Hey everyone! I'm trying to install Arch Linux for the first time and I'm pretty new to this whole Linux thing. I've mostly dealt with Debian-based distros before, and I'm now looking to dual boot Arch with Windows, which has Secure Boot and Bitlocker enabled.
From what I gathered, I need to disable Secure Boot during the installation, sign some keys, and then turn Secure Boot back on. I created a 4GB EFI system partition while installing Windows as suggested in the documentation. However, I'm confused about where exactly I should mount the existing EFI partition. The documentation warns against mounting it to /boot due to potential risks when dual-booting, and I also read it's not a good idea to mount it to /efi. Since I'm planning to stick with systemd and don't need a fancy bootloader, what's the best practice here? Am I missing something?
3 Answers
I recommend mounting it to /efi. That's usually what systemd will do if you let it choose the mount point. Just to clarify about the concerns you raised:
1. It’s certainly better to use a single ESP, but having multiple shouldn’t cause problems unless your bootloader absolutely needs just one.
2. The claim about risks with mounting ESP at /boot isn't as scary as it sounds. The bootloader is on the ESP anyway, so it remains accessible regardless of where you mount it. Windows won’t specifically mess with your bootloader to the point of breaking it.
Honestly, you can mount the ESP to just about anywhere, but it may cause issues if you decide to change it later. Mounting to /boot makes the most sense for many setups, unless you have a specific reason to use /efi, which can be more limiting for certain configurations.
You shouldn't worry too much about the potential manipulation risks mentioned. If you're using dual-boot, that other OS has full access anyway, which comes with its own risks. If /boot works better for you, go with it unless there’s a specific restriction you’re facing with /efi.
I see what you mean, but I think there's still some truth to the worries. Some tools are only cautious with Windows files and might unintentionally overwrite important Linux boot files. Plus, if your kernel is unencrypted, it could be a potential risk.