Arch Linux

KairiTech

Member

From: Toronto, Canada

Registered: 2011-06-04

Posts: 275

[SOLVED] Booting Arch ISO without Secure Boot support

Synopsis: Reverted to the 03.01 Arch ISO image.  Will Wait for the 05.01 image or rebuild the ISO with the next release of systemd whichever comes first.

Prior to the April Arch ISO I was able to boot on a PC that does not support Secure Boot after copying it to a USB stick and making the modifications as shown below:

mkfs.vfat -F32 /dev/sdf2 -n "ARCH_202004"

mount -o rw,users -t vfat /dev/sdf2 /mnt/

cd /mnt/
bsdtar xf archlinux-2020.04.01-x86_64.iso

sed -i 's/archisolabel=/efi_no_storage_paranoia archisolabel=/' loader/entries/archiso-x86_64.conf

cp EFI/boot/loader.efi  EFI/boot/bootx64.efi

cd ~
sync

This no longer seems to work.  All I get is a prompt and a black screen.  Is booting the ISO on PCs without Secure Boot support no longer an option or do I need to do something different going forward?

Last edited by KairiTech (2020-04-27 23:24:21)

headkase

Member

Registered: 2011-12-06

Posts: 1,976

Re: [SOLVED] Booting Arch ISO without Secure Boot support

Arch does not require Secure Boot.  I am booting right now on a system with EFI and Secure Boot disabled.  Is it rather a case where your mainboard manufacturer only allows Microsoft keys and no option to disable that?  Some crappy OEM's do that.  If that is the case then there are shims that will let Linux load even when Secure Boot is enabled.

V1del

Forum Moderator

Registered: 2012-10-16

Posts: 21,657

Re: [SOLVED] Booting Arch ISO without Secure Boot support

I'm unsure as to what you are asking. The ISO has to my knowledge never supported Secure Boot and even if, it would still be optional so I doubt much has changed in that aspect. You might just run into a kernel issue, try booting with nomodeset and/or loglevel=7 on the params

KairiTech

Member

From: Toronto, Canada

Registered: 2011-06-04

Posts: 275

Re: [SOLVED] Booting Arch ISO without Secure Boot support

Arch does not require Secure Boot.  I am booting right now on a system with EFI and Secure Boot disabled.  Is it rather a case where your mainboard manufacturer only allows Microsoft keys and no option to disable that?  Some crappy OEM's do that.  If that is the case then there are shims that will let Linux load even when Secure Boot is enabled.

You misinterpreted my situation.

My PC does NOT have any Secure Boot support whatsoever.  There is nothing to turn off.

Last edited by KairiTech (2020-04-17 23:27:26)

Trilby

Inspector Parrot

Registered: 2011-11-29

Posts: 29,523

Website

Re: [SOLVED] Booting Arch ISO without Secure Boot support

Why are you making those modifications at all?  Does dd'ing the iso to the device resulting a bootable device?

---

"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

KairiTech

Member

From: Toronto, Canada

Registered: 2011-06-04

Posts: 275

Re: [SOLVED] Booting Arch ISO without Secure Boot support

Why are you making those modifications at all?  Does dd'ing the iso to the device resulting a bootable device?

No it doesn't.  What I get is the message 'Not a Secure Boot Platform 14' and the PC hangs.

I have been making those modifications for as long as I can remember.  The 04 ISO is the first ones that doesn't boot after I make them.

loqs

Member

Registered: 2014-03-06

Posts: 17,321

Re: [SOLVED] Booting Arch ISO without Secure Boot support

If the system does not support secure boot then it could not be rejecting the binary because secure boot required it to be signed.
Does the system currently have arch linux installed on it?  If so in EFI or BIOS mode?

KairiTech

Member

From: Toronto, Canada

Registered: 2011-06-04

Posts: 275

Re: [SOLVED] Booting Arch ISO without Secure Boot support

If the system does not support secure boot then it could not be rejecting the binary because secure boot required it to be signed.
Does the system currently have arch linux installed on it?  If so in EFI or BIOS mode?

As recently as last month's ISO (03) I have been able to transfer the install ISO image to a USB device, make the modification mentioned and boot successfully. I then was able to install Arch using either syslinux or UEFI as the boot method.

The PC is the same.  So is the USB device and I haven't changed the modifications.  The only thing that is different is the ISO image.

