[lfs-support] Good Results with LFS and EFI

Rob Taylor rtaylor777 at gmail.com
Wed Nov 27 09:14:51 PST 2013


Hi Dan,
I was wondering how it was going with secure boot and LFS?

I have reached the 6.48. GRUB-2.00 stage of my re-build of LFS 7.4 using my
new scripts and wrappers.

For this stage, since I already have secure boot disabled and am booting
the traditional way, I think I will
just follow the LFS book. But you have inspired me to look into this issue.
I may develop a system to enable
booting from either the BIOS or the Unified Extensible Firmware Interface,
depending on what the computer has.

I do not recall if one of the references you mentioned included this link?
http://www.rodsbooks.com/efi-bootloaders/secureboot.html

It shows a couple of different ways to sign your own binaries etc..

Take Care,
Robert Taylor


On Mon, Nov 18, 2013 at 8:30 AM, Dan McGhee <beesnees at grm.net> wrote:

> At the start here, I want to apologize to those who may be frustrated
> with my changing the subject line for this EFI stuff. The subject
> appears to be at least a "warm one," if not a "hot one."  Therefore,
> many things get hidden in the replies.  So, in an attempt to keep things
> fresh and simple, I just start a new thread. When the time comes, and it
> will be quite soon now, I will post the basics of my "how I did it" and,
> if people are interested, post what I learned, the reasons why I did
> what I did, my conclusions and what I think is left for my future testing.
>
> I was able to get the kernel to load.  That's the good news.  The bad
> news is that I got a kernel panic.  But, as I write this, I'm fixing
> that.  I have another kernel in the oven.
>
> Using the kernel's efi-stubs was last on my list of testing.  I thought
> I knew grub pretty well and didn't know anything about initrd's and
> initramfs, and everything that I had read about the efi-stubs included
> one of those two.  But Geoff's success with his imbedded kernel command
> line looked promising so I did it.
>
> One of the things he cautioned about, and I'm reinforcing now, is to
> make sure that all the drivers the kernel needs to boot are either
> configured into the kernel or made available on the EFI partition so
> that the kernel can load them.  That turned out to be my problem.  I had
> the "ahci" drivers configured as modules, and since the kernel couldn't
> load my hard drive, it couldn't mount the filesystem.  Here are the
> kernel configuration options I used:
>
> CONFIG_CMDLINE_BOOLEAN=y
> CONFIG_CMDLINE="root=/dev/xxxx" (xxxx=partition containing LFS)
> CONFIG_EFI_PARTITION=y
>
> CONFIG_EFI=y
> CONFIG_EFI_STUB=y
> CONFIG_FB_EFI=y
>
> CONFIG_FRAMEBUFFER_CONSOLE=y
>
> CONFIG_RELOCATABLE=y
>
> CONFIG_EFI_VARS=n (shows up as "Not Set)
>
> CONFIG_EFIVAR_FS=y
>
>
> Please note that these are the same as Geoff posted last night with the
> exception that he used EFIVARS and not EFIVARFS.  I did this because
> efivarfs is replacing efivars sometime in the future.
>
>
> Then it's just a matter of getting the kernel to the EFI partition and
> getting the entry into the Boot Manager. My EFI partition is mounted at
> /boot/efi so it was:
>
>
> mkdir -vp /boot/efi/EFI/lfs-7.4
> cp -v /boot/vmlinuz-<et cetera> /boot/efi/EFI/lfs-7.4/vimliuz-<et
> cetera.,efi
>
>
> I don't know if the ".efi" was necessary, but all the files I've seen on
> the EFI partition end like that.  Geoff gave the command he used for
> efibootmgr, but I started using gummiboot, so I did my "gummiboot thing."
>
>
> The result of booting was a kernel panic, but that's farther than I have
> gotten since I started doing this research.  I can fix a kernel panic.
> But the interesting conclusion that I have drawn is that unless GRUB2 is
> hacked it won't boot a kernel "in the old way."  When I was testing, I
> never got my kernel to load and I couldn't load Ubuntu unless I
> chainloaded its efi file like I do Windoze.  Last night William
> Harrington posted a link to the Fedora site regarding grub patches.
> There were a lot.  Also, let me quote the "FEDORA.README" from that link:
>
>
> > GRUB 2 provides various feature enhancements over the previous GRUB
> version
> > (referred to as "GRUB", or "GRUB Legacy") which has been unmaintained
> upstream
> > for years. GRUB has thus been deprecated in Fedora and replaced by GRUB
> 2 for
> > BIOS systems. (EFI systems still uses GRUB Legacy from the new grub-efi
> package.)
>
> So, Fedora is using grub legacy to boot into an efi environment. The
> vast majority of threads I have found at arch-linux, ubuntu, gentoo and
> openSuse all talk about not being able to boot other things with GRUB2.
> Very few, if any, people complain about their distros not booting.
>
> I think that if LFS is going to document how to boot using an EFI
> partition, then the most stripped down way is with the kernel efi-stubs
> and efibootmgr.  If someone chooses that option for their system, there
> is no need for GRUB2.  Multiboot options can be handled either by
> efibootmgr, which is the simplest, gummiboot or rEFInd.
>
> I'm still going to try to find a way to use GRUB2 in this.  But, I
> haven't done any building for my LFS system in almost a month and I want
> to get back to it.  I'm going to let this grub stuff grow penicillin in
> my brain for awhile and then try again.
>
> Dan
>
>
> --
> http://linuxfromscratch.org/mailman/listinfo/lfs-support
> FAQ: http://www.linuxfromscratch.org/lfs/faq.html
> Unsubscribe: See the above information page
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-support/attachments/20131127/ce9540df/attachment.html>


More information about the lfs-support mailing list