Package: calamares-settings-debian Version: 10.0.18-1 Severity: normal [ I'm guessing as to the right package for this bug report, please reassign as appropriate! ]
Hi Jonathan, I've just tested an installation using calamares from the latest weekly live build (13th April, amd64, xfce). The installation went well and worked ok for me in a qemu/kvm VM, but the bootloader setup that it left behind is a little buggy - it looks like it's maybe(?) just inheriting the setup directly from the live image. After booting the installed system and looking in /boot/efi, I can see: 1. We have all the signed packages installed, which is good - yay! However: 2. It has a copy of the (signed) grub bootloader in /boot/efi/EFI/boot/bootx64.efi (i.e. the removable media path), which is not ideal for a number of reasons: a) Debian does not default to putting anything there on *installed* systems, only on installer media. I'd prefer to keep things that way... b) We do have an option in our grub packages to *also* install to the removable media path (e.g. for people plagued by broken firmware which won't boot otherwise), but that has not been set in the debconf database on this installed system. That means this installed file is basically orphaned: it won't ever be upgraded on the installed system by default. This can cause problems down the line as and when Grub change might cause incompatibility and unexpected boot failure. c) If this setup is deliberate, it also won't work with Secure Boot - we'd need shim installed to the removable media path instead, and then: i) this signed grub binary as grubx64.efi in the same directory instead, ready to be chainloaded by shim ii) a grub.cfg in /boot/efi/EFI/boot/debian/grub.cfg with config to find the real grub.cfg. I can see a "Debian" directory with a grub.cfg (capital D) which *might* work, but for maximum compatibility this should probably be lower case This is just a brain dump for now - happy to talk about this more when we're both online. EFI bootloader setup with SB can get a bit involved... :-) -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_WARN Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages calamares-settings-debian depends on: pn calamares <none> ii cryptsetup 2:2.1.0-2 ii dconf-gsettings-backend [gsettings-backend] 0.30.1-2 ii keyutils 1.6-6 ii qml-module-qtquick-window2 5.11.3-4 ii qml-module-qtquick2 5.11.3-4 calamares-settings-debian recommends no packages. calamares-settings-debian suggests no packages.