uefi and pxe warning (nothing to do with secureboot)
tl;dr version: this is just a heads-up for those, like me, who install machines using PXE rather than USB sticks or CDROM. UEFI is going to make this a PITA until there's a EFI compatible ipxe or gpxelinux.0 and syslinux. This is entirely unrelated to secureboot/restricted boot, it's just an added complication. the story so far: I just bought a new notebook a few days ago to take to linuxconf, an asus x401u. it's nothing special, i just wanted a cheap xterm & ssh terminal. anyway, rather than blow it away completely and just install debian, I decided to use gparted to shrink the win7 partition and set it up for dual boot. most of that procedure went perfectly smoothly - pxeboot clonezilla to backup its pristine original condition (so i had something to revert to if i screwed up), pxeboot gparted, reboot, then pxeboot debian installer. debian installed w/o a problem until i got to the point of installing grub. The disk has a GPT partition table, and the system is configured for UEFI boot. Apparently Win7 needs UEFI in order to boot from a GPT disk. The latest debian installer fully supports installing to GPT on UEFI systems - the catch is that to load the efivars kernel module (needed so that grub-efi-amd64 and efibootmgr can update the efi boot table), you have to have booted a UEFI boot-loader. Fortunately, the BIOS has an option to enable UEFI network stack, which can then do a tftp boot. so far, so good. Unfortunately, unidonly.kpxe from the ipxe package is not efi compatible. nor is gpxelinux.0 from syslinux. and AFAIK, there aren't any. and none of the syslinux tools like menu.c32 or chain.c32 are efi-compatible (apparently there is an alpha-quality syslinux 6.x series which will be efi) What this means is that (currently) you can't use PXE to install linux on a UEFI system. your only option is to use a USB stick or CD-ROM, and even then only if you can make the system use UEFI to boot from it. (well, you can install linux, you just can't boot it afterwards) this, to put it mildly, sucks. anyway, i've finally made myself a debian live (wheezy) bootable usb stick, and i'm about to try booting and chrooting to get grub installed so i can finally boot linux from the hard disk. craig ps: i kind of wish i had just given up on making it dual boot. i could have disabled UEFI entirely and had far less problems, and i'm not sure i even have any use for the windows partition except maybe for some low-end games. -- craig sanders <cas@taz.net.au>
On Sun, Jan 06, 2013 at 10:52:36AM +1100, Craig Sanders wrote:
anyway, i've finally made myself a debian live (wheezy) bootable usb stick, and i'm about to try booting and chrooting to get grub installed so i can finally boot linux from the hard disk.
well, that didn't work. writing the debian-wheezy-live-b2-amd64-xfce-desktop+nonfree.iso file to the USB stick resulted in a partition with type 27 ("Hidden NTFS Win") - i presume that's normal (it's been a long time since i had to use anything other than pxe to install linux or run a "live" distro) The BIOS wouldn't boot it (no USB boot option at all), and windows wouldn't recognise it (wanted to format the USB stick). I updated the BIOS from the version 204 that it came with to version 310 downloaded from the ASUS web site. After reboot, an option for UEFI USB Generic Flash showed up in the BIOS boot priorities menu. Tried that, it didn't work. at all. so i returned to BIOS and found that the USB boot options had disappeared again. BUT, this time the BIOS now allows me to add a new boot option, and even lets me browse to the /efi/debian/grubx86.efi that i had earlier installed onto the EFI fs. So I did that, booted it, and finally saw the grub menu with the expected options for Debian, Debian Recovery, and Windows 7. Chose Debian and it looks like it started boot, but has been sitting on a blank screen for about 30 minutes now. The HD light on the notebook is solidly on, as is the wireless LED. This is really shitting me. i've wasted about 2 days on it now. If i can't boot debian on this notebook, it's a worthless piece of junk. anyone have any ideas on getting this working? i'd prefer to get the currently-installed-but-not-booting debian running...but my next step is likely to be to just wipe the system, turn off UEFI in the BIOS setup, and forget about dual-booting (windows isn't at all important to me, but i was hoping to come up with a workable procedure for dealing with UEFI machines because it won't be long before it's impossible to get a new m/b without it...and after i've spent so much time on it, i'd like to have something to show for it other than just knowing "Dont Do That Again") craig ps: one of the most annoying things about this is discovering just how appalling Windows still is as a user-experience. When I first booted up the notebook and plugged it in to the network, both Asus Live Upate and Windows Update wanted to download and install stuff. fair enough....it was only a few hundred MB in total, shouldn't take more than half an hour or so to dl and install them all, right? nope, wrong. it actually took about 8 hours to complete because a) they were competing with each for disk I/O, and b) worse, they both wanted to reboot several times during the process (Windows Update about three times, but Asus Live Update wanted to reboot after every thing it installed - 9 items). 