On Sun, 2018-03-11 at 19:05 +0100, Thomas Schmitt wrote:
> Hi,
> i managed to build a live-build ISO.
> Its /boot/grub/efi.img contains
>   /efi/boot/bootia32.efi
>   /efi/boot/bootx64.efi
> which both show by "strings" the embedded configuration with
>   search --file --set=root /.disk/info
> The ISO 9660 filesystem contains a file
>   /.disk/info
> So the riddle is why this does not get into effect with that
> particular
> EFI implementation, and why a grub.cfg in the EFI System Partition
> solves the problem.
> Does a debian-cd ISO boot properly on that EFI ?
> E.g.
>   https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.
> 4.0-amd64-netinst.iso
> I meanwhile found out that the efi.img of debian-cd stems from
> debian-cd_info.tar.gz created by
>    https://anonscm.debian.org/git/d-i/debian-installer.git/tree/build
> /util/efi-image
> and that its grub-mkimage run needs no -c option because it has an -m
> option
> with a grub.cfg file in the "memdisk" tarball. It's quite the same
> tarball
> as created by live-build in
>    https://salsa.debian.org/bluca/live-build/blob/master/scripts/buil
> d/efi-image
> So it might be that debian-cd is affected as well.
> If not, then differences between both ISOs might give hints about the
> cause.
> Have a nice day :)
> Thomas

I am not sure why that EFI firmware is so picky - I'll try to find time
and test a vanilla Debian image.

Nevertheless, adding that grub.cfg file is necessary when using Secure
Boot - the monolithic grub EFI image does not contain that string. It
is built by this script in the grub2 repository:


Using that image is necessary with Secure Boot as that's what gets
signed. Ubuntu has the same workaround in place.

Kind regards,
Luca Boccassi

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to