Hi, a long running thread, obviously. :))
David Christensen wrote in: https://lists.debian.org/debian-user/2025/08/msg00073.html > > So, I AIUI the d-i does not modify > > the USB flash drive, but the motherboard firmware can (BIOS/EFI/UEFI) > > and some operating systems can. The result is that the ISO checksum and > > the USB flash drive checksum will differ. So, verification of the USB > > flash drive must be done immediately after burning and later checksums > > are not meaningful. Bigsy Bohr wrote: > I don't understand this. The iso image isn't modified, and you can verify > the integrity of that image independent of the drive itself. ISO images which are bootable by EFI from USB stick contain a partition table which points to some data range inside the image file. In case of Debian netinst ISO this range is the content of data file /boot/grub/efi.img . So the EFI partition is even inside the ISO 9660 filesystem: $ /sbin/fdisk -l debian-13.1.0-amd64-netinst.iso ... Device Boot Start End Sectors Size Id Type debian-13.1.0-amd64-netinst.iso1 * 0 1603583 1603584 783M 0 Empty debian-13.1.0-amd64-netinst.iso2 4128 11327 7200 3.5M ef EFI (FAT-12/16/32) In modern Ubuntu ISOs the EFI partition is outside the ISO 9660 filesystem, but nevertheless inside the image file. $ /sbin/fdisk -l ubuntu-24.04.3-desktop-amd64.iso ... Device Start End Sectors Size Type ubuntu-24.04.3-desktop-amd64.iso1 64 12383487 12383424 5.9G Microsoft bas ubuntu-24.04.3-desktop-amd64.iso2 12383488 12393647 10160 5M EFI System ubuntu-24.04.3-desktop-amd64.iso3 12393648 12394247 600 300K Microsoft bas The offending mainboard firmwares and operating systems feel entitled to add files to the FAT filesystem in the EFI partition. This changes the content of /boot/grub/efi.img in the Debian ISO and thus the checksum of the data range of the original image on the USB stick. In the Ubuntu image the change does not hit the ISO 9660 filesystem but still the byte range for which its download checksum was computed. Finally i should point out that EFI partition manipulations were _not_ the reason for the problem which the original post in this thread described. Have a nice day :) Thomas
