Dual Booting Gentoo && Windows11

Using Shim with disabled-validation

1. If not already in Use emerge shim and mokutil emerge sys-boot/shim sys-boot/mokutil
2. depending where you put EFI (/boot/EFI or /efi/EFI) copy following shim files:

• cp /usr/share/shim/BOOTX64.EFI /boot/EFI/gentoo/shimx64.efi
• cp /usr/share/shim/mmx64.efi /boot/EFI/gentoo/mmx64.efi

3. Use your EFI partition (check with lsblk) and depending on that do following command:

• efibootmgr --disk /dev/nvme1n1 --part 1 --create -L "GRUB via Shim" -l '\EFI\gentoo\shimx64.efi'

4. Do following command mokutil --disable-validation
5. Do following command grub-mkconfig -o /boot/EFI/gentoo/grub.cfg
6. Follow the steps from: Using Secure Boot While Disabling Shim's Enforcement Here a copy:

• You should be greeted by a screen that advises you to press a key to begin MOK management. Do so.
• You will now have four choices: Continue boot; Change Secure Boot state; Enroll key from disk; or Enroll hash from disk. Select Change Secure Boot state.
• The tool will now ask for your password. With recent versions, it may do so strangely, by asking for characters out of order.
• Once MokManager is satisfied with your password skills, it presents a simple No/Yes option, with no explanatory prompt. Select Yes.
• MokManager will now show the options Reboot; Enroll key from disk; and Enroll hash from disk. Select the Reboot option.
• Once you reboot, Shim should stop enforcing Secure Boot rules; but they will still apply to programs and OSes that are not launched via Shim. You can verify this state by using the –sb-state option to mokutil:

7. If not already visible do os-prober and grub-mkconfig
8. If you deleted windows from the EFI partition while installing gentoo like me, follow this steps(What to do if you deleted windows in EFI partition ):

• create a bootable USB with windows11 from the official microsoft page
• Start from the USB
• Press Shift + F10 to open CMD and select the EFI partition
• diskpart
• list disk
• sel disk #
• list part
• sel part #
• assign letter=s
• list vol
• assign a letter to the volume where your windows is located:
  • sel vol #
  • assign letter=e
• exit
• bcdboot E:\windows /s s:
• Reboot and do os-prober and grub-mkconfig in gentoo

References

Using Secure Boot While Disabling Shim's Enforcement Shim Handbook Gentoo What to do if you deleted windows in EFI partition