Bug#924053: live-build: UEFI shows grub> on HP250 G6 2SX60EA
Hello,
I think I have figured out why this build refuses to boot in my system.
This is a very strange corner case.
1. Requirements to trigger the bug
1.1. First of all you need to have:
Either a brand-new HP 250 G6 at hand (e.g. no operating has been
installed despite what comes from HP itself).
Or recreate what I'm going to tell you in a FAT32 partition in your
internal hard disk.
I think an ext4 partition might do it also.
In one of your internal hard disk partitions you have:
/live/vmlinuz # Doesn't matter the contents. You can have a 0 byte size
file if you want to.
These same internal hard disk partition does not have to have a
/boot/grub/grub.cfg file.
This is very important.
1.2. Second thing that you need is using current git head with my
foreign architectures patch (which it helps triggering the bug but it's
not the main reason of it).
https://github.com/rescatux/live-build/tree/foreign-architecture-support-salsa2019-quicktest5
Using the git head sets the Secure Boot support as auto, I mean, enabled
by default.
1.3. Third thing you need is to choose:
--bootloaders syslinux,grub-efi
this makes sure that the binary_syslinux script is run.
This is very important.
1.4. Fourth thing you need is to force the use of two architectures
kernels which, now with my patch, is done with:
--linux-flavours 'amd64:amd64 686'
1.5. Fifth thing you need is to build a buster image so that the amd64
signed packages are indeed downloaded.
And maybe you need to build all of this from a buster
installation/chroot (not sure about that).
1.6. I also build the i386 arch (so that 686 and amd64 makes sense)
although I'm not sure it's required for reproducing the bug.
So the option would be:
-a i386
2. Quick code review
2.1.) When you use Secure Boot shim signed is loaded which in turn tries
to load grubx64.efi .
Somewhere in between something fails (or works as expected, I don't know
very much about this one) and the boot process fallsback to this image:
/boot/grub/efi.img
or maybe
/efi.img
on the usb.
Anyways this efi.img has inside of it three files:
EFI/boot/bootia32.efi
EFI/boot/bootx64.efi
boot/grub/grub.cfg
So, let's take a look at: boot/grub/grub.cfg file.
search --set=root --file /live/vmlinuz
set prefix=($root)/boot/grub
configfile ($root)/boot/grub/grub.cfg
This file assumes two things:
2.1.1) The live cd media will be the first one to be found by the
grub's search command. That's ok, that will work in most systems.
A random filename for each build for detecting live cd media might be a
better approach but... this does not have anything to do with this bug.
2.1.2) This exact file exists: /live/vmlinuz in the live cd media.
This second assumption is wrong in my corner case scenario as you will
see later.
2.2) When two kernels flavorus are requested and syslinux is used as a
bootloader this code is triggered:
https://salsa.debian.org/live-team/live-build/blob/f242323fa246840ba9581586ad78a8301629d84c/scripts/build/binary_syslinux#L171-196
*)
_NUMBER="0"
for _FLAVOUR in ${LB_LINUX_FLAVOURS}
do
_NUMBER="$((${_NUMBER} + 1))"
ln binary/${_INITRAMFS}/vmlinuz-*-${_FLAVOUR}
binary/${_INITRAMFS}/vmlinuz${_NUMBER}
ln binary/${_INITRAMFS}/initrd.img-*-${_FLAVOUR}
binary/${_INITRAMFS}/initrd${_NUMBER}.img
if [ "${_NUMBER}" -gt 1 ]
then
echo "" >> "${_TARGET}/live.cfg"
grep -v 'menu default' "${_TARGET}/live.cfg.in" >>
"${_TARGET}/live.cfg"
else
cat "${_TARGET}/live.cfg.in" >> "${_TARGET}/live.cfg"
fi
sed -i -e "s|@FLAVOUR@|${_FLAVOUR}|g" \
-e "s|@LINUX@|/${_INITRAMFS}/vmlinuz${_NUMBER}|g" \
-e "s|@INITRD@|/${_INITRAMFS}/initrd${_NUMBER}.img|g" \
"${_TARGET}/live.cfg"
done
rm -f "${_TARGET}/live.cfg.in"
;;
instead of the default code (when only linux flavour is set):
https://salsa.debian.org/live-team/live-build/blob/f242323fa246840ba9581586ad78a8301629d84c/scripts/build/binary_syslinux#L157-169
1)
# If multiple initrd images are being generated (by DKMS packages, etc),
# we likely only want the latest version.
ln $(ls -r1 --sort=version binary/${_INITRAMFS}/vmlinuz-* | head -n
1) binary/${_INITRAMFS}/vmlinuz
ln $(ls -r1 --sort=version binary/${_INITRAMFS}/initrd.img-* | head
-n 1) binary/${_INITRAMFS}/initrd.img
sed -e "s|@FLAVOUR@|${LB_LINUX_FLAVOURS}|g" \
-e "s|@LINUX@|/${_INITRAMFS}/vmlinuz|g" \
-e "s|@INITRD@|/${_INITRAMFS}/initrd.img|g" \
"${_TARGET}/live.cfg.in" >> "${_TARGET}/live.cfg"
rm -f "${_TARGET}/live.cfg.in"
;;
This means that when there are two kernel flavours we are using:
vmlinuz1 and vmlinuz2 on the disk.
But when there is only one kernel flavour we use vmlinuz.
2.3) So... as you can see from (2.1) the boot process is expecting
/live/vmlinuz and in (2.2) we are not giving it /live/vmlinuz but
/live/vmlinuz1 and /live/vmlinuz2.
So, in the specific case of brand new HP250G6:
search --set=root --file /live/vmlinuz : Does not find the file in our
live cd and loops other system storage devices. /live/vmlinuz is being
found in the second internal partition and
grub's root variable is set to "hd1,msdos2".
set prefix=($root)/boot/grub
grub's prefix variable is set to "(hd1,msdos2)/boot/grub"
configfile ($root)/boot/grub/grub.cfg
This is trying to load:
"(hd1,msdos2)/boot/grub/grub.cfg"
and per (1.1) you know that this file does not exist in this internal
hard disk partition.
So grub.cfg ends and the user is presented:
grub> .
3) I'll try to do more tests. Maybe renaming /live/vmlinuz in the
internal hard disk partition to mimic non HP250G6 systems but I already
know what's going to happen. I'll get the grub> prompt too because it
will have no useful grub.cfg to configfile into.
4) And, well, I might try an obvious patch that searches with regex both
/live/vmlinuz and /live/vmlinuz1 and give us more feedback about it.
El 08/03/19 a las 23:21, adrian15 escribió:
> Package: live-build
> Version: 1:20180224
> Severity: important
>
> Current live-build head ( f242323fa246840ba9581586ad78a8301629d84c We
> should add buster for release ) brings on my HP250 G6 2SX60EA laptop
> UEFI boot an:
>
> grub>
> output.
>
> My specific build is done in a Buster chroot and the target distro is
> Buster i386 with 686 and amd64 kernels.
>
> I also happen to use this commit:
> https://github.com/rescatux/live-build/commit/6217dea5bc84212098d0efee18953151b41b3497
> so that amd64 kernel works for i386. I don't think you need this commit
> to be able to reproduce my problem (if you had an HP250 G6 2SX60EA or
> equivalent).
>
>
> I have done a manual bisect and it seems the problem comes from:
> 035518ff69a97fa5d3fa432e13c9593a9f459a4e UEFI: add support for Secure
> Boot on amd64 and arm64.
>
> I'll try to tinker a bit reverting the commit that breaks things for me
> and applying it part by part. Anyways any feedback that can speed up my
> testing is welcomed.
>
> Thank you very much!
