In this post, I describe the process of manual disk partitioning for installing Debian 12 Bookworm or Debian 13 Trixie and the issues that can arise with a locked bootloader. Debian is, in my opinion, an excellent operating system. I particularly appreciate its two-year release cycle, which feels far more practical than e.g. Ubuntu’s six-month cadence.

The recent industry-wide push for UEFI makes it virtually unavoidable on modern hardware. On paper, the features like "the GPT partitioning scheme that supports disks over 2TB" sound like pure progress. In practice, however, the UEFI standard has been heavily shaped by large vendors like Microsoft, Apple, and Google. They have implemented features such as Secure Boot, which are marketed as security measures but often functionally serve to lock users into a particular operating system. This is why installing Linux on a machine with pre-installed Windows has become an unnecessarily difficult struggle.

This guide will show you how, in most cases, you can take back control of your computer from vendors like Microsoft, Apple, or Google. You’ll learn how to manually configure disk partitions, using the older MBR layout when appropriate, or the GPT scheme required by UEFI systems. The goal is not only to ensure that Debian installs cleanly and boots reliably, but also to help you understand what’s happening behind the scenes, so you're not left wondering why the installer made certain choices for you.

Prerequisite: Creating a Bootable Debian USB Installer (UEFI-Ready)

There are several ways to install Debian, but in this guide we’ll focus on the most straightforward: creating a bootable USB stick that contains both a live system and the Debian installer. This approach serves two important purposes. First, it allows you to test whether your hardware supports the intended installation method, UEFI or legacy BIOS, and confirms that Debian can at least run in live mode. Second, it gives you the opportunity to perform disk partitioning outside the installer, using tools in the live environment, giving you greater control over the setup before installation begins.

It's worth noting that the Debian Live ISO images are hybrid ISOs. This means they can be either written to a USB stick or burned to a DVD. They include both an MBR and a GPT partition layouts and are designed to be bootable on either legacy BIOS or UEFI systems, regardless on the instalation media.

In a typical situation on Linux, you can write the image directly to your USB drive (e.g., /dev/sdb) using the dd command. Warning: This will irrevocably destroy all data on the target device. Double-check the target device (of= parameter) to avoid overwriting your system disk.

dd if=./debian-live-13.1.0-amd64-lxde.iso of=/dev/sdX bs=128K status=progress oflag=sync

On Windows, Rufus can be used to write the Debian ISO image to a USB drive. Rufus offers two modes: DD image mode and ISO image mode. In DD image mode, Rufus creates an exact bit-for-bit copy of the Debian ISO, just like the Linux dd command. However, certain broken or non-standard UEFI implementations might fail to boot from the exact copy of the hybrid ISO.

In ISO image mode, Rufus extracts the files from the ISO and writes them to the USB stick in a conventional file system layout (e.g., FAT32). This mode does not preserve the hybrid partition structure but can sometimes be more compatible with systems that have UEFI firmware quirks or bugs. A lot of Rufus development focuses on addressing these issues, and there is no direct Linux alternative I am aware of. However, it may not retain the signed bootloaders, which could break Secure Boot functionality.

Booting the Installation Media

Booting a Debian installer, especially on modern systems, can be frustrating because several firmware features and tools interfere in different ways. Below are the most common issues you may encounter and how to overcome them:

1. First Attempt:

   • Insert the USB and power on the device.
   • Immediately access the boot menu (usually by pressing a key like F12, F10, or Esc during startup—check your motherboard's manual).
   • Manually select your USB drive from the list. If you see multiple entries for it, try both the UEFI: USB Drive option and the non-UEFI (or "Legacy") option, test both.

2. Disable Fast Boot in Windows

   • Fast boot is a Windows mechanism that prevents full system shutdown to boot faster. However, on boot it skips important parts of the boot sequence and needs to be disabled.
   • The following PowerShell command disables it, run as Administrator:
   • Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power" -Name HiberbootEnabled -Value 0
   • Reboot and try the boot menu (Step 1) again.

3. Tweak BIOS/UEFI Settings:

   • If previous attempts fail, restart and enter the BIOS/UEFI firmware settings (typically by pressing Delete or F2).
   • Navigate to the "Boot" tab and ensure Boot from USB or External Device Boot is enabled.
   • Save changes and exit, then try the boot menu (Step 1) again.

4. Physically Disconnect the Drive with operating system:

   • If the system still refuses to boot from USB, the most reliable method is to physically disconnect the internal drive containing Windows or macOS.
   • With only instalation media and potentially blank disk connected, the firmware has no choice but to boot from your Debian installer. This almost always works.

