I regularly have the need to try things out on Linux. Sometimes a virtual machine won't cut it for me typically due to memory, disk and performance limitations. Moreover, a decent, up-to-date, bootable Linux environment is a great backup in case all of my other computers are broken, infected or stolen. That entails having the Linux installation on an external, USB-attached hard disk drive which can boot with relative ease on any UEFI-enabled PC (driver compatibility notwithstanding). Moreover, all the preparatory work has to be performed using a single-boot Windows computer without ending up having a dual boot system. It sounds tough. It is tough, but I'm writing this from my portable Ubuntu Linux installation running off a USB-attached SSD!

What you need

  • An empty external (USB) hard drive. I used a USB 3 drive enclosure with a cheap 256Gb SSD. For those of you worrying about performance, the USB 3.0 port is faster than the maximum transfer rate of any SSD I've seen to this date.
  • Ubuntu Linux bootable USB drive. Very easy to create using Rufus on Windows. I used a cheap, promotional flash drive. Reduce, reuse, recycle FTW.
  • Windows System Repair Disc (a bootable USB drive with Windows recovery tools which you can make yourself) or a Windows installation or rescue CD-ROM / DVD-ROM. I used another promotional flash drive.

Remember to take backups of all your critical files and folders before continuing. You are going to make changes to your computer. If it breaks don't cry, I warned you. Also test both your bootable media. Twice. You will need them both!

Caveats

Having a dual- or multi-boot system isn't as straightforward as it used to be a decade ago. Nowadays, in the interest of security, performance and backwards compatibility, there are many semi-hidden options and features which can get in your way. Given enough experience and patience you can work around them. Below is a selection of problems that got me moderately stumped along the way.

Secure boot caveat

I have only tested these instructions with Secure Boot turned off. Even though Ubuntu does support Secure Boot (it comes with signed bootloaders) I have no idea if my method uses the signed bootloaders or not. I suggest turning off Secure Boot if possible.

FastBoot caveats

Many boards come with some sort of "fast boot" or "boot optimization" options. For example, my Intel NUC has an option called Fast Boot which won't let me choose an alternative boot device at startup. It also has an option to support Intel Rapid Start Technology which does get in the way of booting to multiple OS. I had to disable both.

It's worth noting that Windows 8 and 10 have an Fast Startup or Fast Boot feature. This feature takes some shortcuts when it comes to booting and also makes the NTFS filesystem remain in a dirty state, making it unwriteable from Linux. It's best to understand what it does and disable it if you plan on writing to your Windows drive from Linux.

USB host controller caveat

Some firmwares will present the USB host controller as UHCI (USB 1.1) at boot time. When Linux probes for an xHCI (USB 3) host controller during the boot process they will respond positively. At this time Linux loads the xHCI driver and the USB host controller resets itself.

However, your root filesystem is inside a device attached to this USB controller. Therefore the controller resetting means that Linux can no longer communicate with the USB-attached hard drive. Therefore the Linux boot will hang forever without any further indication as to what went wrong.

Most affected boards (including my Intel NUC) have an option to enable the xHCI host controller interface by default. Enabling the xHCI option in the BIOS fixes the hanging boot issue. If you are only using modern operating systems with USB 3 support (anything newer than and including Windows 8.1 and Ubuntu Linux 15.04) you can safely enable that option.

Installing Linux

Boot your computer from the Ubuntu Linux bootable USB drive. Remember that you may have to enter your computer's boot manager to do that (on my Intel NUC I have to press F10; on most other BIOS I've seen it's F9; consult your BIOS documentation).

Install Ubuntu Linux regularly. When it prompts you about the disk layout choose Something Else and partition your external HDD the way you want. I chose to create a modestly sized root partition (about 40Gb), a swap partition that's as big as the biggest RAM configuration I am going to be using this installation with plus one Gb (my computers max out at 16Gb so I made a 17Gb swap partition) and the rest of the disk went to a massive /home partition.

