win-omarchy/README.md

Win-Omarchy

Patch the Omarchy installer ISO to install Omarchy alongside an existing Windows 11 system, with LUKS2 encryption and btrfs snapshots. After install the machine boots the Limine menu first on every power-on — no F12, no firmware boot-menu interaction — and Windows is offered as a menu entry alongside Omarchy and bootable snapshots.

Forked from Dual-Boot-Omarchy.

How Limine-first boot is guaranteed

Many consumer firmwares ignore the UEFI boot order and always boot \EFI\Microsoft\Boot\bootmgfw.efi (the Windows Boot Manager), so a normal Linux bootloader never appears. Rather than rely on boot order, the installer replaces bootmgfw.efi with Limine and preserves the genuine Windows loader alongside it as bootmgfwbackup.efi. When the firmware boots "Windows Boot Manager" it launches Limine, which then offers Omarchy and chainloads the real Windows loader on demand. An efibootmgr BootOrder lock is also set as best-effort for firmware that honours it.

Requirements

• OS to run the patcher: Arch Linux or Omarchy
• Omarchy ISO: from omarchy.com — version-agnostic (tested through 3.8)
• UEFI firmware (no legacy BIOS)
• 20GB+ unallocated space on the target drive
• USB drive for booting the patched ISO
• Secure Boot OFF — Limine is unsigned; with Secure Boot on the firmware silently rejects it and falls through to Windows. The installer detects this and stops by default.

Before installing — BitLocker / Device Encryption

Changing the bootloader changes the TPM PCR 4/7 measurements, so Windows may demand the 48-digit BitLocker recovery key on its next boot. Before booting the installer USB, in Windows:

1. Back up your recovery key (https://account.microsoft.com/devices/recoverykey or Settings → Privacy & security → Device encryption → Back up your recovery key).
2. Suspend BitLocker in an admin PowerShell:

   manage-bde -protectors -disable C: -RebootCount 0
   

3. Shut down fully (not "Restart" — Fast Startup leaves the NTFS dirty): shutdown /s /f /t 0

The installer will not proceed past Windows detection until you confirm you have the key.

Quick start

# With the Omarchy ISO in this directory:
sudo ./patch-win-omarchy.sh

# Or point it at the ISO directly:
sudo ./patch-win-omarchy.sh /path/to/omarchy-3.8.0.iso

This produces win-omarchy-YYYY.MM.DD.iso. It's a hybrid ISO — write it to USB with dd (or Ventoy) and boot the target machine from it.

Installer menu

#	Option	Action
1	Dual Boot (Heaven and Hell mode)	Install Omarchy alongside Windows (dual-boot)
2	Consider that a divorce	Remove a failed/old install; restores the genuine Windows bootloader
3	Nuke the site from orbit	Standard install — wipes the whole drive (no dual-boot)
4	Exit to Ghost in the…	Drop to a terminal
5	I'll be back	Repair: re-apply Limine after a Windows update overwrote it

Option 1 — Dual-boot install

1. Drive selection (auto-detects a single non-USB drive; detects Windows)
2. Free-space check (20GB+)
3. LUKS2 encryption password
4. Partitioning in free space: 1GB LINUXEFI (FAT32) + LUKS2 root
5. Btrfs subvolumes: @, @home, @log, @pkg
6. Omarchy configurator (username, hostname, timezone, keyboard)
7. archinstall base system + full Omarchy desktop (offline, from the ISO)
8. Limine + unified kernel image (encrypt hook), snapper, Plymouth
9. bootmgfw spoof + Windows chainload entry (by GPT PARTUUID) + BootOrder lock

Windows partitions are untouched apart from the single bootmgfw.efi swap (original preserved as bootmgfwbackup.efi).

Option 5 — Repair after a Windows update

A Windows feature update can reinstall bootmgfw.efi, overwriting Limine; the machine then boots straight to Windows and the Limine menu disappears. Option 5 re-applies the spoof — refreshing the backup with the current Windows loader and re-installing Limine. It is idempotent (does nothing if the spoof is already intact).

Target drive layout

Drive:
├── Windows partitions (preserved)
│   └── EFI System Partition
│       ├── EFI/Microsoft/Boot/bootmgfw.efi        ← replaced with Limine
│       └── EFI/Microsoft/Boot/bootmgfwbackup.efi  ← original Windows loader (chainloaded)
├── LINUXEFI (1GB FAT32)          ← Limine, EFI/Linux/omarchy_linux.efi (UKI), limine.conf
└── Linux root (LUKS2 → btrfs)    ← @ / @home / @log / @pkg

How the patcher works

Extracts the ISO and its squashfs, injects a dual-boot setup script into the live environment, re-points the boot sequence to run it on tty1, then repacks the squashfs and rebuilds the ISO via xorriso boot-image replay — preserving the original MBR/GPT/El Torito layout byte-for-byte, so it works across Omarchy versions without per-version tweaks. Build dependencies (xorriso, squashfs-tools, cdrtools) are installed automatically if missing.

Troubleshooting

Boots straight to Windows, no Limine menu. A Windows feature update likely reinstalled its bootloader over the spoof — boot the USB and run option 5. On a fresh install that never showed Limine, confirm Secure Boot is OFF.

No LUKS prompt / won't unlock. Check the encrypt hook: lsinitcpio /boot/EFI/Linux/omarchy_linux.efi | grep encrypt, then sudo mkinitcpio -P.

Windows missing from the Limine menu. The entry chainloads bootmgfwbackup.efi on the Windows ESP by GPT PARTUUID — verify it's present in /boot/limine.conf and on the ESP. (FIND_BOOTLOADERS does not detect Windows; the entry is written explicitly.)

Failed install left orphan partitions. Boot the USB and pick option 2 — it removes the Linux partitions and restores the genuine Windows bootloader.

Uninstalling (keeping Windows)

Boot the USB and choose option 2: restores the real bootmgfw.efi, removes the Linux EFI + LUKS partitions, cleans up UEFI entries. Reclaim the free space from Windows Disk Management.

Credits

• Omarchy — Arch-based distribution
• archinstall — Arch installer framework
• Limine — bootloader
• Snapper — btrfs snapshot management

License

Provided as-is for the Omarchy community.