In part 1 – Which Linux is best for a Java developer? – I decided to install Manjaro Linux on a Dell XPS 15 9570. In this part, I will explain some important basics you should know about installing Linux.
- 1 Not that easy after all
- 2 BIOS vs. UEFI / EFI
- 3 MBR vs. GPT
- 4 What is GRUB?
- 5 Do I need a separate Linux boot partition?
- 6 Encrypting the hard disk
- 7 Graphics driver
- 8 GRUB boot options
- 9 Summary
Not that easy after all
After installing Manjaro as a VM on my Windows computer and flying over countless forum posts and how-to’s, I realized: it doesn’t seem that easy after all. There are desperate users who have had over 50 unsuccessful installation attempts. The most frequently asked questions are:
- What is the difference between BIOS and (U)EFI?
- Should I install an MBR or a GPT?
- What is GRUB?
- Do I need a separate boot partition?
- How do I encrypt the hard disk during installation? Should I use LUKS or Opal or both? Do I have to encrypt the whole disk or do I have to leave the boot partition unencrypted?
- What is the right driver for my graphics card and how do I install and configure it correctly?
- What do the different GRUB boot options mean, which are mostly mentioned in connection with graphics card drivers? And how do I set them?
Most of these questions are answered in the relevant forums, but first and foremost by Linux professionals who formulate the answers in such a way that they absolutely do not help a beginner, such as:
“First just getting rid of intel nomodeset i915.modeset=0 then intel and the open source driver for nvidia [nouveau] nomodeset i915.modeset=0 nouveau.modeset=0 then all of it (and try to boot using vesa) nomodeset nvidia.modeset=0 i915.modeset=0 nouveau.modeset=0“
You got it? Neither do I. So I will try to answer the above questions in a way that even a Linux novice understands them. In the third part, I will guide you step by step through the installation of Manjaro on the Dell XPS 15 9570. I will only go as far into the details as it is necessary for the installation.
BIOS vs. UEFI / EFI
What is the difference between BIOS, UEFI and EFI?
The BIOS (Basic Input Output System) is responsible for putting the PC into a functional state and then loading the operating system. It was developed in the 70s and has been extended again and again since then. With today’s 64-bit systems, however, the expansion options reach their limits.
Therefore, successors were developed: first EFI (Extensible Firmware Interface) and then UEFI (Unified Extensible Firmware Interface) with focus on 64-bit systems and features like “Secure Boot,” which ensures that only certain, previously signed bootloaders are executed.
→ All modern motherboards and operating systems support UEFI. Therefore, there is absolutely no reason to install the operating system in BIOS mode (which is emulated by the Compatibility Support Module of the UEFI).
MBR vs. GPT
Should I install an MBR or a GPT?
Here we have a similar situation as with BIOS vs. UEFI:
The MBR (Master Boot Record) is a record in the first sector of the hard disk and contains the boot loader (or the first stage of it) and the partition table. The MBR was developed in the 80s, and – like the BIOS – the MBR is reaching its limits more and more. Thus, a maximum of four primary partitions can be created – or three primary partitions and one extended partition, which in turn can contain logical partitions. A partition can have a maximum size of 2 TB.
In the course of UEFI development, the GPT (GUID partition table) was developed as a successor to the MBR. The “G” stands for “GUID” (Globally Unique Identifier) and not for “GNU,” so it has nothing to do with Linux.
With the GPT, there is no distinction between primary, extended and logical partitions, and the number of partitions is not limited (except by available space). The maximum partition size is 18 EB (exabyte), which is 18 million TB or 18 billion GB. I can’t imagine how this limit will ever be reached … however, 35 years ago, the MBR developers thought the same thing about the 2 TB limit.
Another advantage of the GPT is that a backup copy of the partition table is stored at the end of the hard disk.
→ Like UEFI, GPT is supported by all modern motherboards and operating systems. So the choice should be GPT without a doubt.
What is GRUB?
