Hi,

Tj <[email protected]> wrote:
> I've found is the hybrid GPT is illegal so any tool that verifies GPT 
> integrity will fail.
> [...]
> The gdisk tools also loudly report this GPT invalidity.

Significant nitpicking:
The GPT is invalid because it is not announced by a "protective MBR"
partition of type 0xEE and thus cannot be illegal.
The firmware is at fault already by considering the partition table
that is governed by the invalid GPT header block at LBA 1.

AFAIK (being accessory to the crime) the invalid GPT is present to
lure in firmwares, like old versions of OVMF, which don't accept the
(virtual) storage device as bootable disk if it only has a MBR
partition table.
You obviously found a firmware which hates this trick.


You could try to just deface the GPT header block

  # Write the path to your Debian ISO or USB stick here
  iso=debian-13.1.0-amd64-netinst.iso
  # iso=/dev/sdX

  dd if=/dev/zero conv=notrunc bs=512 seek=1 count=1 of="$iso"

If you do this directly with the USB stick (e.g. /dev/sdc) be extremely
careful to give the right /dev/ address and run dd under sudo.
(It might be necessary to unplug and replug the USB stick afterwards.)

A cautious user might want to use xorriso-dd-target to verify the
address:

  xorriso-dd-target -with_sudo sdc

to get a confirming evaluation like

  sdc : YES : usb+ has_iso9660+ has_vfat+

or stern warnings like

  sdc : NO  : not_usb- has_vfat+ has_ext4-
  sdc : NO  : usb+ has_iso9660+ has_vfat+ has_ext2-

which show that the device is not connected via USB and/or has
filesystems other than ISO 9660 or FAT. This would be suspicious with
a USB stick that shall be overwritten by an ISO image.

If GPT is still recognized, you will have to deface the GPT backup
header block, too. It sits at the last block address of the storage
device, which above dd command would have to use with its option seek= .


> 1. GPT EFI System partition (usually #2) has type-code Basic data (0700) 
> not EFI SP (EF00)

Yep. Totally invalid. I assume it was intentional, not to create more
confusion in the readers of the partition tables. The inventor
described the layout in
  http://mjg59.dreamwidth.org/11285.html
from where i learned it and since then offer it in xorriso.


> 3. The hybrid GPT's I've examined for multiple ISO images (Debian, 
> LinuxMint, Ubuntu) have a variety of problems reported by gdisk tools.

That's because firmwares are so hunchbacked.
Legacy BIOS in old HP laptops wants to see a MBR partition with "boot"
flag, various UEFIs want to see a glimpse of GPT (despite the specs
saying that MBR partition type 0xEF is acceptable too.)
It is nearly impossible to serve them all in a single ISO image.

Other distros have left behind some of these jackalopes in favor of
a neat partition layout in their hybrid ISOs. (xorriso can do it
specs compliant if the user wants it.)


> For example, I noticed in the LinuxMint ISO GPT shows 2 partitions with 
> partition #2 (EFI-SP) completely contained within partition #1.

This should be the case with Debian amd64 ISOs, too.
The reason is that the EFI boot image is a file in the ISO filesystem.
Better would be to have it as appended partition like in the Debian
ISOs for arm64.

(The Debian arm64 ISOs have two EFI boot images, because the El Torito
 image is still a file in the ISO filesystem.
 Hint to debian-cd:
 This duplication could meanwhile be avoided by xorrisofs option
   -e --interval:appended_partition_2:all::
 instead of
   -e /boot/grub/efi.img
 Then the file /boot/grub/efi.img in the ISO could be omitted.
)


> I provided the owner of this issue a workaround  in the form of a shell 
> script that extracts the EFI-SP and root file-system from the ISO and 
> writes into a file containing a regular block layout.

Untested:
You could also simply partition a USB stick to your liking, create a
FAT filesystem of sufficient size, and copy all files from the ISO
into that FAT filesystem.
In Debian amd64 ISOs the directory /EFI is a copy of the tree in the
FAT filesystem of the boot image.

(MS-Windows seems to have created a tradition that the FAT partition
does not even have to bear the defined type of a EFI system partition.
Firmwares seem to look into any FAT filesystem for an \EFI\BOOT
directory.)


Have a nice day :)

Thomas

Reply via email to