12 reboots just to install about 100 little updates? before you can even begin to use the brand new machine you've just bought? this is supposed to be a compelling user-friendly experience? to add further injury, you have to sit there and wait and watch and log in again (*and* launch both Asus Live Update and Windows Update manually) after each reboot before it will continue installing the updates. What idiocy or arrogance makes Asus or Microsoft think this crap is even remotely acceptable? -- craig sanders <cas@taz.net.au>
Hi Craig, A few weeks ago we bought an ASUS R501 (aka N56 VM or VZ), which had Win8 preinstalled. (15.6" laptop with quad core i7, 8GB RAM, FullHD LED screen) After disabling secure boot, I was able to boot from USB (Ubuntu Qantal 12.10 64bit) and install that on to the HD by having the installer resize one of the two NTFS partitions. NB the resulting setup won't dual boot. If I keep secure boot disabled, GNU/Linux boots and works perfectly - if I enable secure boot, Win8 can be started. No matter, as the Win8 is not used. We might wipe it altogether at some point. It's possible that the Debian USB stick boot setup is a bit different - perhaps just put Ubuntu on a stick, even just to see if it that boots. My stick was initialised with the "Startup Disk Creator" which is in Ubuntu's System/administration menu. It's a normal FAT32 8GB USB stick, which also has other data on it - all the tool does is copy/replace the directories for the Ubuntu live/install, and make the stick bootable. No other partitions are created. Cheers, Arjen. -- Exec.Director @ Open Query (http://openquery.com) MySQL services Sane business strategy explorations at http://upstarta.com.au Personal blog at http://lentz.com.au/blog/
On Mon, Jan 07, 2013 at 09:51:25AM +1000, Arjen Lentz wrote:
NB the resulting setup won't dual boot. If I keep secure boot disabled, GNU/Linux boots and works perfectly - if I enable secure boot, Win8 can be started. No matter, as the Win8 is not used. We might wipe it altogether at some point.
yep, that's one of the known problems with secureboot aka restricted boot. if you want to boot to windows 8, you have to have it turned on. which means that you need to use a signed linux boot-loader if you want to also dual-boot linux without having to switch secureboot on or off depending on which OS you want to boot. i.e. microsoft now has the ability to approve (or not) which operating systems you are allowed to boot. btw, the problems i'm having with my new asus x401u have nothing at all to do with secureboot. they're entirely issues with EFI and grub.
It's possible that the Debian USB stick boot setup is a bit different - perhaps just put Ubuntu on a stick, even just to see if it that boots.
i've managed to boot a debian USB stick, tried several in fact. i've even managed to get the laptop to boot grub, so all the UEFI boot stuff is now set up correctly. so at least that problem is solved. The latest problem is that I can't get grub to reliably boot linux. choosing a linux kernel results in error messages about "no suitable mode found", usually followed by another line "Booting however", and then "Couldn't terminate EFI services". The *really* weird thing is that I can get the system to boot into linux by: 1. choosing a Linux kernel from the grub menu 2. as soon as it fails, choose Windows 7 (loader) (on /dev/sda3)" from the grub menu. Windows will also fail to boot but grub will then immediately start booting the linux kernel I chose in step 1. *This* boot will succeed and the system will then run fine (and the laptop which is horrendously slow and sluggish in Win7 actually turns out to be reasonably fast and responsive in linux). this happens no matter which kernel I choose kernel (currently installed are 3.2.0-4 and 3.7-trunk-amd64) - whichever one i choose is the one i get after i choose windows. this is, of course, completely insane. it's a hell of a lot better than not being able to boot debian at all, but it's still broken (if something only half works then it's broken) craig ps: if i want to boot into windows for some reason, i have to go into the bios setup and change the boot order so UEFI boots "Windows" rather than "debian"....it would be nice to be able to use grub as it's supposed to work and be able to choose linux or windows, and not use the windows entry as the only way to actually boot linux. pps: yes, i have tried re-installing the grub-efi-amd64 and grub-efi-amd64-bin packages, and have run 'grub-install /dev/sda' with efivars modules load and with /boot and /boot/efi mounted. Have tried this several times with three different versions of grub (1.99-23 from wheezy, 1.99-26 from sid, and even 2.00-10 from experimental). -- craig sanders <cas@taz.net.au> BOFH excuse #392: It's union rules. There's nothing we can do about it. Sorry.
