Dual-booting without windows erasing grub?

I currently have the following configuration:

• Framework 13"
• Ryzen 5 7640u
• 16 Gb Ram DDR5 5600 (1x16Gb)
• 1 Tb M.2. SSD (taken from my Thinkpad X1 Carbon Gen 7)

My partitions are configured in the following way:

• 1Gb FAT32 efi partition
• 700 EXT4 partition (for my gentoo linux root partition)
• 253 Gb NTFS partition (with windows 11 installed)

Here is my problem:

Whenever windows restarts (which is necessary for certain software installations and updates), it deletes the grub entry from my bios to be the only one there. This does not happen if I press shutdown.

This is massively annoying since the only solution for me to access my linux OS again is to boot from my USB installer, chroot into my linux partition and re-run grub-install --target=x86_64-efi --efi-directory=/efi as well as grub-mkconfig -o /boot/grub/grub.cfg. Is there a way I can lock the BIOS to prevent windows from doing that?

I already tried the following solutions but none of them worked:

• Making windows boot number one with efibootmgr (note that I was unable to set windows to inactive in this solution)
• Disabling windows fast startup

I also read this post although it did not have any answers…

Any help would be hugely appreciated!

It’s been a long time since Windows was allowed on any machine in my house for the reason you mentioned, changing the system clock, and a bunch of other intrusive stuff. However, I seem to remember switching to rEFInd helping with stopping windows from commandeering the boot process. But that could very well be my memory playing tricks on me.

To prevent windows from changing system time just copy this to a blank notepad text file and save as a *.reg (e.g.; win11-utc.reg) file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation]
"RealTimeIsUniversal"=dword:00000001

After that either double-click or right click and add this *.reg file to your registry. This will set the windows time to utilize RTC at UTC. This way you’ll not have to get into FW BIOS and keep flip-flopping the RTC time clock.

(setting this on standalone windows install is also good idea imo, I prefer to set reference clocks at UTC)

See: ArchLinux Wiki #UTC in Microsoft Windows

##################################

I also own a Framework 13 AMD laptop. I have ArchLinux, Fedora 39, Debian 12, and Windows 11 Pro installed on this.

I use rEFInd boot manager to select the OS to boot at boot time. I have disabled the os_prober in each of the GRUB, and run a systemd unit to rewrite the default boot manager to rEFind during boot.

My rEFInd systemd service file looks like this:

cat /etc/systemd/system/refind-make-default.service

## file: /etc/systemd/system/refind-make-default.service
[Unit]
Description=Make rEFInd the default EFI boot loader at startup/boot
## start after local-fs
Requires=local-fs.target


[Service]
ExecStart=/usr/sbin/refind-mkdefault

[Install]
WantedBy=multi-user.target

Then run the following command to enable this service to run at boot/startup:

sudo systemctl enable refind-make-default.service

This setup is similar to my old Dell Inspiron 7390 laptop - ArchLinux, Fedora 39, Ubuntu 23.10 and Windows 11 Pro. With this setup, I have never had Windows11 boot capture and replace my default rEFInd in the efi stub. If this happens then boot into the FW BIOS and set the boot order right in there OR use a linux live usb, boot into live and run efibootmgr.

My partitions:
lsblk -o PATH,LABEL,SIZE,FSTYPE,FSUSE%

PATH            LABEL         SIZE FSTYPE FSUSE%
/dev/nvme0n1                  3.6T        
/dev/nvme0n1p1  ESP           996M vfat      14%
/dev/nvme0n1p2  ARCH_BOOT       2G ext4      19%
/dev/nvme0n1p3  FEDORA_BOOT     2G ext4      18%
/dev/nvme0n1p4  DEBIAN_BOOT     2G ext4       9%
/dev/nvme0n1p5  ARCH_ROOT     180G ext4      20%
/dev/nvme0n1p6  FEDORA_ROOT   180G ext4      12%
/dev/nvme0n1p7  DEBIAN_ROOT   180G ext4      14%
/dev/nvme0n1p8                 16M        
/dev/nvme0n1p9  WIN_C         180G ntfs      58%
/dev/nvme0n1p10 WIN_D         400G ntfs       1%
/dev/nvme0n1p11 DATA          2.4T ext4       2%
/dev/nvme0n1p12 arch_swap      64G swap   
/dev/nvme0n1p13 fedora_swap    64G swap   
/dev/nvme0n1p14 debian_swap    64G swap   

The selection in rEFInd just chain loads the respective nix’s GRUB efi stub (or windows BOOT efi stub) and there on it continues to boot the selected kernel in that distro/OS.

