[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Grub, UEFI Secure Boot and netboot - help!

On Mon, Jun 10, 2019 at 04:15:22PM +0100, Steve McIntyre wrote:
> On Mon, Jun 10, 2019 at 02:32:23PM +0100, Ian Campbell wrote:
> >On Mon, 2019-06-10 at 03:37 +0100, Steve McIntyre wrote:
> >> Any other suggestions on what we could do? Let me know what you
> >> think...
> >
> >Is signing an extra, d-i specific, grubnetXX.efi image out of the
> >question?
> Oh, that's a thought. Possibly, I guess. Minor tweaks to the grub
> packaging and to the d-i build. That's probably the easiest route, in
> fact! Colin - how does that sound for you?
> >Is the hard coded prefix a single prefix or is there a possibility of
> >searching a list?
> The prefix variable is very much a single value, yes. It's used and
> dereferenced all over the place inside grub as a single const char
> *. Not something I'm about to play with!

It'd be totally possible to make the grubnet memdisk try multiple
prefixes: there's already a memdisk that looks in a couple of locations
under $prefix for grub.cfg, so it could separate it into a list and try
each one until it finds something usable.

However, that approach embeds the debian-installer path even in images
that have nothing to do with d-i; so I think on balance I prefer the
idea of adding another d-i-specific image.  Steve is working on that

> >It's been a long time since I've played with any of this but I have a
> >vague recollection of once upon a time using (or trying to use, maybe
> >I'm remembering a failed experiment) a memdisk (builtin to the grub
> >image) containing an initial config file which then was a bit more
> >flexible about chaining to the next thing. I can't find any evidence
> >of that setup in any of the places I thought it might be related to
> >though :-/
> Right. That's how various other things work - it's how we control
> things for CD boot, for example. But network boot is a slightly
> different configuration. It's simply a single binary rather than a FAT
> image containing the binary and config.

Moot given the above, but this isn't actually true - search for
grub-netboot.cfg and memdisk-netboot.fat in build-efi-images.

Colin Watson                                       [cjwatson@debian.org]

Reply to: