Re: Install debian armhf on tablet "surface rt"
Hi,
hans.ullrich@loop.de wrote:
> The "Surface RT" is capable to start of an usb-stick, but it is EFI secured.
What exactly do you mean by "EFI secured" ?
> However, the debian installer
> (on intel hardware) can be started with uefi, too, so why should the same
> not work with armhf?
I just downloaded
https://cdimage.debian.org/debian-cd/current/armhf/iso-cd/debian-10.1.0-armhf-netinst.iso
It has an EFI system partition:
$ /sbin/fdisk -l debian-10.1.0-armhf-netinst.iso
...
Disklabel type: dos
...
Device Boot Start End Sectors Size Id Type
debian-10.1.0-armhf-netinst.iso1 0 948223 948224 463M 83 Linux
debian-10.1.0-armhf-netinst.iso2 948224 950271 2048 1M ef EFI (FAT-12
$ expr 948224 '*' 512
485490688
$ mount -o offset=485490688 /dvdbuffer/debian-10.1.0-armhf-netinst.iso /mnt/fat
$ find /mnt/fat
/mnt/fat
/mnt/fat/efi
/mnt/fat/efi/boot
/mnt/fat/efi/boot/bootarm.efi
$
UEFI specs prescribe bootarm.efi as boot file name for "AArch32 architecture".
It looks like a GRUB2 EFI boot program.
$ strings /mnt/fat/efi/boot/bootarm.efi | less
begins by
"!This program cannot be run in DOS mode."
and has lots of names beginning by "grub".
Let's look at an amd64 ISO:
$ /sbin/fdisk -l debian-10.0.0-amd64-netinst.iso
...
Disklabel type: dos
...
Device Boot Start End Sectors Size Id Type
debian-10.0.0-amd64-netinst.iso1 * 0 684031 684032 334M 0 Empty
debian-10.0.0-amd64-netinst.iso2 3808 9471 5664 2.8M ef EFI (FAT-12/
$ expr 3808 '*' 512
1949696
$ mount -o offset=1949696 debian-10.0.0-amd64-netinst.iso /mnt/fat
$ find /mnt/fat
/mnt/fat
/mnt/fat/efi
/mnt/fat/efi/boot
/mnt/fat/efi/boot/bootx64.efi
/mnt/fat/efi/boot/grubx64.efi
/mnt/fat/efi/debian
/mnt/fat/efi/debian/grub.cfg
Afaik /efi/boot/bootx64.efi is the certified Secure Boot starter (shim):
$ strings /mnt/fat/efi/boot/bootx64.efi | fgrep Microsoft | wc -w
145
The file grubx64.efi looks like GRUB2.
So it could be about disabling Secure Boot.
If this cannot be done, then you'd need to convince Debian to beg Microsoft
for a signed shim for armhf and to then add armhf to
https://wiki.debian.org/SecureBoot#Supported_architectures_and_packages
Have a nice day :)
Thomas
Reply to: