In this post, I describe the process of manual disk partitioning for installing Debian 12 Bookworm or Debian 13 Trixie and the issues that can arise with a locked bootloader. Debian is, in my opinion, an excellent operating system. I particularly appreciate its two-year release cycle, which feels far more practical than e.g. Ubuntu’s six-month cadence.

The recent industry-wide push for UEFI makes it virtually unavoidable on modern hardware. On paper, the features like "the GPT partitioning scheme that supports disks over 2TB" sound like pure progress. In practice, however, the UEFI standard has been heavily shaped by large vendors like Microsoft, Apple, and Google. They have implemented features such as Secure Boot, which are marketed as security measures but often functionally serve to lock users into a particular operating system. This is why installing Linux on a machine with pre-installed Windows has become an unnecessarily difficult struggle.

This guide will show you how, in most cases, you can take back control of your computer from vendors like Microsoft, Apple, or Google. You’ll learn how to manually configure disk partitions, using the older MBR layout when appropriate, or the GPT scheme required by UEFI systems. The goal is not only to ensure that Debian installs cleanly and boots reliably, but also to help you understand what’s happening behind the scenes, so you're not left wondering why the installer made certain choices for you.

Prerequisite: Creating a Bootable Debian USB Installer (UEFI-Ready)

The most straightforward way to install Debian is to create a bootable USB stick that contains both a live system and the Debian installer. This approach serves two important purposes. First, it allows you to test whether your hardware supports the intended installation method, UEFI or legacy BIOS, and confirms that Debian can at least run in live mode. Second, it gives you the opportunity to perform disk partitioning outside the installer, using tools in the live environment, giving you greater control over the setup before installation begins.

It's worth noting that the Debian Live ISO images are hybrid ISOs. This means they can be either written to a USB stick or burned to a DVD. They include both an MBR and a GPT partition layouts and are designed to be bootable on either legacy BIOS or UEFI systems, regardless on the instalation media.

In a typical situation on Linux, you can write the image directly to your USB drive (e.g., /dev/sdb) using the dd command. Warning: This will irrevocably destroy all data on the target device. Double-check the target device (of= parameter) to avoid overwriting your system disk.

dd if=./debian-live-13.1.0-amd64-lxde.iso of=/dev/sdX bs=128K status=progress oflag=sync

On Windows, Rufus can be used to write the Debian ISO image to a USB drive. Rufus offers two modes: DD image mode and ISO image mode. In DD image mode, Rufus creates an exact bit-for-bit copy of the Debian ISO, just like the Linux dd command. However, certain broken or non-standard UEFI implementations might fail to boot from the exact copy of the hybrid ISO.

In ISO image mode, Rufus extracts the files from the ISO and writes them to the USB stick in a conventional file system layout (e.g., FAT32). This mode does not preserve the hybrid partition structure but can sometimes be more compatible with systems that have UEFI firmware quirks or bugs. A lot of Rufus development focuses on addressing these issues, and there is no direct Linux alternative I am aware of. However, it may not retain the signed bootloaders, which could break Secure Boot functionality.

Testing Installation Media

Booting a Debian installer, especially on modern systems, can be frustrating because several firmware features and tools interfere in different ways. Below are the most common issues you may encounter and how to overcome them:

1. First Attempt:

   • Insert the USB and power on the device.
   • Immediately access the boot menu (usually by pressing a key like F12, F10, or Esc during startup—check your motherboard's manual).
   • Manually select your USB drive from the list. If you see multiple entries for it, try both the UEFI: USB Drive option and the non-UEFI (or "Legacy") option, test both.

2. Disable Fast Boot in Windows

   • Fast boot is a Windows mechanism that prevents full system shutdown to boot faster. However, on boot it skips important parts of the boot sequence and needs to be disabled.
   • The following command run PowerShell as Administrator, force Windows to use UTC and disable Fast boot:
   • start powershell -Command "Start-Process PowerShell -Verb RunAs" Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\TimeZoneInformation" -Name "RealTimeIsUniversal" -Value 1 Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power" -Name HiberbootEnabled -Value 0
   • Reboot and try the boot menu (Step 1) again.

3. Tweak BIOS/UEFI Settings:

   • If previous attempts fail, restart and enter the BIOS/UEFI firmware settings (typically by pressing Delete or F2).
   • Navigate to the "Boot" tab and ensure Boot from USB or External Device Boot is enabled.
   • Save changes and exit, then try the boot menu (Step 1) again.

4. Physically Disconnect the Drive with operating system:

   • If the system still refuses to boot from USB, the most reliable method is to physically disconnect the internal drive containing Windows or macOS.
   • With only instalation media and potentially blank disk connected, the firmware has no choice but to boot from your Debian installer. This almost always works.

5. Disable Secure Boot

   • Secure Boot is a UEFI feature that only allows bootloaders signed by keys stored in the firmware (BIOS/UEFI). Typically, this includes Microsoft-signed bootloaders, such as those used by Windows.
   • To alleviate concerns about vendor lock-in, bootloaders of major Linux distributions, including Debian, are signed with a Microsoft-recognized key.
   • To achieve this, Linux distributions use a tool called shim. Note that Microsoft only allows the booting of signed kernels via shim-signed GRUB, which is not a requirement of UEFI itself.
   • Newer hardware may ship with updated Microsoft keysets that don’t recognize older shim signatures, breaking compatibility. USB drives created with Rufus in ISO mode can also violate Secure Boot expectations.
   • When in troubles, the best option is to disable Secure Boot or refer to the extensive documentation on Secure Boot provided by Debian.

Now that you've adjusted your BIOS settings and disconnected any drives with preinstalled systems, you might find that the Debian live system still refuses to boot. Some systems are locked down so tightly, via Secure Boot, firmware restrictions, or vendor-specific quirks, that installing Linux becomes impractical without risking a working setup. In such cases, it's often better to walk away than to force an installation that may compromise the machine.

Formating the disk

This guide assumes you're installing Debian on a completely empty disk. Dual-booting with another OS is possible but adds complexity and is not covered here. Either wipe your existing disk or use a new one. If needed, here’s a quick way to erase a disk using dd:

dd if=/dev/zero of=/dev/sdX bs=128K status=progress

Replace /dev/sdX with your actual drive identifier and remember, all data will be permanently lost.

MBR vs GPT: What You Need to Know for Booting Debian

When installing Debian, the choice between MS-DOS (MBR) and GPT affects how the system boots and how partitions are organized. Here's a simple comparison, including disk alignment tips and boot behavior.

MS-DOS (MBR)

• Booting:
  The BIOS reads the Master Boot Record (first 512 bytes of the disk), which contains the bootloader code. The BIOS does not interpret filesystems, it simply loads the bootloader, such as GRUB or the Windows bootloader. MBR also contains partition table that describes the layout of the disk, including primary and extended partitions. BIOS itself need no drivers for filesystems such as FAT, ext or others.

• Partition metadata: In MBR (MS-DOS) partition tables, each partition entry contains two main pieces of metadata relevant for booting, bootloader logic and OS recognition. Boot flag (status byte) stored in the first byte of the partition entry. Value 0x80 indicates bootable (active) partition, while 0x00 means inactive partition. Partition type byte is stored in the 5th byte of the partition entry. Itdentifies the filesystem or operating system type. BIOS ignores this byte for booting; it’s used by OSes and partitioning tools. Common Partition Type Codes are

• Bootable Partition Flag:
  On a bootable disk, one partition typically has the boot flag set, which historically indicated the partition from which the operating system should be loaded. With modern bootloaders, such as GRUB, this flag is technically unnecessary, because the bootloader select second stage bootloader on demand. Historically, the BIOS and simple bootloaders relied on the boot flag to locate the second-stage bootloader.

• Disk Alignment:
  Partitions should ideally start on 1 MiB boundaries (sector 2048) for optimal performance, especially on SSDs. Older fdisk defaults may align to 63 sectors, which works but is less efficient.

• Partition Limits:
  Up to 4 primary partitions (or 3 primary + 1 extended) with logical partitions inside the extended partition. Maximum disk size is ~2 TB.

GPT (UEFI)

• Booting:
  UEFI reads the EFI System Partition (ESP), which is always formatted as FAT32. The firmware can read FAT32, so all bootloader files must reside here. By convention, the ESP is usually the first partition on UEFI-bootable disks. Standard UEFI firmware does not log boot events to the ESP, but in practice, the OS or bootloader may modify it, for example during system updates or bootloader installation.

• GPT Metadata:
  In GPT, each partition contains more metadata than MBR. The key fields in a GPT partition entry (128 bytes per entry) are:

• Partition Type GUID (16 bytes)
  It identifies the purpose of the partition, e.g., EFI System Partition, Linux filesystem, Windows data, etc. UEFI firmware scans for the ESP GUID 12A7328-F81F-11D2-BA4B-00A0C93EC93B to find the bootloader.

• Unique Partition GUID (16 bytes)
  It is randomly generated globally unique identifier for every partition. Helps the OS and tools track partitions even if they are cloned or moved. Can act as a persistent disk fingerprint.

• Starting LBA (8 bytes) and Ending LBA (8 bytes)
  Specify the first and last sectors of the partition and allows proper alignment for performance and support for very large disks.

• Attributes / Flags (8 bytes, 64 bits)
  These are optional flags controlling OS or firmware behavior. Most of them are reserved for OS-specific use, however there are few standard bits, including:

  • Bit 0: Required partition
  • Bit 1: Legacy BIOS bootable
  • Bit 2: EFI System Partition
  • Bit 60: No automount / hidden
  • Bit 62: Read-only

• Partition Name (72 bytes, UTF-16)
  This is human readable name of the partition. It is optional and used by GUI tools, OS utilities, or logging. It does not affect booting.

