You are not logged in.

#1 2013-11-28 10:19:12

mcloaked
Member
From: Yorkshire, UK
Registered: 2012-02-02
Posts: 1,217

Method of preparing archiso for UEFI boot?

I last did a uefi install of arch in January, and at that time it was necessary to prepare a usbkey with the install media in a special way in order to boot in uefi mode. The arch wiki has since been modified somewhat regarding preparation of uefi install media using the archiso files.  However it is not clear whether the dd method of putting the install iso onto a usbkey will now give install media that can be booted with both uefi and legacy bios?  It would be great if that was the case and I wonder if anyone who has recent experience with uefi installs might answer this question?

My uefi systems have been running flawlessly (including updates) for 10 months now, and the reason for this post is because I may be doing a new install with a uefi system in the near future and am doing the necessary preparation to make the install as smooth as possible.

Thanks for any answer to this question.


Mike C

Offline

#2 2013-11-28 10:50:17

brain0
Developer
From: Aachen - Germany
Registered: 2005-01-03
Posts: 1,382

Re: Method of preparing archiso for UEFI boot?

Using dd now works with UEFI too.

Offline

#3 2013-11-28 14:04:03

mcloaked
Member
From: Yorkshire, UK
Registered: 2012-02-02
Posts: 1,217

Re: Method of preparing archiso for UEFI boot?

brain0 wrote:

Using dd now works with UEFI too.

Thank you, that helps enormously.  It will yet be a few weeks before I do a new install but it would be helpful having that in the wiki.  If the wiki doesn't reflect that when I have done an install I am happy to edit it to reflect that change.


Mike C

Offline

#4 2013-11-28 14:09:54

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,592
Website

Re: Method of preparing archiso for UEFI boot?

@brain0 - I too noticed this... we should update the wiki.

Edit: done.

Last edited by graysky (2013-11-28 14:17:41)


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#5 2013-11-28 14:13:22

djgera
Developer
From: Buenos Aires - Argentina
Registered: 2008-12-24
Posts: 723
Website

Re: Method of preparing archiso for UEFI boot?

Exactly, since 5 months ago, this was implemented  [#1] and documented [#2] wink

[#1] https://projects.archlinux.org/archiso. … f92a753afe
[#2] https://projects.archlinux.org/archiso. … 7ccd33ad11

Offline

#6 2013-11-28 21:20:52

teateawhy
Member
From: GER
Registered: 2012-03-05
Posts: 1,138
Website

Re: Method of preparing archiso for UEFI boot?

@graysky
The instructions in docs/README.transfer indicate that the method with dd is not always reliable.

Note: This method is the most easily, quick and dirty, but is the most limited [...]
      If using this does not work, use PC-EFI (GPT) method instead.

I suggest to add back the instructions about the PC-EFI (GPT) method, that you have deleted from the wiki. A notice could be added, that one should always try the dd method first.

Sorry to OP for using this thread to discuss about the wiki.

Offline

#7 2013-11-28 21:45:39

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,592
Website

Re: Method of preparing archiso for UEFI boot?

@tea -  No offense to the author of that section but I found it too vague.  My vote is to leave it out.


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#8 2013-11-29 08:22:25

the.ridikulus.rat
Member
From: Indiana, USA
Registered: 2011-10-04
Posts: 765

Re: Method of preparing archiso for UEFI boot?

graysky wrote:

@tea -  No offense to the author of that section but I found it too vague.  My vote is to leave it out.

I am the author of that section, and I would say you should have discussed this at https://wiki.archlinux.org/index.php/Ta … tion_Media before removing the entire "properly" working section with a one line solution (dd) that does not always work. Specifically in Windows where dd is not standard part of the OS, and it is highly unreliable.

I don't understand what you mean by the instructions being vague. For UEFI boot, you just need to create a FAT32 partition, extract the ISO and set the FSLABEL (or Volume Label in Windows) to the one mentioned in archiso config (this step is not required for Archboot iso). For BIOS boot, additionally, it involves installing Syslinux BIOS to <USB>/arch/boot/syslinux and installing syslinux MBR boot code to the USB's MBR. In Windows, syslinux installer takes care of installing the MBR code to the USB's MBR. In Linux we use dd for that.

