Re: Install debian armhf on tablet "surface rt"

To: debian-user@lists.debian.org
Subject: Re: Install debian armhf on tablet "surface rt"
From: "Thomas Schmitt" <scdbackup@gmx.net>
Date: Tue, 10 Sep 2019 14:22:03 +0200
Message-id: <[🔎] 27747701677143435068@scdbackup.webframe.org>
In-reply-to: <[🔎] 1568113862.re0rnpgys08coo4w@webmail.o2online.de>
References: <[🔎] 1568113862.re0rnpgys08coo4w@webmail.o2online.de>

Hi,

hans.ullrich@loop.de wrote:
> The "Surface RT" is capable to start of an usb-stick, but it is EFI secured.

What exactly do you mean by "EFI secured" ?

> However, the debian installer
> (on intel hardware) can be started with uefi, too, so why should the same
> not work with armhf?

I just downloaded
  https://cdimage.debian.org/debian-cd/current/armhf/iso-cd/debian-10.1.0-armhf-netinst.iso

It has an EFI system partition:

  $ /sbin/fdisk -l debian-10.1.0-armhf-netinst.iso
  ...
  Disklabel type: dos
  ...
  Device                           Boot  Start    End Sectors  Size Id Type
  debian-10.1.0-armhf-netinst.iso1           0 948223  948224  463M 83 Linux
  debian-10.1.0-armhf-netinst.iso2      948224 950271    2048    1M ef EFI (FAT-12
  $ expr 948224 '*' 512
  485490688
  $ mount -o offset=485490688 /dvdbuffer/debian-10.1.0-armhf-netinst.iso /mnt/fat
  $ find /mnt/fat
  /mnt/fat
  /mnt/fat/efi
  /mnt/fat/efi/boot
  /mnt/fat/efi/boot/bootarm.efi
  $

UEFI specs prescribe bootarm.efi as boot file name for "AArch32 architecture".

It looks like a GRUB2 EFI boot program.
  $ strings /mnt/fat/efi/boot/bootarm.efi | less
begins by
  "!This program cannot be run in DOS mode."
and has lots of names beginning by "grub".

Let's look at an amd64 ISO:

  $ /sbin/fdisk -l debian-10.0.0-amd64-netinst.iso
  ...
  Disklabel type: dos
  ...
  Device                           Boot Start    End Sectors  Size Id Type
  debian-10.0.0-amd64-netinst.iso1 *        0 684031  684032  334M  0 Empty
  debian-10.0.0-amd64-netinst.iso2       3808   9471    5664  2.8M ef EFI (FAT-12/
  $ expr 3808 '*' 512
  1949696
  $ mount -o offset=1949696 debian-10.0.0-amd64-netinst.iso /mnt/fat
  $ find /mnt/fat
  /mnt/fat
  /mnt/fat/efi
  /mnt/fat/efi/boot
  /mnt/fat/efi/boot/bootx64.efi
  /mnt/fat/efi/boot/grubx64.efi
  /mnt/fat/efi/debian
  /mnt/fat/efi/debian/grub.cfg

Afaik /efi/boot/bootx64.efi is the certified Secure Boot starter (shim):

  $ strings /mnt/fat/efi/boot/bootx64.efi | fgrep Microsoft | wc -w
  145

The file grubx64.efi looks like GRUB2.

So it could be about disabling Secure Boot.
If this cannot be done, then you'd need to convince Debian to beg Microsoft
for a signed shim for armhf and to then add armhf to
  https://wiki.debian.org/SecureBoot#Supported_architectures_and_packages

Have a nice day :)

Thomas

Reply to:

References:
- AW: Install debian armhf on tablet "surface rt"
  - From: hans.ullrich@loop.de

Prev by Date: Re: AW: Install debian armhf on tablet "surface rt"
Next by Date: Re: DRI_PRIME has no effect when running in a different user
Previous by thread: Re: AW: Install debian armhf on tablet "surface rt"
Next by thread: What is the location of the "depmod" program on your machine? vmware tools installation error
Index(es):
- Date
- Thread