Linux und UEFI Bootprozedur
Aus Port23Wiki
Links
- UEFI Grundlagen http://www.rodsbooks.com/efi-bootloaders/
- Secure Boot im Setup abschalten https://docs.fedoraproject.org/en-US/Fedora/18/html/UEFI_Secure_Boot_Guide/ch02s02.html
- Secure Boot im Setup abschalten http://www.tweakpc.de/hardware/infos/pc/secure_boot_das_uefi_feature_erklaert/s02.php
- http://www.heise.de/ct/ausgabe/2013-15-Loesungen-fuer-haeufige-UEFI-Pannen-2319431.html
- https://wiki.ubuntuusers.de/EFI_Grundlagen/
- https://wiki.ubuntuusers.de/EFI_Problembehebung/
- https://wiki.ubuntuusers.de/EFI_Bootmanagement/
- https://help.ubuntu.com/community/UEFI
- https://wiki.ubuntuusers.de/efibootmgr/
- http://www.uefi.org/learning_center/papers
efibootmgr
efibootmgr --help efibootmgr version 0.12 usage: efibootmgr [options] -a | --active sets bootnum active -A | --inactive sets bootnum inactive -b | --bootnum XXXX modify BootXXXX (hex) -B | --delete-bootnum delete bootnum (hex) -c | --create create new variable bootnum and add to bootorder -C | --create-only create new variable bootnum and do not add to bootorder -D | --remove-dups remove duplicate values from BootOrder -d | --disk disk (defaults to /dev/sda) containing loader -e | --edd [1|3|-1] force EDD 1.0 or 3.0 creation variables, or guess -E | --device num EDD 1.0 device number (defaults to 0x80) -g | --gpt force disk with invalid PMBR to be treated as GPT -i | --iface name create a netboot entry for the named interface -l | --loader name (defaults to \EFI\redhat\grub.efi) -L | --label label Boot manager display label (defaults to "Linux") -n | --bootnext XXXX set BootNext to XXXX (hex) -N | --delete-bootnext delete BootNext -o | --bootorder XXXX,YYYY,ZZZZ,... explicitly set BootOrder (hex) -O | --delete-bootorder delete BootOrder -p | --part part (defaults to 1) containing loader -q | --quiet be quiet -t | --timeout seconds set boot manager timeout waiting for user input. -T | --delete-timeout delete Timeout. -u | --unicode | --UCS-2 pass extra args as UCS-2 (default is ASCII) -v | --verbose print additional information -V | --version return version and exit -w | --write-signature write unique sig to MBR if needed -@ | --append-binary-args file append extra args from file (use "-" for stdin) -h | --help show help/usage
Anzeigen der vorhandenen Booteinträge:
efibootmgr -v BootCurrent: 0000 Timeout: 3 seconds BootOrder: 0000 Boot0000* Fedora HD(1,GPT,07cc856e-867f-4f16-986d-92de81fa9c75,0x800,0xf4240)/File(\EFI\fedora\shim.efi)
Hinzufügen eines neuen Booteintrages:
efibootmgr -c -b 0001 -d /dev/sdc -p 1 -L "Fedora-grubx64" -l "\EFI\fedora\grubx64.efi"
efibootmgr nimmt die Einstellungen im NVRAM des Mainboards vor. Die Einträge sind im Setup der EFI-Firmware vorhanden.
efibootmgr -v BootCurrent: 0000 Timeout: 3 seconds BootOrder: 0001,0000 Boot0000* Fedora HD(1,GPT,07cc856e-867f-4f16-986d-92de81fa9c75,0x800,0xf4240)/File(\EFI\fedora\shim.efi) Boot0001* Fedora-grubx64 HD(1,GPT,490d3bfd-690a-4bed-9ac5-028bac4d6719,0x800,0x800)/File(\EFI\fedora\grubx64.efi)/dev/sdc
efibootmgr -v BootCurrent: 0001 Timeout: 3 seconds BootOrder: 0001,0002 Boot0001* Fedora-grubx64-2 HD(1,GPT,07cc856e-867f-4f16-986d-92de81fa9c75,0x800,0xf4240)/File(\EFI\fedora\grubx64.efi) Boot0002* UEFI OS HD(1,GPT,07cc856e-867f-4f16-986d-92de81fa9c75,0x800,0xf4240)/File(\EFI\BOOT\BOOTX64.EFI)
Erzeugen eines bootfähigen GRUB:
grub2-mkimage --format=x86_64-efi --output=/root/uefi/grubx64.efi --verbose --prefix=/boot/efi
Fedora Linux
Fedora Linux unterstützt das Booten im Secure Boot Modus:
https://docs.fedoraproject.org/en-US/Fedora/18/html/UEFI_Secure_Boot_Guide/sect-UEFI_Secure_Boot_Guide-Implementation_of_UEFI_Secure_Boot-Shim.html
Other distributions have chosen to not require signed kernel modules in their Secure Boot implementation. Fedora believes that to fully support Secure Boot this is required. We are working to limit the impacts of this while ensuring that untrusted module code is not allowed to execute.
Ein Abschalten der SecureBoot Option im Setup ist möglich, das System startet problemlos.
https://github.com/mjg59/shim
