On Wednesday, September 5, 2018 at 6:17:46 AM UTC+2, Marcus Linsner wrote: > On Thursday, March 15, 2018 at 7:08:25 AM UTC+1, coeu...@gmail.com wrote: > > Hello, guys. > > > > I want to show boot entries so that I can select certain kernel to boot, > > and I'm using EFI/qubes/xen.efi as boot binary. Currently, it will directly > > boot the default kernel. Could anyone give some advices? > > > > BTW, here is the reason: I have multiple kernels installed and > > kernel-latest-4.15.6-1 may raise kernel panic errors on Raven Ridge > > platform, but kernel-4.14.18-1 works just fine. > > > > Thanks! > > D.F. > > I don't understand why there are multiple entries in xen.cfg if the only way > to select any is by setting the default= to one of them. > > So, I had to make a copy of the qubes/ folder where xen.cfg is located, then > modify the copied xen.cfg to choose a different kernel. Then add a new boot > entry (which I can only select to boot from by entering BIOS btw), which will > be set as default when added by this command: > > first see what we have: > $sudo efibootmgr -v > then add one more (BIOS-visible) entry: > $ sudo efibootmgr -v -c -u -L Mewbs -l /EFI/mewbs/xen.efi -d /dev/sda -p 1 > then see what happened: > $ sudo efibootmgr -v > > (I'd copy/paste but it's harder to do from dom0 and I'm currently lazy/tired. > #notproud) Alright, it looks like it's easier than I thought, copy/pasting from dom0 (was previously using qvm-copy-to-vm), according to https://www.qubes-os.org/doc/copy-from-dom0/ , step 3 (for Qubes 4.0), to quote from there: "In other versions, write the data you wish to copy into /var/run/qubes/qubes-clipboard.bin, then echo -n dom0 > /var/run/qubes/qubes-clipboard.bin.source. Then use Ctrl-Shift-V to paste the data to the desired VM."
There is another file /var/run/qubes/qubes-clipboard.bin.xevent which contains a number and it doesn't need to be modified or touched for the copy/pasting to work. With that in mind, let's see how to add another UEFI entry (which, as a reminder, can only be selected from BIOS's Boot Menu - which in my case requires fully entering BIOS - there's no F12 key (but maybe it depends on settings, like secure boot must be disabled?)). Let's add an entry which boots with smt=on to enable all cores, thus reducing security, according to: https://www.qubes-os.org/news/2018/09/02/qsb-43/ Quick help for reference: [ctor@dom0 ~]$ sudo efibootmgr -h efibootmgr version 14 usage: efibootmgr [options] -a | --active sets bootnum active -A | --inactive sets bootnum inactive -b | --bootnum XXXX modify BootXXXX (hex) -B | --delete-bootnum delete bootnum -c | --create create new variable bootnum and add to bootorder -C | --create-only create new variable bootnum and do not add to bootorder -D | --remove-dups remove duplicate values from BootOrder -d | --disk disk (defaults to /dev/sda) containing loader -r | --driver Operate on Driver variables, not Boot Variables. -e | --edd [1|3|-1] force EDD 1.0 or 3.0 creation variables, or guess -E | --device num EDD 1.0 device number (defaults to 0x80) -g | --gpt force disk with invalid PMBR to be treated as GPT -i | --iface name create a netboot entry for the named interface -l | --loader name (defaults to \EFI\redhat\grub.efi) -L | --label label Boot manager display label (defaults to "Linux") -m | --mirror-below-4G t|f mirror memory below 4GB -M | --mirror-above-4G X percentage memory to mirror above 4GB -n | --bootnext XXXX set BootNext to XXXX (hex) -N | --delete-bootnext delete BootNext -o | --bootorder XXXX,YYYY,ZZZZ,... explicitly set BootOrder (hex) -O | --delete-bootorder delete BootOrder -p | --part part (defaults to 1) containing loader -q | --quiet be quiet -t | --timeout seconds set boot manager timeout waiting for user input. -T | --delete-timeout delete Timeout. -u | --unicode | --UCS-2 pass extra args as UCS-2 (default is ASCII) -v | --verbose