You are not logged in.
- Topics: Active | Unanswered
#1 2024-03-08 13:33:06
- solstice
- Member
- Registered: 2006-10-27
- Posts: 235
- Website
[SOLVED] Fail to boot own built kernel package with Secure Boot ...
I have already setup Secure Boot booting with linux-zen official kernel package.
I use shim with my own keys and systemd-boot
and this boots a UKI (unified kernel image .efi) made with a mkinitcpio hook (found on the wiki)
I also have setup mkinitcpio hook to automatically sign a new kernel when the package is upgraded.
Worked fine for month.
It's been the second time that I built the official linux-zen package myself with a patch. and it failed to boot.
Everything is in place so that it is installed and signed like the official package/kernel so that should make any difference.
But it fails to boot with "Error starting kernel image: Load error". It flashes fast before goind to a shim screen that reads:
ERROR "Could not install security protocol: (0x2) Invalid Parameter"
I am quite lost and don't know where to look as this should just be working fine...
I can check that the UKI is properly sign with sbverify. so that's not the problem ...
Last edited by solstice (2024-03-19 13:37:21)
Offline
#2 2024-03-15 17:48:50
- solstice
- Member
- Registered: 2006-10-27
- Posts: 235
- Website
Re: [SOLVED] Fail to boot own built kernel package with Secure Boot ...
So I have replicated the issue in a VM (libvirt/qemu/kvm) with Secure Boot but with sbctl and no shim. So it's not related to shim at all.
I tried by disabling Secure Boot in the VM, and only my own kernel is failing to boot wiht the same error...
Then, I tested the kernel package in a VM with BIOS only. No UKI here but grub and kernel+initrd, and the VM never booted but seems to hang indefenitely at "Loading initramfs" something like that.
So it's the initramfs??? That weird, because it is the same thing that generates the initramfs for the offical linux or linux-zen package .... So?
Offline
#3 2024-03-15 20:35:05
- solstice
- Member
- Registered: 2006-10-27
- Posts: 235
- Website
Re: [SOLVED] Fail to boot own built kernel package with Secure Boot ...
Booting with limine in BIOS VM gives the error:
ZSTD-compressed data is corrupt
That error message is from the kernel; I found that very string in ./lib/decompress_unzstd.c. So what went wrong?
I have disabled initramfs compression and used uncompressed module in initramfs; so this leaves only the kernel?
I have recompiled the kernel/package inside the VM to rule out problem on my host machine, and the kernel still does not boot;
Last edited by solstice (2024-03-16 15:18:35)
Offline
#4 2024-03-19 13:36:45
- solstice
- Member
- Registered: 2006-10-27
- Posts: 235
- Website
Re: [SOLVED] Fail to boot own built kernel package with Secure Boot ...
I got it to work, finally, by building the package in a clean chroot, thanks to ralf, for the hint on arch-general ML.
Offline