From 3f14ff63be1808cb54c49e0f5a60c0aed7d6165f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Sch=C3=A4r?= Date: Sat, 22 Jun 2024 15:26:29 +0200 Subject: [PATCH] Create custom boot entries in installer --- .../usr/local/bin/install-config | 54 +++++++++++++++++++ .../includes.installer/preseed.cfg | 1 + .../training-installer.list.chroot | 3 ++ 3 files changed, 58 insertions(+) diff --git a/os/layers/training-installer/includes.chroot/usr/local/bin/install-config b/os/layers/training-installer/includes.chroot/usr/local/bin/install-config index cc74761..98d687e 100755 --- a/os/layers/training-installer/includes.chroot/usr/local/bin/install-config +++ b/os/layers/training-installer/includes.chroot/usr/local/bin/install-config @@ -2,6 +2,60 @@ set -eu +# We preseed grub-installer/update-nvram to disable creation of +# EFI boot entries by grub and instead do it ourselves here. +# +# The main reason why we do this is that with the grub-created boot entry, +# Dell Latitude 7480 laptops no longer boot Debian from internal disk after +# having booted from USB stick. This apparently happens because, when a bootable +# USB stick is inserted, the firmware can no longer find the debian EFI file +# (it's probably looking at the wrong EFI partition, the one on the USB stick), +# and then enters boot option recovery, which finds the BOOTx64.EFI on the USB +# stick, and then creates a boot entry for that and sets the bootorder to just +# that new entry. After that, the debian boot entry is no longer in the +# bootorder, so booting fails after removing the USB stick. +# Additionally, it is convenient if laptops boot from USB stick automatically, +# without needing to enter the boot menu. +# +# To solve these problems, we create a boot entry for USB sticks, which is tried +# first, and one for Debian on the internal disk. +# We create path-only boot entries, which apparently work more reliably than +# entries which also specify the disk. +# We use hardcoded entry numbers to avoid needing to find available numbers and +# clean up old entries. + +# Try mounting efivarfs +mountvirtfs () { + fstype="$1" + path="$2" + mkdir -p "$path" + if mount -t "$fstype" "$fstype" "$path"; then + trap "umount $path" HUP INT QUIT KILL PIPE TERM EXIT + fi +} +mountvirtfs efivarfs /sys/firmware/efi/efivars + +# Check if EFI boot is available +if efibootmgr --quiet; then + efibootmgr --delete-bootorder || true + efibootmgr --bootnum 0150 --delete-bootnum || true + efibootmgr --bootnum 0151 --delete-bootnum || true + + # efibootmgr --create-only --bootnum 0150 --label "Removable media" --file-dev-path --loader '\EFI\BOOT\BOOTx64.EFI' + # efibootmgr --create-only --bootnum 0151 --label "Debian" --file-dev-path --loader '\EFI\debian\shimx64.efi' + + # The version of efibootmgr in bookworm does not support the --file-dev-path + # argument, so here are commands that directly write to efivarfs. + # When upgrading from bookworm to trixie, remove the commands below and + # uncomment the commands above. + echo "BwAAAAEAAAA0AFIAZQBtAG8AdgBhAGIAbABlACAAbQBlAGQAaQBhAAAABAQwAFwARQBGAEkAXABCAE8ATwBUAFwAQgBPAE8AVAB4ADYANAAuAEUARgBJAAAAf/8EAA==" | \ + base64 --decode - > /sys/firmware/efi/efivars/Boot0150-8be4df61-93ca-11d2-aa0d-00e098032b8c + echo "BwAAAAEAAAA4AEQAZQBiAGkAYQBuAAAABAQ0AFwARQBGAEkAXABkAGUAYgBpAGEAbgBcAHMAaABpAG0AeAA2ADQALgBlAGYAaQAAAH//BAA=" | \ + base64 --decode - > /sys/firmware/efi/efivars/Boot0151-8be4df61-93ca-11d2-aa0d-00e098032b8c + + efibootmgr --bootorder 0150,0151 +fi + # Set up apt lists. cp -rT /usr/local/share/target-sources /etc/apt/sources.list.d rm /etc/apt/sources.list diff --git a/os/layers/training-installer/includes.installer/preseed.cfg b/os/layers/training-installer/includes.installer/preseed.cfg index d21fb29..c0f2bd8 100644 --- a/os/layers/training-installer/includes.installer/preseed.cfg +++ b/os/layers/training-installer/includes.installer/preseed.cfg @@ -24,5 +24,6 @@ d-i partman/choose_partition select finish d-i apt-setup/use_mirror boolean false d-i grub-installer/only_debian boolean true +d-i grub-installer/update-nvram boolean false d-i preseed/late_command string in-target /usr/local/bin/install-config diff --git a/os/layers/training-installer/package-lists/training-installer.list.chroot b/os/layers/training-installer/package-lists/training-installer.list.chroot index 9049ab7..19897e0 100644 --- a/os/layers/training-installer/package-lists/training-installer.list.chroot +++ b/os/layers/training-installer/package-lists/training-installer.list.chroot @@ -3,6 +3,9 @@ sudo # Make Secure Boot work grub-efi-amd64-signed +# Tool for setting EFI boot variables during install +efibootmgr + # Firmware updates through gnome-software fwupd fwupd-signed