Something must have changed sufficiently between the 03 and 04 ISOs to make my modifications no long work to boot the install image.

loqs

Member

Registered: 2014-03-06

Posts: 17,321

Re: [SOLVED] Booting Arch ISO without Secure Boot support

Package changes between 03 and 04

amd-ucode 20200204.b791e15-1       amd-ucode 20200224.efcfa03-1
bind-tools 9.16.0-1                bind-tools 9.16.1-1
broadcom-wl 6.30.223.271-174       broadcom-wl 6.30.223.271-183
ca-certificates-mozilla 3.50-1     ca-certificates-mozilla 3.51-1
cryptsetup 2.3.0-1                 cryptsetup 2.3.1-1
curl 7.68.0-1                      curl 7.69.1-1
ddrescue 1.24-2                    ddrescue 1.25-1
device-mapper 2.02.186-5           device-mapper 2.02.187-1
dialog 1:1.3_20191210-1            dialog 1:1.3_20200228-1
e2fsprogs 1.45.5-1                 e2fsprogs 1.45.6-1
fuse-common 3.9.0-1                fuse-common 3.9.1-1
fuse3 3.9.0-1                      fuse3 3.9.1-1
gcc-libs 9.2.1+20200130-2          gcc-libs 9.3.0-1
glib2 2.62.5-1                     glib2 2.64.1-1
glibc 2.31-1                       glibc 2.31-2
gnupg 2.2.19-1                     gnupg 2.2.20-1
hwids 20200204-1                   hwids 20200306-1
iana-etc 20200224-1                iana-etc 20200327-1
iwd 1.5-1                          iwd 1.6-1
kmod 26-3                          kmod 27-1
krb5 1.17.1-1                      krb5 1.18-1
libcap 2.32-1                      libcap 2.33-1
libelf 0.177-2                     libelf 0.178-2
libnghttp2 1.39.2-2                libnghttp2 1.40.0-1
                                   libp11-kit 0.23.20-3
libproxy 0.4.15-13                 libproxy 0.4.15+33+g454a499-1
libsecret 0.20.1-1                 libsecret 0.20.2-1
libuv 1.34.2-1                     libuv 1.35.0-1
linux 5.5.6.arch1-1                linux 5.5.13.arch2-1
linux-firmware 20200204.b791e15-1  linux-firmware 20200224.efcfa03-1
lsscsi 0.30-1                      lsscsi 0.31-1
lvm2 2.02.186-5                    lvm2 2.02.187-1
man-pages 5.05-1                   man-pages 5.05-2
mc 4.8.24-1                        mc 4.8.24-2
mkinitcpio 27-2                    mkinitcpio 27-3
mtools 4.0.23-1                    mtools 4.0.24-1
nano 4.8-1                         nano 4.9-1
nbd 3.20-1                         nbd 3.20-2
nmap 7.80-1                        nmap 7.80-2
nss 3.50-1                         nss 3.51-1
ntp 4.2.8.p13-3                    ntp 4.2.8.p14-1
openssl 1.1.1.d-2                  openssl 1.1.1.e-1
p11-kit 0.23.20-2                  p11-kit 0.23.20-3
pcre 8.43-2                        pcre 8.44-1
perl 5.30.1-1                      perl 5.30.2-1
ppp 2.4.7-6                        ppp 2.4.7-7
procps-ng 3.3.15-2                 procps-ng 3.3.16-1
python 3.8.1-4                     python 3.8.2-1
sdparm 1.10-3                      sdparm 1.11-1
sg3_utils 1.44-1                   sg3_utils 1.45-1
sudo 1.8.31-1                      sudo 1.8.31.p1-1
systemd 244.3-1                    systemd 245.3-2
systemd-libs 244.3-1               systemd-libs 245.3-2
systemd-sysvcompat 244.3-1         systemd-sysvcompat 245.3-2
usb_modeswitch 2.6.0-1             usb_modeswitch 2.6.0-2
vim 8.2.0148-1                     vim 8.2.0343-1
vim-runtime 8.2.0148-1             vim-runtime 8.2.0343-1
xfsprogs 5.4.0-1                   xfsprogs 5.5.0-1
xz 5.2.4-2                         xz 5.2.5-1

KairiTech

Member

From: Toronto, Canada

Registered: 2011-06-04

Posts: 275

Re: [SOLVED] Booting Arch ISO without Secure Boot support

Why are you making those modifications at all?  Does dd'ing the iso to the device resulting a bootable device?

You are correct.  A straightforward dd of the 03 ISO does boot about 10 seconds after the 'Not a Secure Boot Platform 14' message. So my modifications are not necessary.

However, the dd of the 04 ISO hangs at the 'Not a Secure Boot Platform 14' message.

loqs

Member

Registered: 2014-03-06

Posts: 17,321

Re: [SOLVED] Booting Arch ISO without Secure Boot support

Which bootloader does the 03 ISO load after the 'Not a Secure Boot Platform 14' message?

