Placing /boot On Removable Media

[xloem]

I really think Qubes should support booting off removable media. Booting this way can incredibly improve the security of drive encryption. To me, lack of support for this seems a massive hole in Qubes' presentation.

The anaconda installer doesn't seem to do it. When I installed Qubes 3.1, putting /boot on a removable disk produced a broken install. I had to install to the primary hard disk and inspect the result to manually repair the removable boot disk.

Today I attempted to install Qubes 3.2 on a new EFI computer this way, and the installer won't even let me instruct it to place the bootloader on anything but the primary harddrive. I can select a USB key as bootloader in the disk selection screen, but the selection jumps back to the primary harddrive once I move on to partition creation. It seems it will let me install with a removable boot device only if I physically remove my harddrive from the system, and the result still fails to boot.

With such security-conscious devs, I'm very surprised that this seems so poorly supported.

[andrewdavidwong]

I thought this was already supported. I seem to recall doing this on 3.1 without producing a broken install (and reading reports of others doing the same), but I haven't had a chance to try it on 3.2. If anyone else can confirm or deny, please do.

[andrewdavidwong]

I thought this was already supported. I seem to recall doing this on 3.1 without producing a broken install (and reading reports of others doing the same), but I haven't had a chance to try it on 3.2. If anyone else can confirm or deny, please do.

[unman]

It's been possible to do this for some time, and certainly possible in 3.2. There are many reports of people installing to removable disks, and booting off USB drives. Sorry you've had problems.

the selection jumps back to the primary harddrive

Not sure what this means. The installer isn't particularly intuitive, but it does support booting from USB device, at least in legacy mode. (Agreed, I haven't tried this in UEFI mode: have you tried in legacy mode?)

[unman]

It's been possible to do this for some time, and certainly possible in 3.2. There are many reports of people installing to removable disks, and booting off USB drives. Sorry you've had problems.

the selection jumps back to the primary harddrive

Not sure what this means. The installer isn't particularly intuitive, but it does support booting from USB device, at least in legacy mode. (Agreed, I haven't tried this in UEFI mode: have you tried in legacy mode?)

[baffo32]

I tried installing in legacy mode, but the system still fails to boot. photo

Perhaps the difference for me is that I am not formatting /boot but re-using an existing partition. I'll try formatting it and see if that works.

[baffo32]

I tried installing in legacy mode, but the system still fails to boot. photo

Perhaps the difference for me is that I am not formatting /boot but re-using an existing partition. I'll try formatting it and see if that works.

[baffo32]

Okay, I've narrowed this down into two separate issues: (1) boot fails if /boot was not reformatted during install (2) UEFI installation does not allow selection of an external boot device
So, placing /boot on external media seems to require that legacy boot mode be used, and that the /boot partition be reformatted, enforcing that the boot key is unique to the system.

[baffo32]

Okay, I've narrowed this down into two separate issues: (1) boot fails if /boot was not reformatted during install (2) UEFI installation does not allow selection of an external boot device
So, placing /boot on external media seems to require that legacy boot mode be used, and that the /boot partition be reformatted, enforcing that the boot key is unique to the system.

[baffo32]

the selection jumps back to the primary harddrive

Not sure what this means.

@unman I explained this in more detail, with two photographs showing the issue, in #2445

[baffo32]

the selection jumps back to the primary harddrive

Not sure what this means.

@unman I explained this in more detail, with two photographs showing the issue, in #2445

[andrewdavidwong]

This issue has been split into #2445 and #2457.

[andrewdavidwong]

This issue has been split into #2445 and #2457.