Package: calamares-settings-debian
Version: 10.0.18-1
Severity: normal
[ I'm guessing as to the right package for this bug report, please
reassign as appropriate! ]
Hi Jonathan,
I've just tested an installation using calamares from the latest
weekly live build (13th April, amd64, xfce). The installation went
well and worked ok for me in a qemu/kvm VM, but the bootloader setup
that it left behind is a little buggy - it looks like it's maybe(?)
just inheriting the setup directly from the live image. After booting
the installed system and looking in /boot/efi, I can see:
1. We have all the signed packages installed, which is good - yay!
However:
2. It has a copy of the (signed) grub bootloader in
/boot/efi/EFI/boot/bootx64.efi (i.e. the removable media path),
which is not ideal for a number of reasons:
a) Debian does not default to putting anything there on *installed*
systems, only on installer media. I'd prefer to keep things that
way...
b) We do have an option in our grub packages to *also* install to
the removable media path (e.g. for people plagued by broken
firmware which won't boot otherwise), but that has not been set
in the debconf database on this installed system.
That means this installed file is basically orphaned: it won't
ever be upgraded on the installed system by default. This can
cause problems down the line as and when Grub change might cause
incompatibility and unexpected boot failure.
c) If this setup is deliberate, it also won't work with Secure Boot
- we'd need shim installed to the removable media path instead,
and then:
i) this signed grub binary as grubx64.efi in the same directory
instead, ready to be chainloaded by shim
ii) a grub.cfg in /boot/efi/EFI/boot/debian/grub.cfg with config
to find the real grub.cfg. I can see a "Debian" directory
with a grub.cfg (capital D) which *might* work, but for
maximum compatibility this should probably be lower case
This is just a brain dump for now - happy to talk about this more when
we're both online. EFI bootloader setup with SB can get a bit
involved... :-)
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages calamares-settings-debian depends on:
pn calamares <none>
ii cryptsetup 2:2.1.0-2
ii dconf-gsettings-backend [gsettings-backend] 0.30.1-2
ii keyutils 1.6-6
ii qml-module-qtquick-window2 5.11.3-4
ii qml-module-qtquick2 5.11.3-4
calamares-settings-debian recommends no packages.
calamares-settings-debian suggests no packages.