While UEFI and GPT are used in Windows as well as in Linux, with GRUB (“Grand Unified Bootloader”) we have arrived in the Linux world.
GRUB is, as the name suggests, a bootloader that loads the actual Linux operating system. The bootloader is installed on a separate “EFI System Partition” (ESP), where it is started by the (U)EFI.
In addition to GRUB, other boot loaders can also be installed on this partition, which greatly simplifies the setup of a multiboot system. If, for example, Windows was previously installed in UEFI mode, then the EFI partition already exists and contains the “Windows Boot Manager.” If GRUB is now added, UEFI will automatically ask whether Windows or Linux should be started at the next boot process.
For the “EFI System Partition” to be recognized by all operating systems, it is usually formatted with the FAT32 file system.
In Windows 10 disk management, this looks like this:
I have tried to illustrate this once again. In the following, you can see an example partitioning of the hard disk:
The partitions are not displayed correctly in relation to each other. GPT and ESP are actually much smaller than the other partitions.
- The GPT refers to the partitions of the hard disk.
- The ESP (reminder: “EFI System Partition”) contains the boot loaders for Windows (“Windows Boot Manager”) and Linux (“GRUB”) in this example.
- If the “Windows Boot Manager” is selected when starting the PC, Windows will be booted from the C:\ partition.
- If “GRUB” is selected, Linux will be booted from the Linux root partition.
Do I need a separate Linux boot partition?
On older PCs with BIOS and Master Boot Record, only a part of GRUB (the so called “stage 1”) could be stored on this boot record for space reasons. The biggest part of the boot loader was in the /boot directory.
As “stage 1” could only access a limited part of the hard disk and could only read a limited number of file systems, the /boot directory had to be located on a separate partition at the beginning of the hard disk and formatted with a file system supported by “stage 1.”
For new systems with UEFI and GPT, GRUB easily fits completely into the EFI partition and can handle pretty much any file system supported by Linux – including software RAIDs, LVMs, and LUKS encrypted file systems.
→ A separate boot partition is not required on modern systems.
Encrypting the hard disk
If your hard drive contains confidential data, you should encrypt it completely – especially if it is in a laptop you regularly carry around with you.
There are basically two types of encryption:
- Software encryption: under Linux in the form of LUKS (“Linux Unified Key Setup”) and under Windows in the form of BitLocker (only included in the professional version)
- Hardware encryption by “Self-Encrypting Devices” (SEDs).
Software encryption with LUKS
Software encryption can be easily activated during the installation of the operating system. To do this, simply tick the “Encrypt system” checkbox in the “Partitions” step of the Manjaro installation and enter a passphrase (a long password, preferably consisting of several words). The installer takes care of the rest:
Please note: for old systems with BIOS and MBR, a separate /boot partition must be created (see above, “Do I need a separate Linux boot partition?”), which must not be encrypted.
If the data of a running system is to be encrypted, it will be a bit more complex. There is no graphical user interface for this. Instead, you have to use the command
cryptsetup-reencrypt with the option
--new. More details can be found here: Arch Linux – Encrypt an unencrypted filesystem
Hardware encryption with SEDs and Opal
Almost all modern SSD hard drives support hardware encryption. These devices are called “Self-Encrypting Devices” (SEDs), the standard for this is defined by the “Opal Storage Specification.” This variant has the great advantage that the CPU is not subject to any load.
The encryption works with two keys: a “data encryption key” (DEK), which encrypts the data on the hard disk (orange in the drawing below), and an “authentication key” (AK), which encrypts the “data encryption key” (blue in the drawing):
This 2-step system has the advantage that the authentication key can be changed at any time. All you have to do is decrypt the data encryption key with the old authentication key and then re-encrypt it with the new authentication key. In the drawing, this would mean that only the lock at the top left has to be replaced.
A change in the data encryption key, on the other hand, would require the entire contents of the hard disk to be encrypted again. This could take several hours depending on the size of the hard disk. In the drawing, this would mean that all 16 locks on the right side would have to be replaced.