Craig Sanders <cas@taz.net.au> writes:
The latest debian installer fully supports installing to GPT on UEFI systems - the catch is that to load the efivars kernel module (needed so that grub-efi-amd64 and efibootmgr can update the efi boot table), you have to have booted a UEFI boot-loader.
AIUI this is the key problem -- currently debian-installer does a UEFI-style install iff bootstrapped from UEFI. I don't know if there's a workaround (other than BIOS/GPT, which you note breaks Windows). If you do IRC, ask #debian-next or #debian-boot (OFTC) about it. There are "daily" and periodic "testing" builds of d-i that may work better than the stable build. (IME usually not, though :-) http://d-i.debian.org/daily-images/amd64/daily/netboot/debian-installer/amd64/{linux,initrd.gz} http://ftp.debian.org/debian/dists/{testing,unstable}/main/installer-amd64/current/images/netboot/debian-installer/amd64/{linux,initrd.gz}
(apparently there is an alpha-quality syslinux 6.x series which will be efi)
Likewise on #syslinux (Freenode, IIRC) I've found hpa et al to be patient and helpful, they may know of some workaround that I don't.
I could have disabled UEFI entirely and had far less problems [...]
This is the approach I have been taking. http://www.cyber.com.au/~twb/snarf/extlinux-gpt.page (not needed if you use grub, as d-i sets up grub correctly under BIOS/GPT)
Thanks for your comments, they've helped. On Mon, Jan 07, 2013 at 02:20:23AM +1100, Trent W. Buck wrote:
There are "daily" and periodic "testing" builds of d-i that may work better than the stable build. (IME usually not, though :-)
yeah, I used a recent daily build of the wheezy installer, and the grub-efi-amd64 packages recently (Dec 29 IIRC) got post-install scripts to automatically add debian to the EFI boot table.
(apparently there is an alpha-quality syslinux 6.x series which will be efi)
Likewise on #syslinux (Freenode, IIRC) I've found hpa et al to be patient and helpful, they may know of some workaround that I don't.
i've tried downloading and compiling syslinux-6.00-pre3 (and have some shiny new ELF versions of menu.c32, chain.c32 and so on - the switch to ELF rather than COM32 or COM32R in syslinux seems like a very good idea), but pxelinux is one of the things that doesn't have EFI support yet.
I could have disabled UEFI entirely and had far less problems [...]
This is the approach I have been taking.
looks like i don't even have that as an option...I assumed it would be possible but I can't find anything in the BIOS that even sounds like it might I did find out why the USB boot options disappeared - I had disabled "Legacy USB Support" figuring that I don't want legacy USB boot, I wanted UEFI USB boot. But that disables *both*. which makes perfect sense (with sufficient ketamine)
http://www.cyber.com.au/~twb/snarf/extlinux-gpt.page (not needed if you use grub, as d-i sets up grub correctly under BIOS/GPT)
i've actually got the notebook to the point where it will boot grub, but grub fails to boot a kernel. says something about "couldn't terminate EFI services". I suspect it's because the grub installed on the machine was installed in BIOS mode rather than UEFI so isn't properly installed. craig -- craig sanders <cas@taz.net.au>
participants (3)
-
Arjen Lentz -
Craig Sanders -
trentbuck@gmail.com