KairiTech

Member

From: Toronto, Canada

Registered: 2011-06-04

Posts: 275

Re: [SOLVED] Booting Arch ISO without Secure Boot support

Which bootloader does the 03 ISO load after the 'Not a Secure Boot Platform 14' message?

I store the ISO image on the second USB partition and select the UEFI entry for it from the PC's firmware boot menu.

The first USB partition is what I use to boot my Arch install.

loqs

Member

Registered: 2014-03-06

Posts: 17,321

Re: [SOLVED] Booting Arch ISO without Secure Boot support

If you build archiso for 03/09 does that work and does the next day 03/10 have the issue?  The 10th is the date systemd 245 moved to stable.

KairiTech

Member

From: Toronto, Canada

Registered: 2011-06-04

Posts: 275

Re: [SOLVED] Booting Arch ISO without Secure Boot support

If you build archiso for 03/09 does that work and does the next day 03/10 have the issue?  The 10th is the date systemd 245 moved to stable.

As you suspected 03.09 boots but 03.10 hangs.

loqs

Member

Registered: 2014-03-06

Posts: 17,321

Re: [SOLVED] Booting Arch ISO without Secure Boot support

Wondering if there is a simpler way to create an ISO with just the systemd 245 packages downgraded than using a Custom_local_repository with those packages and listing that repository first but I can not think of one.
Edit:
Try with the 03.09 adding the systemd 245 packages

mkdir repo
cd repo
curl -O https://archive.archlinux.org/repos/2020/03/10/core/os/x86_64/systemd-245-1-x86_64.pkg.tar.zst
curl -O https://archive.archlinux.org/repos/2020/03/10/core/os/x86_64/systemd-245-1-x86_64.pkg.tar.zst.sig
curl -O https://archive.archlinux.org/repos/2020/03/10/core/os/x86_64/systemd-libs-245-1-x86_64.pkg.tar.zst
curl -O https://archive.archlinux.org/repos/2020/03/10/core/os/x86_64/systemd-libs-245-1-x86_64.pkg.tar.zst.sig
curl -O https://archive.archlinux.org/repos/2020/03/10/core/os/x86_64/systemd-resolvconf-245-1-x86_64.pkg.tar.zst
curl -O https://archive.archlinux.org/repos/2020/03/10/core/os/x86_64/systemd-resolvconf-245-1-x86_64.pkg.tar.zst.sig
curl -O https://archive.archlinux.org/repos/2020/03/10/core/os/x86_64/systemd-sysvcompat-245-1-x86_64.pkg.tar.zst
curl -O https://archive.archlinux.org/repos/2020/03/10/core/os/x86_64/systemd-sysvcompat-245-1-x86_64.pkg.tar.zst.sig
repo-add ./repo.db.tar.gz ./*pkg.tar.zst

Add the repo to pacman.conf above core

[repo]
Server = file:///path/to/repo

Or try with the 03.10 adding the systemd 244 packages

mkdir repo2
cd repo2
curl -O https://archive.archlinux.org/repos/2020/03/09/core/os/x86_64/systemd-244.3-1-x86_64.pkg.tar.zst
curl -O https://archive.archlinux.org/repos/2020/03/09/core/os/x86_64/systemd-244.3-1-x86_64.pkg.tar.zst.sig
curl -O https://archive.archlinux.org/repos/2020/03/09/core/os/x86_64/systemd-libs-244.3-1-x86_64.pkg.tar.zst
curl -O https://archive.archlinux.org/repos/2020/03/09/core/os/x86_64/systemd-libs-244.3-1-x86_64.pkg.tar.zst.sig
curl -O https://archive.archlinux.org/repos/2020/03/09/core/os/x86_64/systemd-resolvconf-244.3-1-x86_64.pkg.tar.zst
curl -O https://archive.archlinux.org/repos/2020/03/09/core/os/x86_64/systemd-resolvconf-244.3-1-x86_64.pkg.tar.zst.sig
curl -O https://archive.archlinux.org/repos/2020/03/09/core/os/x86_64/systemd-sysvcompat-244.3-1-x86_64.pkg.tar.zst
curl -O https://archive.archlinux.org/repos/2020/03/09/core/os/x86_64/systemd-sysvcompat-244.3-1-x86_64.pkg.tar.zst.sig
repo-add ./repo2.db.tar.gz ./*pkg.tar.zst

Add the repo to pacman.conf above core

[repo2]
Server = file:///path/to/repo2

Edit2:
https://bugs.archlinux.org/task/66535

Last edited by loqs (2020-05-10 10:57:35)