Pre-Boot Authorization Image
In order to activate encryption (or to enable decryption), a so-called “Pre-Boot Authorization” (PBA) image must be installed on the SSD. The PBA itself is not encrypted. It is installed in the so-called “shadow MBR” – an area of the SSD that is not visible in regular operation. If the SSD is locked, however, the system only sees this “shadow MBR,” so that only the PBA can be booted after switching on.
The PBA now asks for the authentication key in the form of a passphrase. If this passphrase is entered correctly, the SSD hides the shadow MBR and shows the actual data area. A reboot is then initiated, which finally starts the actual operating system.
The disadvantage of hardware encryption is the rather complex installation. I will explain this step by step in the third part of the series, installation of Manjaro Linux on a DELL XPS 15 9570.
Finally we come to one of the biggest challenges of all: Which is the right driver for my graphics card? And how do I configure it correctly? Unfortunately, I can’t answer this question in general, since the problems vary from graphics card to graphics card and from one Linux distribution to another, according to my research.
Here, for example, you can find the documentation for the graphics drivers for Arch-Linux: https://wiki.archlinux.de/title/X
There is a general VESA driver (“xf86-video-vesa”) that should work with all video cards. However, it works only up to a resolution of 1024 x 768 pixels and doesn’t provide 2D or 3D hardware acceleration (at least that’s how it was in my tests).
GRUB boot options
In the various forum posts, cryptic GRUB boot options appear again and again under the answers. What’s that all about?
The boot options can be changed in general, but also directly before booting the operating system and thus influence the boot process. For example, if the graphics card is not properly supported by the kernel or a faulty graphics card driver has been installed and the system freezes with a black screen during booting.
Setting the boot options
Boot options are defined in the file
/etc/default/grub in the following two lines (here at the example of a Manjaro installation in a Hyper-V VM).
The options are written one after the other, separated by spaces. The options listed after
GRUB_CMDLINE_LINUX are considered at every start, the options listed under
GRUB_CMDLINE_LINUX_DEFAULT only in standard mode, not in recovery mode.
After changes to the file, the command
update-grub has to be executed.
To change the boot options for a single boot, press the “E” key (for “edit”) when GRUB is displayed after turning on the computer. In Manjaro it looks like this:
After pressing “E,” the editor appears:
The boot options are listed here in the line beginning with
linux after the boot image and can also be changed there directly.
The most important boot options
You should know the following boot options because they appear in forum posts and how-tos:
- quiet – if this option is set, the kernel messages are not displayed on boot.
- splash – this option is intended to display a splash screen, but has no effect in my Manjaro test installation.
- nomodeset – in newer kernels, the graphics mode is activated by the kernel early in the boot process. This is done primarily to display high-resolution splash screens during the boot process. Since this doesn’t work with all video cards, this option can be used to enable video mode only when starting the X Window system.
- nouveau.modeset=1 (or 0) – enables/disables kernel mode setting (the aforementioned enabling of video mode by the kernel) for Nvidia video cards.
- i915.modeset=1 (or 0) – enable/disable kernel mode setting for Intel graphics cards.
- radeon.modeset=1 (or 0) – enable/disable kernel mode setting for AMD Radeon graphics cards.
- xforcevesa – only VESA mode is used for the graphics display. This does not require a special graphics driver and should run on all graphics cards – but only in limited resolution and without hardware acceleration.
What I couldn’t figure out is which of the “modeset” options have priority. So if, for example, whether “nomodeset” overwrites all other “modeset” options or not.
In this article, I explained the differences between BIOS/MBR and (U)EFI/GPT. On current systems, you should always use the latter combination.
I explained to you how GRUB works, how to encrypt your system, what boot options are needed for and how to set them both permanently and for a single boot.
With that, my preparations are finished. In the next part, I finally describe step by step how to install Manjaro on the DELL XPS 15 9570.
Have I explained things as clearly as possible? I’m looking forward to your feedback, your questions and – if a Linux professional reads along – also about hints if something is not 100 percent correct at any point.