On Thursday, November 30, 2017 at 2:07:59 AM UTC-8, Joe Hemmerlein wrote: > Any hints about troubleshooting the UEFI boot option are appreciated; i can > also provide more exact details about what i already tried. Given the specs > of this machine, I'm really determined to not give up easily. >
Here is a detailed log of what I tried. ThinkPad T470 (20HD-CT01WW) UEFI/BIOS configuration ======================= Setup – Main - UEFI BIOS Version: N1QET68W (1.43) - UEFI BIOS Date: 2017-11-10 - Installed Memory: 32768 MB - UEFI Secure Boot: Off Setup – Config – USB - USB UEFI BIOS Support: Enabled Setup – Security – Security Chip - Security Chip Type: TPM 2.0 - Security Chip: Enabled - Intel TXT Feature: Enabled Setup – Security – Memory Protection - Execution Prevention: Enabled Setup – Security – Virtualization - Intel Virtualization Technology: Enabled - Intel VT-d Feature: Enabled Setup – Security – Secure Boot - Secure Boot: Disabled Setup – Security – Intel SGX - Intel SGX Control: Software - Current State: Enabled Setup – Security – Device Guard - Device Guard: Disabled Setup – Startup - Boot (Priority Order) includes "USB HDD" and "NVMe0 Intel SSDPEKKF256G7L" - UEFI/Legacy Boot: UEFI Only - CSM Support: Yes Initial Setup Experience ======================== - Created USB stick using Rufus with dd method from 4.0R3 ISO image - Able to boot USB stick by invoking UEFI Boot Menu with F12, then selecting USB HDD - This results in a text mode grub menu with the four options - Option 1 (Test media and install Qubes R4.0-rc3) is default and will start automatically - Option 1 then fails: "XEN 4.8.2 (c/s ) EFI loader // Failed to boot both default and fallback entries" Only way I found to install Qubes OS: - Change BIOS/UEFI setup configuration item "UEFI/Legacy Boot" to "Legacy Only" - Boot from USB and install. GUI install works fine with default options (all I change is my keyboard layout to Dvorak) - Reboot, and configure Qubes OS with default options - Qubes OS starts and is usable as long as BIOS/UEFI setup configuration is using "Legacy Only", but... --- Problem: no TPM available. According to Lenovo, the TPM2.0 will not be exposed in legacy boot scenario; in order for TPM to be exposed, it seems like we need UEFI boot. Trying to switch to UEFI - As described at https://www.qubes-os.org/doc/uefi-troubleshooting/#installation-finished-but-qubes-boot-option-is-missing-and-xencfg-is-empty, we have an empty (0 bytes) xen.efi file in /boot/efi/EFI/qubes. Followed steps in guide, essentially: - Booted into Qubes with legacy boot - Renamed xen-4.8.2.efi to xen.efi - Copied contents from xen.cfg I troubleshooting guide to xen.cfg in dom0 - Edited xen.cfg to adjust for current kernel number in four places - Rebooted - Booted with legacy boot from USB install stick - Selected Advanced – Rescue a Qubes installation - Selected option 1 to continue - Found installation on device nvme0n1p2 and entered LUKS passphrase - Got Shell - Changes made to files still visible in /mnt/sysimage/boot/efi/EFI/qubes - Ran the efibootmgr command as shown in the guide, but adjusted devicename. I didn’t know whether I should add nvme0n1 or nvme0, or maybe even nvme0n1p1 – so I ran the command three times with different labels. --- Problem: Can't run efibootmgr. Error: "EFI variables are not supported on this system" - Rebooted, but also changing BIOS/UEFI setup boot options again --- Boot option "Both" with "UEFI First" failed to boot from USB (went back to UEFI boot menu) --- Boot option "Both" with "Legacy First" allowed me to boot from USB to rescue a Qubes installation. --- Problem: efibootmgr command still fails with "EFI variables are not supported on this system". - It looks like I may need to somehow boot with UEFI enabled I order to run efibootmgr. - Trying a Fedora Live CD (Fedora-Workstation-Live-x86_64-26-1.5.iso) - Created USB stick with Rufus dd method - Booted USB stick with boot option set to "UEFI Only" and "CSM Support" enabled. - Fedora stick boots successfully into Fedora 26 Live - Efibootmr command generally works - Tried it: --- efibootmgr -v -c -u -L Qubes431 -l /EFI/qubes/xen.efi -d /dev/nvme0n1 -p 1 "placeholder /mapbs /noexitboot" --- efibootmgr -v -c -u -L Qubes431 -l /EFI/qubes/xen.efi -d /dev/nvme0n1p1 -p 1 "placeholder /mapbs /noexitboot" --- efibootmgr -v -c -u -L Qubes433 -l /EFI/qubes/xen.efi -d /dev/nvme0n1p1 "placeholder /mapbs /noexitboot" - Rebooted (still with "UEFI Only" and "CSM" boot options enabled) - Selected F12 again for UEFI boot menu, and I could see both new added entries. I tried both of them, but... --- Problem: selecting ay of those entries just gets us back to the UEFI boot menu. They’re failing visually the same way as the standard "Qubes" entry fails. - Rebooted back into the Live image - I noticed that on nvme0n1p1, the .efi file is actually in /efi/EFI/qubes/xen.efi, and not in /EFI/qubes/xen.efi. not sure if that matters, but let’s try it: --- efibootmgr -v -c -u -L Qubes434 -l /efi/EFI/qubes/xen.efi -d /dev/nvme0n1 -p 1 "placeholder /mapbs /noexitboot" --- efibootmgr -v -c -u -L Qubes435 -l /efi/EFI/qubes/xen.efi -d /dev/nvme0n1p1 -p 1 "placeholder /mapbs /noexitboot" --- efibootmgr -v -c -u -L Qubes436 -l /efi/EFI/qubes/xen.efi -d /dev/nvme0n1p1 "placeholder /mapbs /noexitboot" --- sadly, same problem – none of them boot, goes back to UEFI boot menu. - Trying to change where my files are from /boot/efi/EFI/qubes to /boot/efi/EFI/BOOT, and renaming them from xen.* to BOOTX64.* as suggested at https://www.qubes-os.org/doc/uefi-troubleshooting/#boot-device-not-recognized-after-installing - Booted with "Legacy Only" into Qubes, and copied files around as suggested - Rebooted with "UEFI Only" into Fedora Live Image - Tried efibootmgr again with the new file names: --- efibootmgr -v -c -u -L Qubes437 -l /EFI/BOOT/BOOTX64.efi -d /dev/nvme0n1 -p 1 "placeholder /mapbs /noexitboot" --- efibootmgr -v -c -u -L Qubes438 -l /EFI/ BOOT/BOOTX64.efi -d /dev/nvme0n1p1 -p 1 "placeholder /mapbs /noexitboot" --- efibootmgr -v -c -u -L Qubes439 -l /EFI/ BOOT/BOOTX64.efi -d /dev/nvme0n1p1 "placeholder /mapbs /noexitboot" --- still no success. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/691b8336-b0da-46ca-acd8-735f998e3bad%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