Isohybrid is a hack and it sometimes it does not work even for BIOS boot. In case of UEFI boot, each firmware behaves in its own way and simply extracting the iso contents to a FAT32 formatted USB flash drive (which already includes <USB>/EFI/boot/bootx64.efi, case-insensitive) always works because that is guaranteed by the UEFI Specification.

It took me some time to read through the syslinux docs and other blog to understand the syslinux installation process under Windows, and I don't appreciate you simply removing the entire part (that I thought and typed out, investing my time) without discussing about it first (at the talk page).

EDIT: For now I am restoring back my section, and I will include the dd'ing stuff as a separate section. But any further discussion should happen at https://wiki.archlinux.org/index.php/Ta … tion_Media .

Last edited by the.ridikulus.rat (2013-11-30 18:40:36)

Offline

#9 2013-11-29 10:30:26

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,592
Website

Re: Method of preparing archiso for UEFI boot?

@rr - done on the discussion page


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#10 2014-03-22 20:30:47

Xtof
Member
From: Toulouse - France
Registered: 2014-03-22
Posts: 10

Re: Method of preparing archiso for UEFI boot?

Hi,
I'm new here. I'm trying to install Archlinux on a small computer based on an MSI miniITX AMD Fusion E350 mainboard (E350IA-E45). The UEFI implementation in this system appears to be very precarious and the official Archlinux ISO placed in an USB key using the dd command don't boot (with an error message like "failed to install override security policy"). I spent 2 days on it and still not solved this issue yet.

My personnal situation is not really of importance in this topic. The only think I wanted to highlight is that alternate installation procedures may appear very usefull to users in tricky situations like me, and I think it might be a good idea to keep it alive.

Last edited by Xtof (2014-03-22 20:31:18)

Offline

#11 2014-03-22 21:10:08

mcloaked
Member
From: Yorkshire, UK
Registered: 2012-02-02
Posts: 1,217

Re: Method of preparing archiso for UEFI boot?

Xtof wrote:

Hi,
I'm new here. I'm trying to install Archlinux on a small computer based on an MSI miniITX AMD Fusion E350 mainboard (E350IA-E45). The UEFI implementation in this system appears to be very precarious and the official Archlinux ISO placed in an USB key using the dd command don't boot (with an error message like "failed to install override security policy"). I spent 2 days on it and still not solved this issue yet.

My personnal situation is not really of importance in this topic. The only think I wanted to highlight is that alternate installation procedures may appear very usefull to users in tricky situations like me, and I think it might be a good idea to keep it alive.

Welcome to Arch Linux. Is the machine you are trying to install on a Windows machine?  If it has Secure Boot enabled then you will need to turn off Secure Boot in the BIOS before the arch install key will boot under UEFI.  When posting try to provide as much information as possible about what you are trying to solve, so that people reading the question have a reasonable amount of data to go on so maximise the chance that you will get a reply that will help.

Also if you are trying to set up a dual boot machine then you will also need to turn off Fastboot from within Windows 8 or 8.1.

Try also to google for your particular error message - doing so yields https://bbs.archlinux.org/viewtopic.php?id=169354 for example.

Which version of the install iso did you put on your usbkey - i.e. was it from March 2014 or an earlier iso?

Last edited by mcloaked (2014-03-22 21:21:07)


Mike C

Offline

#12 2014-03-22 21:46:15

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: Method of preparing archiso for UEFI boot?

Sometimes the old method of creating a UEFI archiso live media can be more reliable (or so I have heard).  Just make a partition on the USB large enough to hold the contents of the archiso and format it to vfat.  Then mount both the iso and this newly created partition.  Copy all the contents of the iso to the USB and like magic, you hvae a UEFI live media.

Offline

#13 2014-03-23 00:41:42

srs5694
Member
From: Woonsocket, RI
Registered: 2012-11-06
Posts: 719
Website

Re: Method of preparing archiso for UEFI boot?

Xtof wrote:

I'm new here. I'm trying to install Archlinux on a small computer based on an MSI miniITX AMD Fusion E350 mainboard (E350IA-E45). The UEFI implementation in this system appears to be very precarious and the official Archlinux ISO placed in an USB key using the dd command don't boot (with an error message like "failed to install override security policy"). I spent 2 days on it and still not solved this issue yet.

