Commit Graph

34 Commits

Author SHA1 Message Date
nl6720
7bc4c54245
mkarchiso: preload more GRUB modules and disable shim_lock verifier
--disable-shim-lock is required to support Secure Boot with custom signatures without using shim.
Otherwise GRUB will trow an error when trying to boot a kernel:

    error: shim_lock protocol not found.
    error: you need to load the kernel first.

The modules GRUB will use need to be preloaded otherwise the EFI binaries cannot be signed and used for Secure Boot.
See https://bugs.archlinux.org/task/71382.
GRUB will trow en error:

    error: verification requested but nobody cares

These changes are done to support Secure Boot using custom keys (not shim) by simply extracting the boot loader
(BOOTx64.EFI and BOOTIA32.EFI), kernel, UEFI shell, signing them and then repacking the ISO.

For example.
Extract the files:

    $ osirrox -indev archlinux-YYYY.MM.DD-x86_64.iso \
        -extract_boot_images ./ \
        -extract /EFI/BOOT/BOOTx64.EFI BOOTx64.EFI \
        -extract /EFI/BOOT/BOOTIA32.EFI BOOTIA32.EFI \
        -extract /shellx64.efi shellx64.efi \
        -extract /shellia32.efi shellia32.efi \
        -extract /arch/boot/x86_64/vmlinuz-linux vmlinuz-linux

Make the files writable:

    $ chmod +w BOOTx64.EFI BOOTIA32.EFI shellx64.efi shellia32.efi vmlinuz-linux

Sign the files:

    $ sbsign --key db.key --cert db.crt --output BOOTx64.EFI BOOTx64.EFI
    $ sbsign --key db.key --cert db.crt --output BOOTIA32.EFI BOOTIA32.EFI
    $ sbsign --key db.key --cert db.crt --output shellx64.efi shellx64.efi
    $ sbsign --key db.key --cert db.crt --output shellia32.efi shellia32.efi
    $ sbsign --key db.key --cert db.crt --output vmlinuz-linux vmlinuz-linux

Copy the boot loader and UEFI shell to the EFI system partition image:

    $ mcopy -D oO -i eltorito_img2_uefi.img BOOTx64.EFI BOOTIA32.EFI ::/EFI/BOOT/
    $ mcopy -D oO -i eltorito_img2_uefi.img shellx64.efi shellia32.efi ::/

Repack the ISO using the modified El Torito UEFI boot image and add the signed boot loader files, UEFI shell and
kernel to ISO9660:

    $ xorriso -indev archlinux-YYYY.MM.DD-x86_64.iso \
        -outdev archlinux-YYYY.MM.DD-x86_64-Secure_Boot.iso \
        -boot_image any replay \
        -append_partition 2 0xef eltorito_img2_uefi.img \
        -map BOOTx64.EFI /EFI/BOOT/BOOTx64.EFI \
        -map BOOTIA32.EFI /EFI/BOOT/BOOTIA32.EFI \
        -map shellx64.efi /shellx64.efi \
        -map shellia32.efi /shellia32.efi \
        -map vmlinuz-linux /arch/boot/x86_64/vmlinuz-linux

Boot the resulting archlinux-YYYY.MM.DD-x86_64-Secure_Boot.iso.
2022-08-19 10:22:40 +03:00
nl6720
b13e5e3379
mkarchiso: copy all GRUB files to the ISO
Do not limit file copying to only grub.cfg and instead copy all GRUB configuration files and assets to both the ISO9660 and FAT image.
This will allow for including custom images, fonts, etc.

To easily match all non-configuration files (i.e. files without the .cfg extension), bash's extended glob feature will be enabled.
Actions common to multiple _make_bootmode_uefi-*.grub are split off into dedicated functions:

* _make_common_bootmode_grub_copy_to_efibootimg,
* _make_common_bootmode_grub_copy_to_isofs,
* _make_common_bootmode_grub_cfg.

Use the same du command in all efiboot_imgsize variable assignments.

Fixes #185.
2022-08-17 17:24:01 +03:00
Pellegrino Prevete
211572dda2
Add efibootimg variable in place of full path
Update authors

Update CHANGELOG
2022-07-16 12:02:53 +00:00
nl6720
b7373f5a45
Add changelog for 65 2022-06-30 17:42:45 +03:00
nl6720
b72523e389
configs/baseline/profiledef.sh: add -E ztailpacking to airootfs_image_tool_options for mkfs.erofs
As the man page says, it saves more space, although the feature is experimental.
2022-06-18 08:47:25 +03:00
plainlinen
39fddfa51b Update documentation for uefi x64 grub boot modes 2022-06-10 22:37:32 -07:00
nl6720
de151089ce
mkarchiso: use C.UTF-8
The glibc 2.35-6 package ships with the C.UTF-8 locale included, so mkarchiso does not need to use a non-UTF-8 locale anymore.

Implements #175.
2022-06-09 08:31:41 +03:00
nl6720
ba11c40e49
configs/: use the C.UTF-8 locale
The glibc 2.35-6 package ships with the C.UTF-8 locale included.
This means there is now a UTF-8 locale available by default and en_US.UTF-8, which requires editing /etc/locale.gen and running locale-gen, is not needed anymore.