Caveat: I chose to use btrfs which – as I learned along the way – makes things a bit more complicated down the line. For your sanity's sake I recommend using ext4. This guide assumes the use of btrfs and will point out the caveats with this approach.

Fix Windows 10 boot

Unfortunately the Ubuntu Installer assumes that you want a dual booting configuration alongside Windows. Therefore it adds itself (actually, the bootloader it uses, GRUB2) to your computer's UEFI configuration. This causes two problems. For starters, the external HDD is not portable as you cannot boot with it on another computer.

Secondly, if you remove this external HDD your Windows won't boot. Bummer. We have to fix that.

  • Shut down your computer.
  • Disconnect the Ubuntu HDD
  • Boot from the Windows system repair disc USB drive (or a Windows installation or rescue CD-ROM / DVD-ROM).
  • Select Repair your computer.
  • Select the operating system and click Next.
  • Choose Command Prompt.
  • In the command prompt run
    diskpart
    sel disk 0
    list vol
  • Verify that the EFI partition is using the FAT32 file system. It will have a volume ID, let's say 99. Now we need to assign a drive letter to it. Back in the command prompt type:
    sel vol 99
    assign letter=z:
    exit
  • Now we need to fix the boot record. Again in the command prompt type:
    z:
    cd EFI/Microsoft/Boot
    bootrec /FixBoot
  • Finally, we need to re-create the BCD store which tells the Microsoft boot loader where to find Windows so it can boot it. From our trusted command prompt:
    ren BCD BCD.old
    bcdboot c:\Windows /l en-us /s z: All
  • If this didn't work try
    ren BCD BCD.old
    bootrec /RebuildBcd

At this point exit the command prompt and shut down your computer.

Create an ESP on the Ubuntu HDD

A hard drive is not bootable with UEFI unless it has an ESP (EFI System Partition). An ESP is simply a FAT32 partition with a special flag that tells the EFI BIOS to look inside it for boot information. We have to create one on your hard drive.

  • Plug in your external HDD and the Ubuntu Linux bootable USB stick.
  • Boot with the Ubuntu Linux bootable USB stick using the option to try Ubuntu before installing.
  • Open a Terminal (CTRL-ALT-T)
  • Run sudo fdisk -l to get a list of partitions.
  • Identify from them the drive that has the Linux partitions, in my case /dev/sdb. I'll call it /dev/sdX from now on.
  • Also identify the partition that contains the root filesystem. I will call it /dev/sdXY from now on.
  • Launch GParted from the Terminal:
    sudo gparted /dev/sdX
    Why not just click on GParted on your desktop? Well, I kept receiving errors about the Ubuntu Linux bootable USB stick because it was already in use. Of course it is, I am using it to run the computer off it, duh!
  • Resize the first partition on disk to have another 200 Mb of free space after it.
  • Create a new partition on the free space, changing the file system to fat32.
  • Apply operations. You need to do that now for the next step to be possible.
  • Right click the new partition.
  • Click on Manage Flags.
  • Set the boot and esp flags. This is what makes the partition "special" to the EFI BIOS.
  • One more thing! Note down the the partition that contains the ESP filesystem. I will call it /dev/sdXZ from now on.

Make sure the Ubuntu installation on the external HDD can see the ESP

The new ESP on the external drive must be visible by the Ubuntu installation in the HDD. Otherwise GRUB2, the Linux bootloader, won't be able to update itself, making your system unbootable after the next kernel update at the latest.

  • Launch GParted from the Terminal, as we saw above:
    sudo gparted /dev/sdX
  • Double click the partition with your Linux root (/) filesystem on the external HDD
  • Note down the UUID, e.g. 01234567-89ab-cdef-0123-4567890abcde
  • Double click the new FAT32 partition and note down the UUID, e.g. 0123-ABCD
  • Close GParted
  • Open a Terminal

The process is different depending on the format of your root partition on the external hard disk.

If you DID NOT use btrfs (e.g. you used ext4)

sudo umount /media/ubuntu/01234567-89ab-cdef-0123-4567890abcde 
sudo mount /dev/sdXY /mnt

If you DID use btrfs

If you DID use btrfs, you made your life complicated. We need to mount the btrfs subvolume containing the root partition instead of the entire partition. Otherwise you'll never be able to install GRUB and you'll probably lose an entire day, like me.

btrfs subvolume list /media/ubuntu/01234567-89ab-cdef-0123-4567890abcde

This will give you a line with a numeric ID. Let's say 123. Note it down.

umount /media/ubuntu/01234567-89ab-cdef-0123-4567890abcde
mount /dev/sdXY -o subvolid=123 /mnt

The rest of the instructions are common, no matter if used btrfs, ext4 or something else

  • sudo nano /mnt/etc/fstab
  • There is a line with /boot/efi already in this file. Comment it by placing a # in front of it.
  • Add the following line:
    UUID=0123-ABCD /boot/efi vfat defaults 0 1

Install GRUB2 on the external drive's EFI System Partition

Right now our external drive has an empty ESP. We need to put a bootloader in it to make it actually, well, bootable.

First caveat: all the instructions you find on-line assume you are using a dual boot system with Windows or macOS. When you have an external drive it is critical that you use the --removable option in the last step. This installs the EFI bootloader under the special "fallback path" EFI\Boot\bootx64.efi in the ESP. Normally this not supposed to be used for permanently installed Operating Systems. It's the mechanism used by EFI BIOS to boot arbitrary external media. Technically, that's exactly what our external hard drive is: arbitrary external media!

Second caveat: installing the bootloader is only possible from inside the Linux installation we want to boot. However, we need the bootloader to boot that installation, leading to a Catch-22 issue. The solution is to run the bootloader installation through a chroot jail. The actual caveat that got me stumped for a day comes from the fact that I am using btrfs (because it's so much better for SSDs!). btrfs has subvolumes. If you mount the entire partition instead of a subvolume the grub-install script can't figure out the mapping between paths and devices, therefore failing to install itself on the ESP, returning the cryptic error

/usr/sbin/grub-probe: error: cannot find a device for / (is /dev mounted?).

The error is misleading! /dev is mounted if you follow my instructions below. The actual problem, as I understand it, is that there is a discrepancy between the mounted device and the path to the chroot root. That's why I had you mount only the subvolume containing the root filesystem in the steps above. If you were not paying attention, you are not following the instructions step-by-step, you rebooted before this step or just came here directly looking for a solution to your problem about GRUB not installing look above for instructions on mounting the correct btrfs subvolume.

  • We need to prepare the chroot environment. The ESP must be mounted in the correct place and we have to bind system mount point for some special trees (most notably /dev). Moreover, we will copy the resolv.conf file to let the chroot environment have network access should it need it.
    mount /dev/sdXZ /mnt/boot/efi
    for i in /dev /dev/pts /proc /sys; do sudo mount -B $i /mnt/$i; done
    cp /etc/resolv.conf /mnt/etc/
    modprobe efivars
  • Finally we enter the chroot environment and install Grub in a way suitable for a removable device (see the first caveat above).
    sudo chroot /mnt
    grub-install -d /usr/lib/grub/x86_64-efi --efi-directory=/boot/efi/ --removable /dev/sdX

Now your external HDD is bootable. Reboot your computer, select it from the boot media selection of your UEFI BIOS and you're done!