The "failed to install override security policy" message is generated by the PreLoader boot loader, which manages Secure Boot on the Arch boot medium. In theory, that message should be harmless if Secure Boot is disabled in the firmware. If Secure Boot is enabled, you may need to disable it.

If you've already disabled Secure Boot, you can bypass PreLoader. It's actually installed as EFI/BOOT/bootx64.efi, and it launches another program in the same directory called loader.efi. Thus, moving or deleting bootx64.efi and renaming loader.efi to bootx64.efi should get you past the PreLoader program. Note, though, that this assumes that Secure Boot is disabled and that the crash was caused by PreLoader. It's entirely possible that the crash was caused by something else, such as gummiboot (loader.efi) or the Linux kernel itself.

Offline

#14 2014-03-23 15:26:14

Xtof
Member
From: Toulouse - France
Registered: 2014-03-22
Posts: 10

Re: Method of preparing archiso for UEFI boot?

Thanks all for your answears. The BIOS of my mainboard has a very basic UEFI implementation (it is a mini-ITX mainboard from 2011 built by MSI : E350IA-E45). I think the default Archiso don't work because secure boot is not implemented in this mainboard. I found the solution by modifying the ArchISO as explained here.

An interresting point is that the 64-bit 13.04 ubuntu iso was able to boot without any issue in UEFI mode, but it seems to use a bootloader different than Archlinux (grub-efi or something like that).

Last edited by Xtof (2014-03-23 15:26:59)

Offline

#15 2014-03-23 17:41:33

srs5694
Member
From: Woonsocket, RI
Registered: 2012-11-06
Posts: 719
Website

Re: Method of preparing archiso for UEFI boot?

Ubuntu (and Fedora and OpenSUSE and probably several others) use the Shim program to manage Secure Boot. Arch (and some others, particularly volunteer-only distributions with non-existent budgets) often use PreLoader to manage Secure Boot. The last I checked, PreLoader tied itself into the firmware's boot sequence in a way that enables gummiboot (or any other follow-on program) to work with Secure Boot when booting a Linux kernel using its EFI stub loader, whereas Shim requires explicit support from follow-on programs to launch other EFI programs. AFAIK, only GRUB 2 and rEFInd provide that support, and the GRUB 2 support varies from one version to another. (The last I heard, it wasn't in the main GRUB branch, but did exist in numerous patched versions. I'm sure patches have been submitted to the GRUB maintainers.)

Ultimately, all this plays out as follows:

  • You can use either Shim or PreLoader with follow-on boot loaders that load the kernel without using the EFI stub loader or referencing Secure Boot. This includes GRUB 2 without Shim support, ELILO, and SYSLINUX. These tools will not pass Secure Boot benefits up the chain, though; once the kernel is booted, it will be much as if Secure Boot was not enabled.

  • You can use Shim with rEFInd or with patched versions of GRUB, and they will limit launching kernels to those kernels that have been signed. Secure Boot benefits will be passed on up the chain, provided the kernel and OS tools includes such support. (Not all kernels do. AFAIK, Fedora is the distribution that goes furthest along these lines.)

  • You can use PreLoader with follow-on boot managers, such as rEFInd or gummiboot, and the kernel should provide Secure Boot benefits up the line (although I'm not 100% positive of that). The same should be true if you use GRUB and launch the kernel via the EFI stub rather than directly. This works because PreLoader patches itself into the EFI Secure Boot subsystem, extending the range of keys that Secure Boot recognizes as valid.

  • Shim won't work with gummiboot; if you try, gummiboot will be unable to launch Linux kernels because gummiboot can't talk to Shim and the kernel isn't signed with a key in the firmware. This is fundamentally because gummiboot is a boot manager, not a boot loader, so gummiboot relies on EFI calls to load the kernel, and those EFI calls will see a kernel that's not been signed by a key it recognizes and halt the process.

  • I'm not sure what happens if you use PreLoader with a version of GRUB that's been patched to support Shim and launch kernels without using the EFI stub loader. My guess is that it would fail, but I'm far from positive of that.

As you can see, there's a lot of subtlety going on here. Distribution vendors try to make things "just work," but some are more successful than others, and it inevitably gets complicated when users start swapping boot loaders around or when firmware bugs rear their ugly insectoid heads.

Offline

Board footer

Powered by FluxBB