Dual Boot with windows11

[Alwin B.]

Hi installing gentoo I had some problems with dual booting because of the secure boot in UEFI and I found a nice solution with shims option to dsable validation, so you dont have to deal with signing.

I didnt found a lot online so I did some research and found this as working for me. So if someone has the same issue, I hope this helps.

Here (also here available: https://bybrauns.com/dual-boot-gentoo-windows11.html):

# Dual Booting Gentoo && Windows11
## Using Shim with disabled-validation
1. If not already in Use emerge shim and mokutil ``emerge sys-boot/shim sys-boot/mokutil``
2. depending where you put EFI (/boot/EFI or /efi/EFI) copy following shim files:
- ``cp /usr/share/shim/BOOTX64.EFI /boot/EFI/gentoo/shimx64.efi``
- ``cp /usr/share/shim/mmx64.efi /boot/EFI/gentoo/mmx64.efi``
3. Use your EFI partition (check with lsblk) and depending on that do following command:
- ``efibootmgr --disk /dev/nvme1n1 --part 1 --create -L "GRUB via Shim" -l '\EFI\gentoo\shimx64.efi'``
4. Do following command ``mokutil --disable-validation``
5. Do following command ``grub-mkconfig -o /boot/EFI/gentoo/grub.cfg``
6. Follow the steps from: [Using Secure Boot While Disabling Shim's Enforcement](http://www.rodsbooks.com/efi-bootloaders/secureboot.html#halfway-disable) Here a copy:
- You should be greeted by a screen that advises you to press a key to begin MOK management. Do so.
- You will now have four choices: Continue boot; Change Secure Boot state; Enroll key from disk; or Enroll hash from disk. Select Change Secure Boot state.
- The tool will now ask for your password. With recent versions, it may do so strangely, by asking for characters out of order.
- Once MokManager is satisfied with your password skills, it presents a simple No/Yes option, with no explanatory prompt. Select Yes.
- MokManager will now show the options Reboot; Enroll key from disk; and Enroll hash from disk. Select the Reboot option.
- Once you reboot, Shim should stop enforcing Secure Boot rules; but they will still apply to programs and OSes that are not launched via Shim. You can verify this state by using the --sb-state option to mokutil:
7. If not already visible do os-prober and grub-mkconfig
8. If you deleted windows from the EFI partition while installing gentoo like me, follow this steps:
- create a bootable USB with windows11 from the official microsoft page
- Start from the USB
- Press Shift + F10 to open CMD
- ``diskpart``
- ``list disk``
- ``sel disk #``
- ``list part``
- ``sel part #``
- ``assign letter=s``
- ``list vol``
- assign a letter to the volume where your windows is located:
- ``sel vol #``
- ``assign letter=e``
- ``exit``
- ``bcdboot E:\windows /s s:``
- Reboot and do os-prober and grub-mkconfig in gentoo


### References
[Using Secure Boot While Disabling Shim's Enforcement](http://www.rodsbooks.com/efi-bootloaders/secureboot.html#halfway-disable)
[Shim Handbook Gentoo](https://wiki.gentoo.org/wiki/Shim#GRUB)
[What to do if you deleted windows in EFI partition](https://unix.stackexchange.com/questions/671607/deleted-the-windows-efi-partition-what-to-do)