Files in ESP folder /boot/efi/EFI:
ls -al /boot/efi/EFI/

total 40K
drwxr-xr-x 10 root root 4.0K Jan  8 11:36 .
drwxr-xr-x  5 root root 4.0K Dec 31  1969 ..
drwxr-xr-x  2 root root 4.0K Dec 25 16:33 arch
drwxr-xr-x  2 root root 4.0K Oct 31 15:09 Boot
drwxr-xr-x  2 root root 4.0K Dec 26 17:22 Debian
drwxr-xr-x  2 root root 4.0K Dec 25 07:46 fedora
drwxr-xr-x  4 root root 4.0K Dec 24 22:21 Microsoft
drwxr-xr-x  8 root root 4.0K Jan  8 11:36 refind
drwxr-xr-x  2 root root 4.0K Dec 24 13:09 tools

Its pretty simple to install rEFInd if you have secure boot turned off. If you need secure boot then read the refind wiki/support documentation on how to utilize shim to sign refind binaries.

see:
rEFInd boot manager
ArchLinux Wiki #rEFInd

##################################

Cheers!
Good luck.

P.S. My rEFind setup with Framework BGRT image
Conf File:
cat /boot/efi/EFI/refind/refind.conf

############################## CUSTOM ENTRIES ################################
timeout 3

#shutdown_after_timeout

#enable_touch

use_graphics_for osx,linux

use_nvram false

hideui badges,editor

big_icon_size 256

resolution 0 0

#showtools about, hidden_tags, reboot, firmware, fwupdate
showtools about,firmware,memtest,reboot,shutdown

#scanfor manual,internal,external,optical
scanfor manual,internal

dont_scan_dirs ESP:EFI/BOOT,EFI/debian,EFI/Debian,EFI/fedora,EFI/ubuntu,EFI/arch,EFI/Microsoft/Boot,EFI/Dell,EFI/memtest86

dont_scan_files shimx64.efi,mmx64.efi,shim.efi,mm.efi,fbx64.efi,BOOTIA32.EFI,BOOTX64.EFI,fbia32.efi,MokManager.efi,memtest86+x64.efi

scan_all_linux_kernels false

menuentry "Arch Linux" {
	loader /EFI/arch/grubx64.efi
	icon /EFI/refind/themes/refind_pbr_theme/icons/os_arch.png
#	icon /EFI/refind/icons/os_arch.png
	graphics on
#	disabled
}

menuentry "Fedora Linux" {
	loader /EFI/fedora/grubx64.efi
	icon /EFI/refind/themes/refind_pbr_theme/icons/os_fedora.png
	graphics on
#	disabled
}

menuentry "Debian Linux" {
	loader /EFI/Debian/grubx64.efi
	icon /EFI/refind/themes/refind_pbr_theme/icons/os_debian.png
#	icon /EFI/refind/icons/os_debian.png
	graphics on
#	disabled
}

menuentry "Ubuntu Linux" {
	loader /EFI/ubuntu/grubx64.efi
	icon /EFI/refind/themes/refind_pbr_theme/icons/os_ubuntu.png
	icon /EFI/refind/icons/os_ubuntu.png
	graphics on
	disabled
}

menuentry "Windows 11 Pro" {
	loader /EFI/Microsoft/Boot/bootmgfw.efi
#	icon /EFI/refind/icons/os_win8.png
	icon /EFI/refind/themes/refind_pbr_theme/icons/os_win8.png
	graphics on
#	disabled
}

default_selection "+,Arch,Fedora,Debian,Ubuntu,Windows"

# Refind Themes
## Custom Themes ##
include themes/refind_pbr_theme/theme.conf

Image:

I had the same issue with another laptop and afair the following helped me:

1. Boot the installed linux.
2. Set the linux installation as boot priority one via efibootmgr
3. Create a backup dir unter /boot/efi/EFI/Microsoft and move all files from /boot/efi/EFI/Boot to it.
4. In my case (fedora): copy the shimx64.efi from /boot/efi/EFI/fedora to /boot/efi/EFI/Boot.
   (Might be a bit different for other linux flavors)

As I don’t have said laptop around anymore (it was a family member’s), all I can do is tell it as I remember it, but I’m not sure if I remember every detail correctly, as I tried quite a few things to make it work back then.