You are not logged in.
At present, I'm able to arrange partitions to boot on a secure boot computer. I'd like to be able to make the disk boot on either secure or non-secure boot at the same time.
Below is only PART of the code used to make a bootable usb. I've only included the parts that I think might be relevant. I'm thinking 'the more information the better,' but I didn't wanna overwhelm with non-essential stuff.
partition.sh:
#!/bin/bash
disk=/dev/sdb
mnt=/mnt
### Partitioning - make boot partition(s) and a btrfs partition ###
wipefs -a $disk
# Not sure if this is required but can't hurt
dd if=/dev/zero of=$disk bs=1M count=100
parted -s $disk mklabel gpt
parted -s --align=optimal $disk mkpart ESP fat32 1MiB 1Gib
parted -s $disk set 1 esp on
#parted -s $disk set 1 bios_grub on
parted -s --align=optimal $disk mkpart btrfs 1Gib 100%
mkfs.vfat -n EFI $disk'1'
mkfs.btrfs -f -L ROOT $disk'2'
### Mounting ###
mount --mkdir $disk'2' $mnt
cd $mnt
btrfs subvolume create @
cd ..
umount -R $mnt
mount -o compress=zstd,noatime,subvol=@ $disk'2' $mnt
# mount efi partition
mount --mkdir $disk'1' $mnt/boot
# arch-install-scripts package required!!
genfstab -U $mnt > $mnt/etc/fstab
systemctl daemon-reload
pacstrap -K $mnt base linux linux-firmware btrfs-progs vi libarchive
### chroot to install grub ###
arch-chroot $mnt chroot.sh $diskchroot.sh
#!/bin/bash
disk=$1
pacman --needed -Sy grub efibootmgr os-prober
### Install ###
#grub-install --target=i386-pc $disk --recheck
grub-install --target=x86_64-efi --bootloader-id=GRUB --efi-directory=/boot/ --removable
grub-mkconfig -o /boot/grub/grub.cfgThe setup above (keep in mind that not all the steps are there!) creates a booting disk and gives no errors but only works for uefi (secure boot) systems. I'm using parted as I find it works nicely with scripts. How can I make my setup boot also on non-secure boot machines at the same time?
Last edited by bedtime (2023-10-03 00:54:52)
Offline
i think your confusing secure-boot and uefi, they are not the same thing, i think what you mean is uefi and bios/legacy boot.
refer to this part of the grub wiki page: https://wiki.archlinux.org/title/GRUB#G … structions you want to follow 2.1 and 2.3
here is what it looks like on a disk, this is a usb stick i have with arch on it for booting on all machines:
Disk /dev/sdb: 14.94 GiB, 16039018496 bytes, 31326208 sectors
Disk model: USB DISK 2.0
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: *************************************
Device Start End Sectors Size Type
/dev/sdb1 2048 1046527 1044480 510M EFI System
/dev/sdb2 1046528 1050623 4096 2M BIOS boot
/dev/sdb3 1050624 31326174 30275551 14.4G Linux filesystemas you can see its a gpt partition scheme with both an efi partition and a bios boot partition.
Offline
i think your confusing secure-boot and uefi, they are not the same thing, i think what you mean is uefi and bios/legacy boot.
refer to this part of the grub wiki page: https://wiki.archlinux.org/title/GRUB#G … structions you want to follow 2.1 and 2.3
Thanks. I was confusing them.
here is what it looks like on a disk, this is a usb stick i have with arch on it for booting on all machines:
Disk /dev/sdb: 14.94 GiB, 16039018496 bytes, 31326208 sectors Disk model: USB DISK 2.0 Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: ************************************* Device Start End Sectors Size Type /dev/sdb1 2048 1046527 1044480 510M EFI System /dev/sdb2 1046528 1050623 4096 2M BIOS boot /dev/sdb3 1050624 31326174 30275551 14.4G Linux filesystemas you can see its a gpt partition scheme with both an efi partition and a bios boot partition.
Thanks for posting that. Mine looks pretty much the same now:
# fdisk /dev/sdb
Disk /dev/sdb: 14.65 GiB, 15728640000 bytes, 30720000 sectors
Disk model:
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: F9FA5066-92D7-4B14-9438-88FFEF97AF77
Device Start End Sectors Size Type
/dev/sdb1 2048 1046527 1044480 510M EFI System
/dev/sdb2 1048576 1052671 4096 2M BIOS boot
/dev/sdb3 2097152 30717951 28620800 13.6G Linux filesystemThese commands were used:
disk=/dev/sdb
mnt=/mnt
wipefs -a $disk
parted -s $disk mklabel gpt
parted -s --align=optimal $disk mkpart ESP fat32 1MiB 511Mib
parted -s $disk set 1 esp on
parted -s --align=optimal $disk mkpart BOOT fat32 512MiB 514Mib
parted -s $disk set 2 bios_grub on
parted -s --align=optimal $disk mkpart btrfs 1Gib 100%
parted -s $disk print
mkfs.fat -F 32 -n EFI $disk'1'
mkfs.vfat -F 32 -n BIOS $disk'2'
mkfs.btrfs -f -L ROOT $disk'3'
parted -s $disk printWhen running mkfs.vfat... I get a message about clusters possibly being to small. Not sure if that matters.
The problem comes with mounting now. I'm not sure where to mount the bois partition:
So far I have (but it's not proper):
mount --mkdir $disk'3' $mnt
cd $mnt
btrfs subvolume create @
cd ..
umount -R /mnt
mount -o compress=zstd,noatime,subvol=@ $disk'3' $mnt
# mount efi partition
mount --mkdir $disk'1' $mnt/efi
# mount bois partition
mount --mkdir $disk'2' $mnt/bootSo, when I run pacstrap... I get the error:
install: error writing '/boot/vmlinuz-linux': No space left on deviceObviously it's because boot is too small (2mb), but I'm not sure where to mount the 2nd (bios) partition.
Then, I gather, with that cleared up, I could run this in chroot:
grub-install --target=i386-pc $disk --recheckand
grub-install --target=x86_64-efi --bootloader-id=GRUB --efi-directory=/efi/ --removableWhere would I mount the bios partition?
*edit*
Nevermind. Found out you don't mount the bois partition.
Last edited by bedtime (2023-10-02 17:41:17)
Offline
This stuff is so damned confusing. Anyways, I'm able to boot with my computer in legacy mode but not secure boot mode.
I should also note that both commands installed without error:
grub-install --target=i386-pc $disk --recheck
grub-install --target=x86_64-efi --bootloader-id=GRUB --efi-directory=/efi/ --removableSo, I guess my setup was only for booting in legacy mode? Or have I done something wrong?
### edit ###
Okay, followed this guide and got it working on secure boot as well:
https://www.reddit.com/r/archlinux/comm … ux_simple/
What sucks is that it seems to only work on the computer you configured it with. Oh, well. At least I know it works.
Last edited by bedtime (2023-10-02 20:41:16)
Offline
its actually very simple when you get your head around it, you dont need to format or mount the bios partition, also you changed the location of your efi partition from /boot to /efi so unless you started clean you might still have old efi/grub/initramfs on the efi partition causing issues.
Last edited by jonno2002 (2023-10-02 21:43:48)
Offline
its actually very simple when you get your head around it, you dont need to format or mount the bios partition, also you changed the location of your efi partition from /boot to /efi so unless you started clean you might still have old efi/grub/initramfs on the efi partition causing issues.
Yeah, I started it anew to make sure the script worked. Seems fine so far.
Marking as solved. Thanks again!
Offline