>
> adrian15
>
>
> Here there is the bisect just in case you need me to test more commits:
>
> ( grub> ) f242323fa246840ba9581586ad78a8301629d84c We should add buster
> for release
> ( N/A ) 2fa258cca25d834f7896b7adc64892dc583010bf use deb.debian.org as
> default
> ( N/A ) 069d0d7b5a67f71b60cdaea01e498bb2559cc3c7 Update changelog for
> 1:20180925 release
> ( N/A ) cc1341ab4ad2302c46469c15039fac948cdec094 lintian: override error
> on dependency on e2fsprogs
> ( N/A ) 66839c4346c63e8c48d7eba6b3d1ca99f1dd691f Bump Standards-Version
> to 4.2.1.
> ( N/A ) b2a760de575c1439e996cb895deb575c611ddf15 Add
> Rules-Requires-Root: no.
> ( N/A ) 4db6471248223ffec7ea1a028b929cd819abd490 Build-Depend on
> debhelper >= 10~ to facilitate backports.
> ( N/A ) f108fdfa71c9d66a5ef9dfe7f1f48c170c7f228e UEFI: remove the
> EFI/debian/grub.cfg, not necessary anymore
> ( grub> ) c22f1f5b71745922ae28df0ebf4b7d1a49d89f55 Use
> gcd{x64.aa64}.efi.signed for amd64/arm64 arch.
> ( grub> ) 8403487d4e3bda65cdd2ea6081399f7977325adb copy keys to
> /etc/apt/trusted.gpg.d with appropriate extension for them to not be
> ignored.
> ( ) 52908422880f8d5cfa18c577d4138d5449af37f6 Handle includes.chroot
> files installed over symlinked directories
> ( ) 332c170c3b8dc2449b348191562c784db68ed331 Update changelog for
> 1:20180618 release
> ( ) be7bc0a9ffcc0b59ae66a63a863fb586d7ac1fca Bump Standards-Version to
> 4.1.4, no changes.
> ( Skipped ) 316b1281581b188e3353fe59bb40bcb81cbd953f UEFI: parse vendor
> from Grub package metadata
> ( ) e5492b1c702858eb26e2b93c65810773ad0bfa85 Avoid apt-key add and just
> drop the key in /etc/apt/trusted.gpg.d
> ( ) 186765e3fd905a2ecd08cd22dd9afdcc581b1d0a lb clean: remove ONIE image
> ( ) b3ec8d59787a2c59c5cc68f9fd60ff004049d828 Update changelog for
> 1:20180411 release
> ( ) b062ede56c5aef3b1909efbf87f71d6617bc1936 Fix debian/NEWS date to
> match an actual release
> ( ) 277f0cec71b8a9a1b109225a69551ef5c7ba05e2 Reconfigure bootstrapped
> packages after preseeding.
> ( ) da0119396559308b29c78a7cc983013cf07797f0 Don't recommend gzip, it's
> essential
> ( ) 08dd0b90dbe87411fb0657c940926c85730ac3e7 Print an error and exit if
> a host package (dependency) is missing.
> ( ) 050e637b2ceaa1f6735fd9f84b0f7f4676637a79 ONIE: do not use package
> cache, only runs on host
> ( ) a0335ac4a42a1b784b054459b2377a0935720d23 ONIE: add Recommends for
> programs needed by binary_onie
> ( ) e47652d8412d2ccb2d32c370096580b7019f7655 ONIE: missing dependency
> on file
> ( ) 2aff516e1f9713e1c7407f163bc0abc998951bca ONIE: Check_package in the
> host, not the chroot
> ( ) 44e0d3520e9440cab692c86536083b3ce19510a2 Update changelog for
> 1:20180328 release
> ( ) 919604643bb66a2e2c4ea1cf6a630a6a6e24fbfa Add myself to Uploaders.
> ( ) 76a90f31b5e84aa630982e1c09df82b0baff1ebe Bump Standards-Version to
> 4.1.3.
