Can you please join the liveid conversation where I'm proposing a change
to live-build that would probably fix your issue?
There's the long live-boot Merge Request discussion at:
https://salsa.debian.org/live-team/live-boot/-/merge_requests/52 .
Then there's the sister Merge Request on live-build:
https://salsa.debian.org/live-team/live-build/-/merge_requests/364 .
And there's also a big liveid explanation email on the Debian Live
mailing list: https://lists.debian.org/debian-live/2024/08/msg00047.html .
El 7/9/24 a las 14:41, Askar Safin escribió:
Package: live-build
Severity: normal
X-Debbugs-Cc: safinas...@gmail.com
Current Live image (
https://cdimage.debian.org/cdimage/weekly-live-builds/amd64/iso-hybrid/debian-live-testing-amd64-kde.iso
)
contains file /EFI/boot/grubx64.efi , which is binary identical to the file
/usr/lib/grub/x86_64-efi-signed/gcdx64.efi.signed
from package "grub-efi-amd64-signed". (Keywords: UEFI, secure boot, GRUB.)
"gcdx64.efi.signed" is generated here:
https://sources.debian.org/src/grub2/2.12-5/debian/build-efi-images/#L219 .
As you can see, this GRUB binary has memdisk, which contains this config file:
https://sources.debian.org/src/grub2/2.12-5/debian/build-efi-images/#L63 .
This config file tries to find any media, which contains file /.disk/info or
/.disk/mini-info and then sets "prefix".
This is wrong, because this is unreliable if multiple Live medias are present.
Contrast this with official d-i approach: official d-i image contains GRUB
binary grubx64.efi.signed, as opposed to
gcdx64.efi.signed . This binary always unconditionally loads file
/EFI/debian/grub.cfg ( /EFI/debian/grub.cfg is located
outside of grubx64.efi.signed, so /EFI/debian/grub.cfg does not have to be
signed). Then /EFI/debian/grub.cfg finds real
root by its UUID (for example, by file
/mnt/.disk/id/30d00ffb-e0c5-493a-947c-64a7b625803b ). Live Debian should do
similar
thing.
Moreover, gcdx64.efi.signed approach for finding real root is wrong. So (after
Live Debian migrates away from gcdx64.efi.signed)
gcdx64.efi.signed should be removed from Debian archive or its generation code
should be somehow changed
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-0.deb9.30-amd64 (SMP w/8 CPU threads)
Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8),
LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect
Versions of packages live-build depends on:
pn cpio <none>
pn debootstrap <none>
Versions of packages live-build recommends:
ii apt-utils 2.7.10
ii bzip2 1.0.8-5+b2
pn cryptsetup <none>
ii file 1:5.45-2+b1
pn live-boot-doc <none>
pn live-config-doc <none>
pn live-manual-html | live-manual <none>
ii rsync 3.2.7-1+b1
pn systemd-container <none>
ii wget 1.21.4-1+b1
ii xz-utils 5.4.5-0.3
Versions of packages live-build suggests:
ii e2fsprogs 1.47.0-2+b1
pn mtd-utils <none>
pn parted <none>
