1) I found some code that when commented solves the problem for me. These are:
https://salsa.debian.org/live-team/live-build/blob/f242323fa246840ba9581586ad78a8301629d84c/scripts/build/binary_grub-efi#L181-188 or if you prefer a "fixing" commit: https://github.com/rescatux/live-build/commit/7a17008337b31ab968224b70dbdbde39c6d5a108 . These lines are: if [ -r ${_CHROOT_DIR}/usr/lib/grub/\$platform-signed/gcd\$efi_name.efi.signed -a \ -r ${_CHROOT_DIR}/usr/lib/shim/shim\$efi_name.efi.signed -a \ "${LB_UEFI_SECURE_BOOT}" != "disable" ]; then cp ${_CHROOT_DIR}/usr/lib/grub/\$platform-signed/gcd\$efi_name.efi.signed \ ${_CHROOT_DIR}/grub-efi-temp/EFI/boot/grub\$efi_name.efi cp ${_CHROOT_DIR}/usr/lib/shim/shim\$efi_name.efi.signed \ ${_CHROOT_DIR}/grub-efi-temp/EFI/boot/boot\$efi_name.efi fi 2) So let's add more information about this issue: Build logs shows that Secure Boot is enabled. And that it's true because I find the .signed files in the live-build's chroot for my build. That would explain why that code gets triggered. This laptop has both UEFI and BIOS/CSM boot modes. I make sure to boot with UEFI. I guess this laptop works with x64 and not ia32. I can try to boot an ia32-UEFI-only version of Super Grub2 Disk if you want to. This laptop does NOT have any UEFI Secure Boot enabled in its UEFI firmware. 3) I expect the live-build generated image to be able to fallback to a working grub menu even if Secure Boot is not enabled here. Anyways I don't think the problem is not related to UEFI firmware not supporting Secure Boot but to something else related on how those signed images try to find their own config (grub cfgs) files on a given path. 4) A deeper look tells me that the non-SB efi images are built before at: https://salsa.debian.org/live-team/live-build/blob/f242323fa246840ba9581586ad78a8301629d84c/scripts/build/binary_grub-efi#L159-162 So let's focus on: "\${LIVE_BUILD_PATH}/efi-image" "${_CHROOT_DIR}/\$outdir" "\$platform" "\$efi_name" "\$netboot_prefix" This is using efi-image which I stole back in the day from src:live-installer . https://salsa.debian.org/live-team/live-build/blob/f242323fa246840ba9581586ad78a8301629d84c/scripts/build/efi-image Can anyone more experienced than me take a look at the 'signed packages' 'source package' and check how the EFI are actually built? I guess they use a different script than efi-image or an update one that changes some paths. As always, any feedback is welcome. adrian15 El 08/03/19 a las 23:21, adrian15 escribió: > Package: live-build > Version: 1:20180224 > Severity: important > > Current live-build head ( f242323fa246840ba9581586ad78a8301629d84c We > should add buster for release ) brings on my HP250 G6 2SX60EA laptop > UEFI boot an: > > grub> > output. > > My specific build is done in a Buster chroot and the target distro is > Buster i386 with 686 and amd64 kernels. > > I also happen to use this commit: > https://github.com/rescatux/live-build/commit/6217dea5bc84212098d0efee18953151b41b3497 > so that amd64 kernel works for i386. I don't think you need this commit > to be able to reproduce my problem (if you had an HP250 G6 2SX60EA or > equivalent). > > > I have done a manual bisect and it seems the problem comes from: > 035518ff69a97fa5d3fa432e13c9593a9f459a4e UEFI: add support for Secure > Boot on amd64 and arm64. > > I'll try to tinker a bit reverting the commit that breaks things for me > and applying it part by part. Anyways any feedback that can speed up my > testing is welcomed. > > Thank you very much! > > adrian15 > > > Here there is the bisect just in case you need me to test more commits: > > ( grub> ) f242323fa246840ba9581586ad78a8301629d84c We should add buster > for release > ( N/A ) 2fa258cca25d834f7896b7adc64892dc583010bf use deb.debian.org as > default > ( N/A ) 069d0d7b5a67f71b60cdaea01e498bb2559cc3c7 Update changelog for > 1:20180925 release > ( N/A ) cc1341ab4ad2302c46469c15039fac948cdec094 lintian: override error > on dependency on e2fsprogs > ( N/A ) 66839c4346c63e8c48d7eba6b3d1ca99f1dd691f Bump Standards-Version > to 4.2.1. > ( N/A ) b2a760de575c1439e996cb895deb575c611ddf15 Add > Rules-Requires-Root: no. > ( N/A ) 4db6471248223ffec7ea1a028b929cd819abd490 Build-Depend on > debhelper >= 10~ to facilitate backports. > ( N/A ) f108fdfa71c9d66a5ef9dfe7f1f48c170c7f228e UEFI: remove the > EFI/debian/grub.cfg, not necessary anymore > ( grub> ) c22f1f5b71745922ae28df0ebf4b7d1a49d89f55 Use > gcd{x64.aa64}.efi.signed for amd64/arm64 arch. > ( grub> ) 8403487d4e3bda65cdd2ea6081399f7977325adb copy keys to > /etc/apt/trusted.gpg.d with appropriate extension for them