print additional information -V | --version return version and exit -w | --write-signature write unique sig to MBR if needed -y | --sysprep Operate on SysPrep variables, not Boot Variables. -@ | --append-binary-args file append extra args from file (use "-" for stdin) -h | --help show help/usage Let's see what we have already: [ctor@dom0 ~]$ sudo efibootmgr -v BootCurrent: 0002 Timeout: 1 seconds BootOrder: 0000,0002 Boot0000* Qubes HD(1,GPT,a8c00c7c-aa3d-4418-8e1a-d3c5c158ac2d,0x800,0x190000)/File(\EFI\qubes\xen.efi) Boot0002* Mewbs HD(1,GPT,a8c00c7c-aa3d-4418-8e1a-d3c5c158ac2d,0x800,0x190000)/File(\EFI\mewbs\xen.efi) Find out which our efi partition: [ctor@dom0 ~]$ mount|grep efi efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime) /dev/sda1 on /boot/efi type vfat (rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=winnt,errors=remount-ro) or another way: [ctor@dom0 ~]$ df /boot/efi Filesystem 1K-blocks Used Available Use% Mounted on /dev/sda1 817584 305036 512548 38% /boot/efi So it's /dev/sda1 (mounted on /boot/efi) That means I need to pass: -d /dev/sda -p 1 Let's make a copy of of /boot/efi/EFI/qubes/ dir for this new entry: [ctor@dom0 ~]$ sudo cp -avr -- /boot/efi/EFI/qubes /boot/efi/EFI/qubes2 '/boot/efi/EFI/qubes' -> '/boot/efi/EFI/qubes2' '/boot/efi/EFI/qubes/xen.cfg' -> '/boot/efi/EFI/qubes2/xen.cfg' '/boot/efi/EFI/qubes/xen.efi' -> '/boot/efi/EFI/qubes2/xen.efi' '/boot/efi/EFI/qubes/vmlinuz-4.14.57-2.pvops.qubes.x86_64' -> '/boot/efi/EFI/qubes2/vmlinuz-4.14.57-2.pvops.qubes.x86_64' '/boot/efi/EFI/qubes/initramfs-4.14.57-2.pvops.qubes.x86_64.img' -> '/boot/efi/EFI/qubes2/initramfs-4.14.57-2.pvops.qubes.x86_64.img' '/boot/efi/EFI/qubes/vmlinuz-4.14.67-1.pvops.qubes.x86_64' -> '/boot/efi/EFI/qubes2/vmlinuz-4.14.67-1.pvops.qubes.x86_64' '/boot/efi/EFI/qubes/initramfs-4.14.67-1.pvops.qubes.x86_64.img' -> '/boot/efi/EFI/qubes2/initramfs-4.14.67-1.pvops.qubes.x86_64.img' '/boot/efi/EFI/qubes/vmlinuz-4.18.5-7.pvops.qubes.x86_64' -> '/boot/efi/EFI/qubes2/vmlinuz-4.18.5-7.pvops.qubes.x86_64' '/boot/efi/EFI/qubes/xen-4.8.4.efi' -> '/boot/efi/EFI/qubes2/xen-4.8.4.efi' '/boot/efi/EFI/qubes/vmlinuz-4.14.57-1.pvops.qubes.x86_64' -> '/boot/efi/EFI/qubes2/vmlinuz-4.14.57-1.pvops.qubes.x86_64' '/boot/efi/EFI/qubes/initramfs-4.14.57-1.pvops.qubes.x86_64.img' -> '/boot/efi/EFI/qubes2/initramfs-4.14.57-1.pvops.qubes.x86_64.img' '/boot/efi/EFI/qubes/initramfs-4.18.5-7.pvops.qubes.x86_64.img' -> '/boot/efi/EFI/qubes2/initramfs-4.18.5-7.pvops.qubes.x86_64.img' Now you must use your favorite editor to edit /boot/efi/EFI/qubes2/xen.cfg and set all smt=off to smt=on (there are 4 entries for me) Don't forget you must use sudo(or be root) to edit it. [ctor@dom0 ~]$ sudo grep -nH smt /boot/efi/EFI/qubes2/xen.cfg /boot/efi/EFI/qubes2/xen.cfg:6:options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx ucode=scan smt=off /boot/efi/EFI/qubes2/xen.cfg:12:options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx ucode=scan smt=off /boot/efi/EFI/qubes2/xen.cfg:18:options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx ucode=scan smt=off /boot/efi/EFI/qubes2/xen.cfg:25:options=loglvl=all dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx ucode=scan smt=off If you want to ALSO use a different kernel(I don't know yet how I can make systemd-boot prompt you for one) then change the default= line under the [global] section to one of the other section names For example: [global] default=4.14.57-1.pvops.qubes.x86_64 becomes: [global] default=4.18.5-7.pvops.qubes.x86_64 But note that even though this(with the comment) works: [global] #default=4.14.57-1.pvops.qubes.x86_64 default=4.18.5-7.pvops.qubes.x86_64 even the commented one will be replaced when you upgrade the kernels(eg. via: sudo qubes-dom0-update) like: [global] #default=4.18.5-7.pvops.qubes.x86_64 default=4.18.5-7.pvops.qubes.x86_64 but this only happens for the /boot/efi/EFI/qubes/xen.cfg so since we're in qubes2/xen.cfg it won't! Now it's time to add the boot entry: (reminder: this entry is seen/selectable only from BIOS - at least, to my limited knowledge so far(which is noob-level, first time EFI-ing)) [ctor@dom0 ~]$ sudo efibootmgr -v -c -u -L Qubes2_SMT_on -l /EFI/qubes2/xen.efi -d /dev/sda -p 1 BootCurrent: 0002 Timeout: 1 seconds BootOrder: 0001,0000,0002 Boot0000* Qubes HD(1,GPT,a8c00c7c-aa3d-4418-8e1a-d3c5c158ac2d,0x800,0x190000)/File(\EFI\qubes\xen.efi) Boot0002* Mewbs HD(1,GPT,a8c00c7c-aa3d-4418-8e1a-d3c5c158ac2d,0x800,0x190000)/File(\EFI\mewbs\xen.efi) Boot0001* Qubes2_SMT_on HD(1,GPT,a8c00c7c-aa3d-4418-8e1a-d3c5c158ac2d,0x800,0x190000)/File(\EFI\qubes2\xen.efi) Looks like BootCurrent wasn't changed, I wonder if that's because I have just booted the Mewbs entry from BIOS Setup by selecting BIOS's Override Boot, which means it's temporary, and on the next boot it will have fallen back to its original BootCurrent which was 00000 ie. BIOS would usually boot Qubes, not Mewbs for me, it only booted Mewbs now because I choose Mewbs under the Boot Override section in BIOS. To change the boot timeout, well, it won't work(for me): [ctor@dom0 ~]$ sudo efibootmgr -v --timeout 10 Could not set Timeout: Invalid argument That's all. Restart and enter BIOS to choose your boot entry whenever you need it. Additions: To remove an entry: first, see what we have: [ctor@dom0 ~]$ sudo efibootmgr -v BootCurrent: 0002 Timeout: 1 seconds BootOrder: 0003,0001,0000,0002 Boot0000* Qubes HD(1,GPT,a8c00c7c-aa3d-4418-8e1a-d3c5c158ac2d,0x800,0x190000)/File(\EFI\qubes\xen.efi) Boot0001* Qubes2_SMT_on HD(1,GPT,a8c00c7c-aa3d-4418-8e1a-d3c5c158ac2d,0x800,0x190000)/File(\EFI\qubes\xen.efi) Boot0002* Mewbs HD(1,GPT,a8c00c7c-aa3d-4418-8e1a-d3c5c158ac2d,0x800,0x190000)/File(\EFI\mewbs\xen.efi) Boot0003* Qubes2_SMT_on HD(1,GPT,a8c00c7c-aa3d-4418-8e1a-d3c5c158ac2d,0x800,0x190000)/File(\EFI\qubes2\xen.efi) yeah I typoed the qubes folder on entry 0001, it should've been qubes2, so that's why I have to delete it now: [ctor@dom0 ~]$ sudo efibootmgr -v -B -b 0001 BootCurrent: 0002 Timeout: 1 seconds BootOrder: 0003,0000,0002 Boot0000* Qubes HD(1,GPT,a8c00c7c-aa3d-4418-8e1a-d3c5c158ac2d,0x800,0x190000)/File(\EFI\qubes\xen.efi) Boot0002* Mewbs HD(1,GPT,a8c00c7c-aa3d-4418-8e1a-d3c5c158ac2d,0x800,0x190000)/File(\EFI\mewbs\xen.efi) Boot0003* Qubes2_SMT_on HD(1,GPT,a8c00c7c-aa3d-4418-8e1a-d3c5c158ac2d,0x800,0x190000)/File(\EFI\qubes2\xen.efi) To select different BootCurrent, I've no idea how to do that with efibootmgr yet. Frankly, I remember that it selects the newly added entry, so it should've been the number for the Qubes2_SMT_on entry. > > The above assumes /dev/sda1 is the efi partition. (the -p 1 is the partition > number; `df /boot/efi` should show /dev/sda1 ) > And that /boot/efi/EFI/qubes/ folder where xen.cfg, xen.efi, initramfs*, > vmlinuz* files are, is copied as /boot/efi/EFI/mewbs/ with all the files. > Then I edited mewbs/xen.cfg to change the default= to a different kernel. > > Intructions are from here: https://www.qubes-os.org/doc/uefi-troubleshooting/ > > Now, the Mewbs entry is selected as default to boot from on next boot, but > BIOS can select which to boot from, which means I have to enter BIOS via F2, > then F7 to got to advanced then select Boot and there somewhere both Qubes > and Mewbs entries can be seen and I can either perma-modify which one to boot > from, or temp-override and straight boot on one directly from BIOS there. On > an ASUS Z370-A PRIME motherboard. > > Looks like the timeout(which is 1 second) cannot be changed: > $ sudo efibootmgr -v -t 10 > Could not set Timeout: invalid argument > > I don't know if BIOS has any such setting by the way. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/661f5bca-ce5e-462a-955a-48990601974a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
