I've been happily Windows-free for about 5 years, but lately I need some Win-only software including a few games that don't work at all on Linux. My main questions:

  • How to avoid Windows messing with my Linux install? Having a separate PC is not possible for me right now. I'm considering uninstalling grub and instead selecting the boot device I want from UEFI, idk if this is advisable though.

  • I'm also interested in how to get a Windows install that's as minimal as possible: I don't want to log in to a Microsoft account, I don't want telemetry etc, I only want whatever is strictly required to make my system functional. The one thing I do want is Windows Defender cause ain't no way I'm dealing with an antivirus.

  • Should I go for Win 11 or stick to 10?

Any tips or experiences are welcome!

Ps: I know this information is probably all out there, but I thought a post in this community about it would be useful for others as well.

UPDATE: I ended up going with a regular old dual boot using Windows 10 iot LTSC - there's a few games I wanted to run and a driver as well so I chose to install directly on hardware as opposed to a VM. I created the install media using Ventoy, and UNPLUGGED EVERY OTHER DRIVE during installation except the one Windows was supposed to come on. Afterwards I had to boot in with a live Linux USB (the nice thing about Ventoy is that you can write multiple ISOs to your USB so it came in handy) to manually install rEFInd onto the original EFI partition that my Linux install uses, then I just had to set up the correct boot order in UEFI and everything is working. I also had to fuck around on the boot partition and with efibootmgr to remove all traces of grub so things don't get tangled up which was a bit scary but things are working perfectly now.

  • rotopenguin@infosec.pub
    ·
    3 months ago

    Might as well go for Win11, you're going to have to deal with it next year anyways.

    Windows doesn't do minimal, it does whatever the hell it wants. There are some OOBE tricks to get a local account working.

    I have used the privacy.sexy app to strip down some of the most obnoxious Win11 bits - be warned that you have to disable defender to have it work. Is it doing bad things? Is MS doing incredibly shady shit with their detections? Who's to say? When I turn on Defender afterwards, everything seems "fine".

    There's no need to get rid of grub, or play games with different boot drives. Get to know how EFI works. Look at efibootmgr's output - that's pretty much all that the firmware knows. The firmware has multiple entries consisting of a drive (magic device number), a program path (EFI\grub\grub_x64.efi), and maybe a string to pass along. There is a priority list (0003,0001,0002) which MS occasionally likes to re-arrange.