Implements #175.
2022-06-09 08:27:50 +03:00
nl6720
568ed4b25c
Fix release date for v64 in CHANGELOG.rst 2022-05-30 09:53:13 +03:00
nl6720
fd9becced3
Add changelog for 64 2022-05-28 16:08:18 +03:00
Pellegrino Prevete
09d8885f56
Update CHANGELOG. 2022-05-25 14:55:45 +00:00
nl6720
66d4c7fa67
Add changelog for 63 2022-04-30 13:11:52 +03:00
nl6720
8c837ca23b
configs/*: add VMware and Hyper-V guest packages and enable their services
* open-vm-tools package, vmtoolsd.service and vmware-vmblock-fuse.service for VMware.
* hyperv package, hv_fcopy_daemon.service, hv_kvp_daemon.service and hv_vss_daemon.service for Hyper-V.

Related to #118.
2022-04-30 12:07:36 +03:00
nl6720
dc681dc90f
configs/releng/airootfs/etc/xdg/reflector/reflector.conf: use mirrors that support both IPv4 & IPv6
This ensures that IPv6-only systems get working mirrors.
2022-04-28 17:52:40 +03:00
nl6720
4ef705847d
configs/releng/packages.x86_64: add open-iscsi
It is needed for installing Arch on an iSCSI target.
2022-04-28 13:42:10 +03:00
nl6720
ed24bbaa8e
configs/releng/packages.x86_64: add dmidecode
It is useful for finding information about the system's hardware and firmware.
2022-04-07 18:25:06 +03:00
nl6720
09b0428128
configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount: use ramfs
When using tmpfs, it is possible that parts of it end up getting put in swap space (only if there is one).
This may not be desired, so use ramfs instead.
2022-04-06 18:10:37 +03:00
David Runge
20f588436d
Add changelog for 62.1
CHANGELOG.rst:
Add changelog for 62.1
2022-04-05 17:26:48 +02:00
nl6720
0b64536292
CHANGELOG.rst: version 62 2022-03-31 19:51:31 +03:00
nl6720
e5bdf0c6ab
configs/{baseline,releng}/: disable systemd-gpt-auto-generator
When booting the ISO, you can observe a message that systemd-gpt-auto-generator has failed:

    systemd-gpt-auto-generator[197]: Reading EFI variable /sys/firmware/efi/efivars/LoaderDevicePartUUID-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f.
    systemd-gpt-auto-generator[197]: open("/sys/firmware/efi/efivars/LoaderDevicePartUUID-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f") failed: No such file or directory
    systemd-gpt-auto-generator[197]: EFI loader partition unknown, exiting.
    systemd-gpt-auto-generator[197]: (The boot loader did not set EFI variable LoaderDevicePartUUID.)
    systemd-gpt-auto-generator[197]: Failed to open device: No such device

Seeing as it started to appear relatively recently, it may be a systemd bug.
Since we do not want any GPT partition automounting in the live environment anyway, systemd-gpt-auto-generator can simply be disabled.

Fixes #164.
2022-03-25 17:38:10 +02:00
Eric Toombs
0c6ecb6b89 syslinux PXE: Forced all TFTP paths to be absolute
By default, syslinux interprets TFTP paths as relative to the location of the *.c32 modules, regardless whether a path starts with a slash. Without the `::` that I added to all of these paths, syslinux cannot find these files. It searches for them in /%INSTALL_DIR%/syslinux//%INSTALL_DIR%/boot/x86_64/vmlinuz-linux, etc.
2022-03-25 10:44:45 -04:00
David Runge
a814f1484c
Add changelog for 61
CHANGELOG.rst:
Add changelog entry for 61.
2022-01-31 18:23:46 +01:00
David Runge
5b01770f7b
Add changelog for version 60
CHANGELOG.rst:
Add a changelog entry for version 60.
2021-12-28 10:27:55 +01:00
David Runge
3c0720b72f
Add dummy changelog entry
CHANGELOG.rst:
Add a dummy changelog entry that serves as entry for any unreleased changes.
2021-12-28 10:20:44 +01:00
David Runge
12b31c8778
Add changelog for v59
CHANGELOG.rst:
Add changelog information for v59.
2021-11-30 23:11:42 +01:00
David Runge
fbe48dd7d2
Add changelog for v58
CHANGELOG.rst:
Add changelog entries for v58.
2021-08-25 14:10:06 +02:00
David Runge
12c21b15af
Add changelog for 57
CHANGELOG.rst:
Add an entry for v57.
2021-07-30 17:15:56 +02:00
David Runge
53904baef9
Add changelog for 56.1
CHANGELOG.rst:
Add a changelog entry for 56.1
2021-07-11 21:16:54 +02:00
David Runge
9e6b0d3698
Add changelog for v56
CHANGELOG.rst:
Add a changelog entry for v56.
2021-06-30 18:36:44 +02:00
David Runge
5751de9753
Add changelog for v55
CHANGELOG.rst:
Add changelog entries for v55.
2021-05-30 19:44:55 +02:00
David Runge
28ab118099
Add changelog for v54
CHANGELOG.rst:
Add changelog entry for v54.
2021-05-13 22:18:47 +02:00
David Runge
e2cce07df7
Add changelog for v53
CHANGELOG.rst:
Add changelog for v53
2021-05-01 10:24:54 +02:00
David Runge
495721a79c
Add changelog entry for v52
CHANGELOG.rst:
Add changelog entry for v52
2021-03-30 21:46:07 +02:00
David Runge
f0ef2f3caf
Add changelog file
CHANGELOG.rst:
Add file to track changes (at least for v51).
2021-02-01 09:59:49 +01:00