201 comments

  • Nice instructions. I'm fighting currently with exactly that problem.
    One question/comment: In your chapter "Secure boot caveat" you wrote: "I've only tested these instructions with Secure Boot turned off". Here you are referring to the option in the ubuntu installation, right? I first thought you are talking about turning UEFI-Boot off in the "BIOS" (I know it is not called anymore BIOS)
    • I was talking about the UEFI firmware setting. You're right, it's not called BIOS, it's called UEFI Firmware now :)

      Somewhere in the Boot options menu there's a switch for Secure Boot which only allows cryptographically signed bootloaders to execute on boot. If you are using the precompiled Ubuntu kernel and bootloader they are signed and can work with Secure Boot. However, since I'm using grub-install in the last step I am not sure if I'm breaking the signature. If your PC barfs a message about unsigned bootloaders, invalid signature or you get to simply stare at a black void, er, screen then this might be the case.
    • Hi Alec! Apparently I did answer your question (I'm adding the link since you pasted it wrong above). You still need to fix the Windows boot section as I described. That's necessary for the small UEFI boot stub to live in the correct place. The BitLocker encryption settings are stored in the NTFS filesystem itself. Therefore Windows knows that the volume requires decryption and the decryption key is safely tucked away in the machine's Trusted Platform Module.

      FYI, that's the same principle which allows you to run UEFI live Linux distributions on your PC without being able to access the encrypted volume but also without damaging it. Moreover this is the same principle behind being able to repair a damaged UEFI partition without losing all the contents of your hard disk. BitLocker is a very well thought out full disk encryption solution. However, it's always a great idea keeping a backup and a backup of the backup before doing anything which could have even the remote chance of screwing up your computer. Better be safe than sorry!
      • Hi again. After a long time I came back to this. The bootrec /fixboot rec dosnt work for me (dosnt find windows). I think because the dirve is bitloked and I dont have the key to unlock it in recovery. Anyhow since I forced the boot order in bios the machine was booting normaly just no longer finding the ubuntu on the SSD and the BCD looked normal. I followed the rest of your instructions and all is now working. Boots to windows with no SSD and boots to ubuntu with SSD when selected as boot media. so many many thanks for your instructions! If only Ubuntu had an install option that let you spesify where to put the grub!
        • If you have a drive protected by BitLocker you need to use a Windows 10 recovery DVD and first try to use its Repair option. It will ask you to enter the BitLocker recovery code which you have either printed out or it's stored in your Microsoft account (default for self-owned machines). Even if the automatic repair fails you can then go to the command prompt and do everything you need - the drive is now unlocked.
  • Excelent!!!
    Been for days trying to fgure out how to do this.. seems to be a Ubuntu install limitation. First the bootloader was installed on the PC harddisk, without me wanting it .. then made the EFI partition with the proper flags but no matter what I tried, it never installed the bootloader on that partition. Finally read somewhere that Ubuntu only installs automatically EFI if partition is sda, since i am booting for a live usb to install in other, the media is always sdb.. really really thank you!!!
    • Yes, that's UEFI only. I don't have a computer with legacy (BIOS) boot to test. I'm pretty sure that if you have 2Mb of free space in the beginning of your hard disk you can install a GRUB MBR there. It's been too long since I last did that and it was with GRUB 1 so don't ask me how :(
  • Hi, thanks for your write up. Does running an OS installed on a USB drive risk damage to the drive and premature failure? Or is it safe to do without having to worry about even wearing and write rates? I assume the technology in the drive is different to old HDD or SSD and not necessarily designed for this type of use or is it all good?
    • Wear leveling is a feature of the SSD itself. It doesn't matter which system bus / connector the SSD is attached to (SATA, mSATA, PCIe via M.2, USB...). The bus selection only affects maximum throughput, not wear leveling.

      Modern SSDs are designed to be used as the primary or only storage medium of a computer. Otherwise devices like the Apple MacBook Pro or the Microsoft Surface Pro wouldn't be possible. For average (non server) use SSDs and HDDs have practically comparable lives.

