1 |
On Tue, 1 Oct 2019 at 12:01, Peter Humphrey <peter@××××××××××××.uk> wrote: |
2 |
> |
3 |
> On Tuesday, 1 October 2019 10:47:59 BST Neil Bothwick wrote: |
4 |
> > On Tue, 01 Oct 2019 10:05:23 +0100, Peter Humphrey wrote: |
5 |
> > > > Are you setting UEFI to boot from systemd-bootx64.efi or from the |
6 |
> > > > kernel image? If the former, you don't need a copy of the kernel in |
7 |
> > > > the ESP. |
8 |
> > > |
9 |
> > > I could run some tests to find out, but after throwing so much time and |
10 |
> > > effort into reaching a stable setup (so far), I don't wish to do |
11 |
> > > anything to it but use it, thanks all the same. |
12 |
> > |
13 |
> > You appear to have set up two alternative boot methods. While they don't |
14 |
> > conflict, you are adding potential confusion when trying to find out what |
15 |
> > is wrong. |
16 |
> |
17 |
> All right, I've deleted the systemd directory and the system boots more-or- |
18 |
> less as expected. |
19 |
|
20 |
The whole idea of a boot manager is that the UEFI firmware loads the |
21 |
boot manager's .efi executable from the ESP and the boot manager then |
22 |
provides a list of bootable images and boots them as selected. Unlike |
23 |
the UEFI boot manager which can only process ESP/FAT partitions, the |
24 |
boot manager of choice is able to load kernels from various different |
25 |
filesystems. In your use case where additional kernel(s) reside on a |
26 |
secondary disk, the use of systemd-boot's .efi binary would make |
27 |
sense. The UEFI firmware will not be able to load them on its own. |
28 |
|
29 |
BTW, I am not sure if bootctl will throw a wobbly when the systemd |
30 |
directory is missing ... :-/ |
31 |
|
32 |
|
33 |
> The differences from a few months ago are (i) the BIOS |
34 |
> spends a few seconds flickering the cursor around the screen before showing my |
35 |
> boot menu; |
36 |
|
37 |
Could it be the systemd-boot binary is looking for some of its files |
38 |
and not finding them where expected? Or, it may be related to some |
39 |
Secure Boot checks. |
40 |
|
41 |
|
42 |
> (ii) after I've chosen the image to boot, I see 'SHA256 verified' |
43 |
> at the top-left of the BIOS's part of the screen, until the kernel takes it |
44 |
> over. I don't know what to make of those. |
45 |
|
46 |
When using Secure Boot the UEFI firmware check the binaries to be |
47 |
loaded have been signed by Microsoft. The 'SHA256 verified' message |
48 |
indicates the systemd-boot binary is signed using a key which is |
49 |
ultimately signed by Microsoft and is contained in the whitelist |
50 |
(MokList). If the verification failed I think it would spit something |
51 |
back to allow you to enrol a valid hash or key. |
52 |
-- |
53 |
Regards, |
54 |
Mick |