to not be > ignored. > ( ) 52908422880f8d5cfa18c577d4138d5449af37f6 Handle includes.chroot > files installed over symlinked directories > ( ) 332c170c3b8dc2449b348191562c784db68ed331 Update changelog for > 1:20180618 release > ( ) be7bc0a9ffcc0b59ae66a63a863fb586d7ac1fca Bump Standards-Version to > 4.1.4, no changes. > ( Skipped ) 316b1281581b188e3353fe59bb40bcb81cbd953f UEFI: parse vendor > from Grub package metadata > ( ) e5492b1c702858eb26e2b93c65810773ad0bfa85 Avoid apt-key add and just > drop the key in /etc/apt/trusted.gpg.d > ( ) 186765e3fd905a2ecd08cd22dd9afdcc581b1d0a lb clean: remove ONIE image > ( ) b3ec8d59787a2c59c5cc68f9fd60ff004049d828 Update changelog for > 1:20180411 release > ( ) b062ede56c5aef3b1909efbf87f71d6617bc1936 Fix debian/NEWS date to > match an actual release > ( ) 277f0cec71b8a9a1b109225a69551ef5c7ba05e2 Reconfigure bootstrapped > packages after preseeding. > ( ) da0119396559308b29c78a7cc983013cf07797f0 Don't recommend gzip, it's > essential > ( ) 08dd0b90dbe87411fb0657c940926c85730ac3e7 Print an error and exit if > a host package (dependency) is missing. > ( ) 050e637b2ceaa1f6735fd9f84b0f7f4676637a79 ONIE: do not use package > cache, only runs on host > ( ) a0335ac4a42a1b784b054459b2377a0935720d23 ONIE: add Recommends for > programs needed by binary_onie > ( ) e47652d8412d2ccb2d32c370096580b7019f7655 ONIE: missing dependency > on file > ( ) 2aff516e1f9713e1c7407f163bc0abc998951bca ONIE: Check_package in the > host, not the chroot > ( ) 44e0d3520e9440cab692c86536083b3ce19510a2 Update changelog for > 1:20180328 release > ( ) 919604643bb66a2e2c4ea1cf6a630a6a6e24fbfa Add myself to Uploaders. > ( ) 76a90f31b5e84aa630982e1c09df82b0baff1ebe Bump Standards-Version to > 4.1.3. > ( ) 7f5d8ef9e9704efd962fc8950e7991ca66070fdc Use HTTPS in > debian/copyright (policy 4.0.0). > ( ) c1948b4183099b37dbc4ebf6b5e16cb6fe885cef ONIE: detect initrd > compression instead of hard-coding > ( ) 0e91aeea428577b71fa0e2dd21d5cf664a0ebbe9 Add > Acquire::AllowInsecureRepositories to fix apt-secure in sid > ( ) 46c95969265fff53173a06419db46133c12f42ae Add options to build ONIE > images > ( ) 8047c2425ac8ca8c89586b76dcce4a4fbe66f303 Add NEWS file to warn > users about change of live-boot mount paths > ( ) aa1ae83854d5e85901ab56ad291f9e938a0582db UEFI: use uppercase EFI > directory name for Tianocore > ( CULPRIT grub> ) 035518ff69a97fa5d3fa432e13c9593a9f459a4e UEFI: add > support for Secure Boot on amd64 and arm64 > ( OK ) ac3ed23638cbc4b10059f9678283d08b4a082136 UEFI: add minimal > grub.cfg to fat32 partition > > ( OK ) 0effdbd8ef12d0f668afee9505d1f50659f892ef Add grub-based UEFI boot > support for ARM64 > ( N/A ) 06d81b6710373f15faa1324f1f691483fafde8d1 Update changelog > ( N/A ) 952ac834e4bf63bccfc84715d6e69bd3fd9b3ff0 Simplify bootstrapping > of foreign architectures with qemu-debootstrap > ( N/A ) 842e971a65edf049a33dbba738d30c8c7edb85bc Run mksquashfs with > nice -n 19 to not overload the system > ( N/A ) ee8d06c46cfa30fb0c7d43fde5d4f8dfef3967c4 Merge branch > 'fix_offline_repo' into 'master' > ( N/A ) 9a0c6102fdff56da0871bfb1a63cc0349d6317f4 Fix build with local > offline mirrors > ( N/A ) 96e73960b3e64bae81294250e5ad531212ef0ac1 Fix Check_package > invocation in binary_hdd for ntfs-3g > ( N/A ) bf73aede691bb22a3b594de75e9d5a5f73e65373 Add e2fsprogs to > Suggests along with mtd-utils, parted > ( N/A ) c221f10cc197f5f8c392530726afe2ac03e19219 Repo moved to salsa > ( OK ) acafe6618bfb7a9f7525e723e13ade2956e10b4f Failsafe entries > rework at binary_loopback_cfg > > > > ==== > > > -- Package-specific info: > > -- System Information: > Debian Release: buster/sid > APT prefers testing > APT policy: (500, 'testing') > Architecture: i386 (x86_64) > Foreign Architectures: amd64 > > Kernel: Linux 4.9.0-4-amd64 (SMP w/4 CPU cores) > Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_USER, TAINT_WARN, > TAINT_OOT_MODULE > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), > LANGUAGE= (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: unable to detect > > Versions of packages live-build depends on: > ii debootstrap 1.0.114 > > Versions of packages live-build recommends: > ii apt-utils 1.8.0~rc3 > ii cpio 2.12+dfsg-6 > ii live-boot-doc 1:20180603 > ii live-config-doc 5.20180224 > ii live-manual-html [live-manual] 2:20151217.1 > ii wget 1.20.1-1 > > Versions of packages live-build suggests: > ii e2fsprogs 1.44.5-1 > pn mtd-utils <none> > pn parted <none> > > -- no debconf information > > -- Support free software. Donate to Super Grub Disk. Apoya el software libre. Dona a Super Grub Disk. http://www.supergrubdisk.org/donate/