      Please note that I used a "real" SSD in a USB enclosure. If you use a flash drive your mileage will definitely vary (and be much, much shorter). Flash drives are not designed with a long write cycle in mind. They are also woefully inadequate in terms of speed. If you want to have an OS on a portable drive use a regular SSD in a USB 3.x enclosure.
  • Hi. Thanks for these instructions and they did help, but I'm still unable to boot from my external hard drive. I get 'System BootOrder not found. Initializing defaults' error message and then restarts. I tried installing Linux Mint on one of my external drivers and can confirm that i was able to install the OS successfully and also the grub install with the removable option fine with no errors. Its only during boot that I'm stuck. Any one else faced similar issue?
    • This seems to be a UEFI firmware issue. First make sure that Secure Boot is disabled in your UEFI setup (what we called BIOS setup in the olden days). I never had any luck booting Linux off removable media with Secure Boot enabled.

      If you still have this issue you may want to use efibootmgr as root, e.g. from a bootable USB stick with Linux, to set up the UEFI boot load order. See this question on LinuxQuestions.

      • Hi Nicholas,

        I have the same problem. I followed all your steps in one Desktop PC with UEFI BIOS with Secure Boot Disabled. And i was able to boot Ubuntu from External USB HDD.

        However, when i take the same HDD and boot in a laptop with UEFI BIOS with/without Secure Boot, it doesn't boot at all. UEFI BIOS shows 4 options as below.
        1. ubuntu
        2. Windows Boot Manager
        3. NVMe:
        4. USB HDD:
        5. PCI LAN

        Selecting Ubuntu does nothing.
        Clicking 4th option (HDD containing Ubuntu), goes to a black screen which says "System Bootorder not found. Initializing defaults. Reset system".

        Can you help here?

        I even booted a Ubuntu live from an USB stick in this laptop and reran commands given under "Make sure the Ubuntu installation on the external HDD can see the ESP", "Install GRUB2 on the external drive’s EFI System Partition". But this didn't help.
        • Boot your portable installation on the machine it works.

          Look in /boot/efi, your EFI partition should be mounted there. If it's not you will need to edit your /etc/fstab and reboot.

          If the EFI partition is mounted, check if the file /boot/efi/EFI/Boot/bootx64.efi exists. If it doesn't, you need to run
          grub-install -d /usr/lib/grub/x86_64-efi --efi-directory=/boot/efi/ --removable /dev/sdX
          where /dev/sdX is the device where the EFI partition is mounted. If you are not sure run
          mount | grep boot/efi

          If this doesn't help, your problem is with your /etc/fstab. The leftmost column should have UUID=something for all entries. If it has device names, like /dev/sda1, you can run blkid to see the UUID for each corresponding /dev entry. You can replace them in /etc/fstab and reboot. For example, if /etc/fstab has
          /dev/sda1 /boot/efi vfat umask=0077 0 1
          and blkid says
          /dev/sda1: UUID="ABCD-EF01" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="01abc234-def5-6a7b-8c90-0123456789ab"
          you should change the /etc/fstab line to
          UUID=ABCD-EF01 /boot/efi vfat umask=0077 0 1
  • Hi. I would like to notice that in the 'Fix windows 10 boot' when recreating the BCD store. A '/f' flag is missing from the original instructions, and the RIGHT version should be:

    bcdboot c:\Windows /l en-us /s z: /f All

    Otherwise, very bad things happen... :*
  • Wow! I just finished this procedure, and it works. It did take several hours for me to complete it because I and just getting started with Ubuntu Linux. One thing which took me a while to figure out was that I had to change directory to "/" before the "cp /etc/resolv.conf /mnt/etc/" would work. This was located in the second to last bullet point in the procedure. Question: now hard would it be to change to Linux Mint if I want to do that? Do I have to start all over at the beginning of the procedure? Many thanks for the detailed procedure! No way I would have done the installation in this manner without the excellent procedure.
    • Mint is not an official flavor of Ubuntu IIRC, meaning that you can't just apt-get install something and be done with it (as you'd do with Kubunty, Xubuntu, Mythbuntu and other official flavors). So in this case, yup, you'd need to start over.