| 1 |
On Tue, 1 Oct 2019 at 12:01, Peter Humphrey <peter@××××××××××××.uk> wrote: |
| 2 |
> |
| 3 |
> On Tuesday, 1 October 2019 10:47:59 BST Neil Bothwick wrote: |
| 4 |
> > On Tue, 01 Oct 2019 10:05:23 +0100, Peter Humphrey wrote: |
| 5 |
> > > > Are you setting UEFI to boot from systemd-bootx64.efi or from the |
| 6 |
> > > > kernel image? If the former, you don't need a copy of the kernel in |
| 7 |
> > > > the ESP. |
| 8 |
> > > |
| 9 |
> > > I could run some tests to find out, but after throwing so much time and |
| 10 |
> > > effort into reaching a stable setup (so far), I don't wish to do |
| 11 |
> > > anything to it but use it, thanks all the same. |
| 12 |
> > |
| 13 |
> > You appear to have set up two alternative boot methods. While they don't |
| 14 |
> > conflict, you are adding potential confusion when trying to find out what |
| 15 |
> > is wrong. |
| 16 |
> |
| 17 |
> All right, I've deleted the systemd directory and the system boots more-or- |
| 18 |
> less as expected. |
| 19 |
|
| 20 |
The whole idea of a boot manager is that the UEFI firmware loads the |
| 21 |
boot manager's .efi executable from the ESP and the boot manager then |
| 22 |
provides a list of bootable images and boots them as selected. Unlike |
| 23 |
the UEFI boot manager which can only process ESP/FAT partitions, the |
| 24 |
boot manager of choice is able to load kernels from various different |
| 25 |
filesystems. In your use case where additional kernel(s) reside on a |
| 26 |
secondary disk, the use of systemd-boot's .efi binary would make |
| 27 |
sense. The UEFI firmware will not be able to load them on its own. |
| 28 |
|
| 29 |
BTW, I am not sure if bootctl will throw a wobbly when the systemd |
| 30 |
directory is missing ... :-/ |
| 31 |
|
| 32 |
|
| 33 |
> The differences from a few months ago are (i) the BIOS |
| 34 |
> spends a few seconds flickering the cursor around the screen before showing my |
| 35 |
> boot menu; |
| 36 |
|
| 37 |
Could it be the systemd-boot binary is looking for some of its files |
| 38 |
and not finding them where expected? Or, it may be related to some |
| 39 |
Secure Boot checks. |
| 40 |
|
| 41 |
|
| 42 |
> (ii) after I've chosen the image to boot, I see 'SHA256 verified' |
| 43 |
> at the top-left of the BIOS's part of the screen, until the kernel takes it |
| 44 |
> over. I don't know what to make of those. |
| 45 |
|
| 46 |
When using Secure Boot the UEFI firmware check the binaries to be |
| 47 |
loaded have been signed by Microsoft. The 'SHA256 verified' message |
| 48 |
indicates the systemd-boot binary is signed using a key which is |
| 49 |
ultimately signed by Microsoft and is contained in the whitelist |
| 50 |
(MokList). If the verification failed I think it would spit something |
| 51 |
back to allow you to enrol a valid hash or key. |
| 52 |
-- |
| 53 |
Regards, |
| 54 |
Mick |
Archives