grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Change "efi" to "EFI" in grub-mkrescue for secure boot


From: Thomas Schmitt
Subject: Re: [PATCH] Change "efi" to "EFI" in grub-mkrescue for secure boot
Date: Sat, 07 Sep 2024 10:30:45 +0200

Hi,

Pascal Hambourg wrote:
> When
> booting from a EFI partition on a regular disk, then $root is set to the
> EFI partition (hdX,Y). When booting from a EFI El Torito image on a CD,
> then $root is set to the whole CD (cdX), and the El Torito image is not
> visible.

That's a surprise to me.

I wrote (before knowing this information):
> > I can confirm that many distro ISOs have a copy of the file tree of their
> > EFI system partition as file tree "/EFI/boot" in the ISO 9660 filesystem.
> > This copy normally plays no role in booting

Pascal Hambourg wrote:
> It plays a role in Debian ISOhybrid images when booting from CD with a
> monolithic signed GRUB image which fetches an early grub.cfg in the EFI
> partition, because GRUB does not see the El Torito image and can read
> the early grub.cfg only from the ISO 9660 filesystem.

I was disbelieving enough to make a DVD+RW from
debian-12.7.0-amd64-netinst.iso with /EFI/debian/grub.cfg removed from
the ISO filesystem:

  xorriso -indev debian-12.7.0-amd64-netinst.iso \
          -outdev /dev/sr3 \
          -blank as_needed \
          -rm /EFI/debian/grub.cfg -- \
          -boot_image any replay \
          -assess_indev_features replay

Indeed when booting this DVD on real iron, i end up at a "grub>" prompt.
The original debian-12.7.0-amd64-netinst.iso put later on the same DVD
boots to the installer menu.

There remains my curiosity why this difference between booting via
El Torito and via partition table from the same FAT filesystem exists
and whether this is a bug.
(Well, by tradition it probably is a feature now.)


Have a nice day :)

Thomas




reply via email to

[Prev in Thread] Current Thread [Next in Thread]