Hi Dan, I was wondering how it was going with secure boot and LFS? I have reached the 6.48. GRUB-2.00 stage of my re-build of LFS 7.4 using my new scripts and wrappers.
For this stage, since I already have secure boot disabled and am booting the traditional way, I think I will just follow the LFS book. But you have inspired me to look into this issue. I may develop a system to enable booting from either the BIOS or the Unified Extensible Firmware Interface, depending on what the computer has. I do not recall if one of the references you mentioned included this link? http://www.rodsbooks.com/efi-bootloaders/secureboot.html It shows a couple of different ways to sign your own binaries etc.. Take Care, Robert Taylor On Mon, Nov 18, 2013 at 8:30 AM, Dan McGhee <[email protected]> wrote: > At the start here, I want to apologize to those who may be frustrated > with my changing the subject line for this EFI stuff. The subject > appears to be at least a "warm one," if not a "hot one." Therefore, > many things get hidden in the replies. So, in an attempt to keep things > fresh and simple, I just start a new thread. When the time comes, and it > will be quite soon now, I will post the basics of my "how I did it" and, > if people are interested, post what I learned, the reasons why I did > what I did, my conclusions and what I think is left for my future testing. > > I was able to get the kernel to load. That's the good news. The bad > news is that I got a kernel panic. But, as I write this, I'm fixing > that. I have another kernel in the oven. > > Using the kernel's efi-stubs was last on my list of testing. I thought > I knew grub pretty well and didn't know anything about initrd's and > initramfs, and everything that I had read about the efi-stubs included > one of those two. But Geoff's success with his imbedded kernel command > line looked promising so I did it. > > One of the things he cautioned about, and I'm reinforcing now, is to > make sure that all the drivers the kernel needs to boot are either > configured into the kernel or made available on the EFI partition so > that the kernel can load them. That turned out to be my problem. I had > the "ahci" drivers configured as modules, and since the kernel couldn't > load my hard drive, it couldn't mount the filesystem. Here are the > kernel configuration options I used: > > CONFIG_CMDLINE_BOOLEAN=y > CONFIG_CMDLINE="root=/dev/xxxx" (xxxx=partition containing LFS) > CONFIG_EFI_PARTITION=y > > CONFIG_EFI=y > CONFIG_EFI_STUB=y > CONFIG_FB_EFI=y > > CONFIG_FRAMEBUFFER_CONSOLE=y > > CONFIG_RELOCATABLE=y > > CONFIG_EFI_VARS=n (shows up as "Not Set) > > CONFIG_EFIVAR_FS=y > > > Please note that these are the same as Geoff posted last night with the > exception that he used EFIVARS and not EFIVARFS. I did this because > efivarfs is replacing efivars sometime in the future. > > > Then it's just a matter of getting the kernel to the EFI partition and > getting the entry into the Boot Manager. My EFI partition is mounted at > /boot/efi so it was: > > > mkdir -vp /boot/efi/EFI/lfs-7.4 > cp -v /boot/vmlinuz-<et cetera> /boot/efi/EFI/lfs-7.4/vimliuz-<et > cetera.,efi > > > I don't know if the ".efi" was necessary, but all the files I've seen on > the EFI partition end like that. Geoff gave the command he used for > efibootmgr, but I started using gummiboot, so I did my "gummiboot thing." > > > The result of booting was a kernel panic, but that's farther than I have > gotten since I started doing this research. I can fix a kernel panic. > But the interesting conclusion that I have drawn is that unless GRUB2 is > hacked it won't boot a kernel "in the old way." When I was testing, I > never got my kernel to load and I couldn't load Ubuntu unless I > chainloaded its efi file like I do Windoze. Last night William > Harrington posted a link to the Fedora site regarding grub patches. > There were a lot. Also, let me quote the "FEDORA.README" from that link: > > > > GRUB 2 provides various feature enhancements over the previous GRUB > version > > (referred to as "GRUB", or "GRUB Legacy") which has been unmaintained > upstream > > for years. GRUB has thus been deprecated in Fedora and replaced by GRUB > 2 for > > BIOS systems. (EFI systems still uses GRUB Legacy from the new grub-efi > package.) > > So, Fedora is using grub legacy to boot into an efi environment. The > vast majority of threads I have found at arch-linux, ubuntu, gentoo and > openSuse all talk about not being able to boot other things with GRUB2. > Very few, if any, people complain about their distros not booting. > > I think that if LFS is going to document how to boot using an EFI > partition, then the most stripped down way is with the kernel efi-stubs > and efibootmgr. If someone chooses that option for their system, there > is no need for GRUB2. Multiboot options can be handled either by > efibootmgr, which is the simplest, gummiboot or rEFInd. > > I'm still going to try to find a way to use GRUB2 in this. But, I > haven't done any building for my LFS system in almost a month and I want > to get back to it. I'm going to let this grub stuff grow penicillin in > my brain for awhile and then try again. > > Dan > > > -- > http://linuxfromscratch.org/mailman/listinfo/lfs-support > FAQ: http://www.linuxfromscratch.org/lfs/faq.html > Unsubscribe: See the above information page >
-- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
