disk Management and use Explorer to see what’s on them. Go through all your drives, make sure there’s nothing on it, and if so, move it to your C drive or a backup disk.

Right-click on the primary Windows partition and choose “Shrink”. The feature is very conservative and often won’t shrink the drive much, but if you have a large drive it may not matter.

Or, of course, you can do it in Linux itself. Start your favorite distro and run it GParted tool that every live medium has pre-installed. Delete all partitions except C drive and ESP.

Step 5: Create your Linux partitions

Any distro’s installer will create partitions for you, but we recommend that you use them beforehand. GParted. It’s simpler and more flexible.

UEFI machines usually have the hard drive partitioned using GPT. BIOS-based systems, even 64-bit ones, typically used MBR, which can only handle a maximum of four primary partitions per drive – but one (and only one) of these could be a extended partition, containing secondary partitions or, as DOS called them, “logical drives”. GPT eliminates that: there are no more extended or secondary partitions, and you can have up to 128 partitions per disk. (Hint: no.)

The minimum configuration for most Linux distributions is a large partition. If you want to be able to hibernate in Linux, you will also need a swap partition at least as large as your computer’s RAM.

We recommend a separate partition for /home, but it gets fancy. Previously, 16GB for the root partition (where the operating system lives) was sufficient, but now, with bloated Snap and Flatpak packages closing in on all sides, 64GB is more reasonable.

If you create your partitions with GParted, again note what goes where. We format them as ext4 as a general rule, except for any swap partition which has its own option for this role.

If you’re using a fancy distro with Btrfs and snapshots, like openSUSE, Gecko Linux, or Spiral Linux, at least quadruple that allocation – but to be honest, in that case you’re better off using the distro’s own partitioning feature .

Step 6: Install and get started

Once you’ve created your destination partition(s) and noted which ones, run your installer. When you get to the partitioning screen, choose “something else” or whatever your installer calls the custom partitioning option.

Choose your ESP and tell the installer to mount it in the right place: it’s usually /boot/efi. Choose the root partition and mount it on /. If you created them, choose the home partition and mount it to /homeand choose the swap partition and select “use as swap” or words to that effect.

That should be it. Install, update, enjoy. ®

Boot Note

Over a decade ago, this still-wet independent vulture newborn wrote the Linux Registration Guide, which is still there: parts one, two and three. You might find it useful, or at least fun, to read that too, especially if you’re using an older machine. A lot has changed in the meantime, but Windows cruft cleaning tips still have something to offer.

#Linux #Untrusted #Laptop

Leave a Comment

Your email address will not be published.