5. Disable Secure Boot

   • Secure Boot is a UEFI feature that only allows bootloaders signed by keys stored in the firmware (BIOS/UEFI). Typically, this includes Microsoft-signed bootloaders, such as those used by Windows.
   • To alleviate concerns about vendor lock-in, bootloaders of major Linux distributions, including Debian, are signed with a Microsoft-recognized key.
   • To achieve this, Linux distributions use a tool called shim. Note that Microsoft only allows the booting of signed kernels via shim-signed GRUB, which is not a requirement of UEFI itself.
   • Newer hardware may ship with updated Microsoft keysets that don’t recognize older shim signatures, breaking compatibility. USB drives created with Rufus in ISO mode can also violate Secure Boot expectations.
   • When in troubles, the best option is to disable Secure Boot or refer to the extensive documentation on Secure Boot provided by Debian.

Now that you've adjusted your BIOS settings and disconnected any drives with preinstalled systems, you might find that the Debian live system still refuses to boot. Some systems are locked down so tightly, via Secure Boot, firmware restrictions, or vendor-specific quirks, that installing Linux becomes impractical without risking a working setup. In such cases, it's often better to walk away than to force an installation that may compromise the machine.

Formating the disk: Selecting partition table GPT or MSDOS

This guide assumes you're installing Debian on a completely empty disk. Dual-booting with another OS is possible but adds complexity and is not covered here. Either wipe your existing disk or use a new one. If needed, here’s a quick way to erase a disk using dd:

dd if=/dev/zero of=/dev/sdX bs=128K status=progress

Replace /dev/sdX with your actual drive identifier and remember, all data will be permanently lost.

If you've managed to get the live system running, you're ready for the first real decision: which partition table to use, GPT or MSDOS (MBR). Personally, I prefer the MSDOS partition table (MBR)—it’s simple and works well when your BIOS supports legacy boot. To set it up, just run:

fdisk /dev/sdX

Use fdisk to create your partitions manually. It's a straightforward process, especially for minimal setups. 1. Press n – create a new partition (repeat for additional partitions)
2. Press t – change partition type (for EFI System Partition, use type 1)
3. Press w – write changes and exit

When You Must Use GPT

In some cases, MSDOS just won’t work, especially on newer hardware where BIOS/UEFI firmware has dropped proper legacy boot support. For example, on one high-end motherboard I tested, legacy mode was available in the BIOS, but it refused to boot from an M.2 SSD formatted with an MSDOS partition table. In such situations, you’ll need to use GPT (GUID Partition Table) instead.

Boot Mode and Partitioning Must Match

The boot mode you choose—UEFI or Legacy/MBR (CSM)—determines how Debian will be installed. If you boot the installer in UEFI mode, it expects to install to a GPT-formatted disk. If you boot in Legacy mode, it will use an MSDOS/MBR layout. These modes are not interchangeable, and mismatching them can lead to a system that won't boot. Exception is when your BIOS do support legacy boot but you still want MBR layout of the disk with Debian. This won't boot but you can overcome it as I explain later.

Creating a GPT Partition Table with fdisk or gdisk

To initialize a disk with GPT using fdisk, run:

fdisk /dev/sdX

Once inside the fdisk prompt, press g to create a new GPT partition table. Similarly, pressing o creates an MBR partition table, which is the default.

While fdisk supports creating GPT partition tables, the tool was originally designed for MBR (MSDOS) partitions. For more advanced and GPT focused tool, the utility gdisk offers familiar fdisk like interface.

To use gdisk:

gdisk /dev/sdX

Replace /dev/sdX with your actual device (e.g., /dev/sda or /dev/nvme0n1).

EFI System Partition Requirements

When using GPT with UEFI boot, you must create an EFI System Partition (ESP):

• Filesystem: FAT32
• Size: 500 MB (recommended, generous even for dual-boot setups)
• Flags: boot, esp

This partition is required for UEFI firmware to detect and boot your OS. In the Debian installer, make sure to mount this partition to /boot/efi. Without this, GRUB won't be installed correctly for UEFI Debian instalation.

Forcing BIOS to Boot MBR When It Really Doesn’t Want To

If your BIOS/UEFI flat-out refuses to boot from MBR—even when you’ve done everything “correctly”—there’s still a potential workaround:

1. Boot from a Live USB that includes GRUB with UEFI support.
2. At the GRUB menu, press e to edit the boot entry.
3. Use GRUB’s command line (c or press Ctrl + X then c depending on the version) and run ls to list devices.

4. Manually boot the system using GRUB’s commands, e.g.:

   set root=(hd0,msdos1) linux /boot/vmlinuz root=/dev/sdX1 initrd /boot/initrd.img boot

   (Adjust paths and device names according to your setup.)

5. Sometimes boot (my partition), where (my partition) is the partition with the MBR bootable system will work.

Whoo! GRUB can boot your MBR-partitioned system even when the firmware says "no" to a legacy boot! You might not fully agree when you have to do this over and over again but for some, this might feel like a glorious victory over vendor-imposed UEFI restrictions.

At the end of the day, it boots. 🎉

When you read this far, consider supporting the blog

This is a personal blog, written with great effort to be useful. If you find it useful, consider a small donation. It serves as a welcome feedback that the content is appreciated, and it will help determine the amount of effort I put into future posts.