• Bootable Flag:
  The ESP is recognized by the firmware using a partition type GUID C12A7328-F81F-11D2-BA4B-00A0C93EC93B. This partition must be formated as FAT32.

• Disk Alignment:
  Just like MBR, partitions should start on 1 MiB boundaries. GPT also stores backup headers at the end of the disk for redundancy.

• Partition Limits:
  128+ partitions by default, and supports disks larger than 2 TB.

Partitioning the Disk

You can partition the disk from a shell, use a preformatted disk, or format it during the Debian installation process. However, be aware that the way you boot your installation media directly affects the disk format and the installation mode.

For consistency and to avoid boot problems, it is wise to boot the installation media in the same mode you intend the system to use after installation (UEFI → GPT, Legacy → MBR). The boot mode you choose UEFI or Legacy/MBR (CSM) determines how Debian will be installed:

• UEFI Boot:
  The installer expects or creates a GPT-formatted disk.

• Legacy/MBR Boot (CSM):
  The installer expects or creates MSDOS/MBR partition table.

Booting a GPT disk in Legacy mode or an MBR disk in UEFI mode usually results in a system that will not boot.

If you want to avoid UEFI at all costs, and your BIOS only supports UEFI boot, it is technically possible to install Debian on an MBR disk. This may require manual configuration to make it bootable, which is covered later in this guide.

Note: Legacy boot from GPT disks has not been covered in this guide, but some setups using GRUB might allow it.

Creating a MBR Partition Table in BASH

Personally, I prefer the MSDOS partition table (MBR)—it’s simple and works well when your BIOS supports legacy boot. To set it up, just run:

fdisk /dev/sdX

Use fdisk to create your partitions manually. It's a straightforward process, especially for minimal setups. 1. Press n – create a new partition (repeat for additional partitions)
2. Press t – change partition type (for EFI System Partition, use type 1)
3. Press w – write changes and exit

Creating a GPT Partition Table in BASH

In some cases, MSDOS just won’t work, especially on newer hardware where BIOS/UEFI firmware has dropped proper legacy boot support. For example, on one high-end motherboard I tested, legacy mode was available in the BIOS, but it refused to boot from an M.2 SSD formatted with an MSDOS partition table. In such situations, you’ll need to use GPT (GUID Partition Table) instead.

You can format your disk outside Debian installer using typically fdisk or gdisk. Newer fdisk versions support creating GPT partitions. To initialize a disk with GPT using fdisk, run:

fdisk /dev/sdX

Once inside the fdisk prompt, press g to create a new GPT partition table. Similarly, pressing o creates an MBR partition table, which is the default.

For more advanced and GPT focused tool, the utility gdisk offers familiar fdisk like interface.

To use gdisk:

gdisk /dev/sdX

Replace /dev/sdX with your actual device (e.g., /dev/sda or /dev/nvme0n1).

Creating EFI System Partition

When using GPT with UEFI boot, you must create an EFI System Partition (ESP). In the Debian installer partitioning tool, set the following:

• Filesystem: FAT32
• Size: 300 MB (recommended, generous even for dual-boot setups)
• Flags: boot, esp

With these flags, the Debian installer automatically assigns the correct Partition Type GUID, which is required for UEFI boot. In fdisk or gdisk it is sufficient to set proper GUID type, flags are not mandatory.

Debian mount point

Make sure to mount EFI partition to /boot/efi during instalation process. Without this, GRUB won't be installed correctly for UEFI Debian instalation.

Forcing BIOS to Boot MBR When It Really Doesn’t Want To

If your BIOS/UEFI flat-out refuses to boot from MBR—even when you’ve done everything “correctly”—there’s still a potential workaround:

1. Boot from a Live USB that includes GRUB with UEFI support.
2. At the GRUB menu, press e to edit the boot entry.
3. Use GRUB’s command line (c or press Ctrl + X then c depending on the version) and run ls to list devices.

4. Manually boot the system using GRUB’s commands, e.g.:

   set root=(hd0,msdos1) linux /boot/vmlinuz root=/dev/sdX1 initrd /boot/initrd.img boot

   (Adjust paths and device names according to your setup.)

5. Sometimes boot (my partition), where (my partition) is the partition with the MBR bootable system will work.

Whoo! GRUB can boot your MBR-partitioned system even when the firmware says "no" to a legacy boot! You might not fully agree when you have to do this over and over again but for some, this might feel like a glorious victory over vendor-imposed UEFI restrictions.

At the end of the day, it boots. 🎉

When you read this far, consider supporting the blog

This is a personal blog, written with great effort to be useful. If you find it useful, consider a small donation. It serves as a welcome feedback that the content is appreciated, and it will help determine the amount of effort I put into future posts.