Re: Grub, UEFI Secure Boot and netboot - help!

[Steve McIntyre <steve@einval.com>]

Hi Ian,

On Mon, Jun 10, 2019 at 02:32:23PM +0100, Ian Campbell wrote:
>On Mon, 2019-06-10 at 03:37 +0100, Steve McIntyre wrote:
>> Any other suggestions on what we could do? Let me know what you
>> think...
>
>Is signing an extra, d-i specific, grubnetXX.efi image out of the
>question?

Oh, that's a thought. Possibly, I guess. Minor tweaks to the grub
packaging and to the d-i build. That's probably the easiest route, in
fact! Colin - how does that sound for you?

>Is the hard coded prefix a single prefix or is there a possibility of
>searching a list?

The prefix variable is very much a single value, yes. It's used and
dereferenced all over the place inside grub as a single const char
*. Not something I'm about to play with!

>It's been a long time since I've played with any of this but I have a
>vague recollection of once upon a time using (or trying to use, maybe
>I'm remembering a failed experiment) a memdisk (builtin to the grub
>image) containing an initial config file which then was a bit more
>flexible about chaining to the next thing. I can't find any evidence
>of that setup in any of the places I thought it might be related to
>though :-/

Right. That's how various other things work - it's how we control
things for CD boot, for example. But network boot is a slightly
different configuration. It's simply a single binary rather than a FAT
image containing the binary and config.

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
Who needs computer imagery when you've got Brian Blessed?