> ( ) 7f5d8ef9e9704efd962fc8950e7991ca66070fdc Use HTTPS in
> debian/copyright (policy 4.0.0).
> ( ) c1948b4183099b37dbc4ebf6b5e16cb6fe885cef ONIE: detect initrd
> compression instead of hard-coding
> ( ) 0e91aeea428577b71fa0e2dd21d5cf664a0ebbe9 Add
> Acquire::AllowInsecureRepositories to fix apt-secure in sid
> ( ) 46c95969265fff53173a06419db46133c12f42ae Add options to build ONIE
> images
> ( ) 8047c2425ac8ca8c89586b76dcce4a4fbe66f303 Add NEWS file to warn
> users about change of live-boot mount paths
> ( ) aa1ae83854d5e85901ab56ad291f9e938a0582db UEFI: use uppercase EFI
> directory name for Tianocore
> ( CULPRIT grub> ) 035518ff69a97fa5d3fa432e13c9593a9f459a4e UEFI: add
> support for Secure Boot on amd64 and arm64
> ( OK ) ac3ed23638cbc4b10059f9678283d08b4a082136 UEFI: add minimal
> grub.cfg to fat32 partition
>
> ( OK ) 0effdbd8ef12d0f668afee9505d1f50659f892ef Add grub-based UEFI boot
> support for ARM64
> ( N/A ) 06d81b6710373f15faa1324f1f691483fafde8d1 Update changelog
> ( N/A ) 952ac834e4bf63bccfc84715d6e69bd3fd9b3ff0 Simplify bootstrapping
> of foreign architectures with qemu-debootstrap
> ( N/A ) 842e971a65edf049a33dbba738d30c8c7edb85bc Run mksquashfs with
> nice -n 19 to not overload the system
> ( N/A ) ee8d06c46cfa30fb0c7d43fde5d4f8dfef3967c4 Merge branch
> 'fix_offline_repo' into 'master'
> ( N/A ) 9a0c6102fdff56da0871bfb1a63cc0349d6317f4 Fix build with local
> offline mirrors
> ( N/A ) 96e73960b3e64bae81294250e5ad531212ef0ac1 Fix Check_package
> invocation in binary_hdd for ntfs-3g
> ( N/A ) bf73aede691bb22a3b594de75e9d5a5f73e65373 Add e2fsprogs to
> Suggests along with mtd-utils, parted
> ( N/A ) c221f10cc197f5f8c392530726afe2ac03e19219 Repo moved to salsa
> ( OK ) acafe6618bfb7a9f7525e723e13ade2956e10b4f Failsafe entries
> rework at binary_loopback_cfg
>
>
>
> ====
>
>
> -- Package-specific info:
>
> -- System Information:
> Debian Release: buster/sid
> APT prefers testing
> APT policy: (500, 'testing')
> Architecture: i386 (x86_64)
> Foreign Architectures: amd64
>
> Kernel: Linux 4.9.0-4-amd64 (SMP w/4 CPU cores)
> Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_USER, TAINT_WARN,
> TAINT_OOT_MODULE
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
> LANGUAGE= (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: unable to detect
>
> Versions of packages live-build depends on:
> ii debootstrap 1.0.114
>
> Versions of packages live-build recommends:
> ii apt-utils 1.8.0~rc3
> ii cpio 2.12+dfsg-6
> ii live-boot-doc 1:20180603
> ii live-config-doc 5.20180224
> ii live-manual-html [live-manual] 2:20151217.1
> ii wget 1.20.1-1
>
> Versions of packages live-build suggests:
> ii e2fsprogs 1.44.5-1
> pn mtd-utils <none>
> pn parted <none>
>
> -- no debconf information
>
>
--
Support free software. Donate to Super Grub Disk. Apoya el software
libre. Dona a Super Grub Disk. http://www.supergrubdisk.org/donate/
Reply to: