Dual boot with other OSes


I use Qubes for awhile, but I’m not very technical person.
Can you please explain how I should setup my systems and what I should do if I want to run 2 or more other linux systems on desktop PC with different M.2 SSD?
One of the reasons is that I need to use Nvidia graphics card. The other is journalism.
I don’t need to protect myself from physical access at least for now.

How can I encrypt my /boot and do I need to worry about UEFI and legacy boot(I don’t know much about these things)?
If I won’t use Windows, do I still need to deal with BIOS security and if yes, what I need to do?
What other things I need to consider?

Thank you

1 Like

If you’re using UEFI then during OS installation it should automatically create a separate boot menu entry and you can use UEFI boot menu at boot time to select which menu entry to boot from e.g. something like this:

There is a guide about encrypted /boot:

And you can also check archlinux wiki for a reference:
dm-crypt/Encrypting an entire system - ArchWiki
FYI with encrypted /boot there will be unencrypted boot data anyway:

Less data is left unencrypted, i.e. the boot loader and the EFI system partition, if present

Yes, your firmware or Qubes OS boot files could be compromised from Linux as well.
You can consider using Heads:

Also relevant info on multibooting:

This is not how it works, and you probably don’t want to do this. The other OS can attack Qubes. Even if you encrypt your /boot, your EFI partition still remains unencrypted. Qubes does not support UEFI secure boot so you have no protection here.

And yes, you still need to deal with BIOS security. Apply all available updates. Disable SMT, unnecessary peripherals, thunderbolt, remote management, computrace. Enable memory encryption, UEFI capsule updates, UEFI downgrade protection, DMA protection, IOMMU, admin password, etc.

1 Like