I attach a patch that makes Secure Boot minimal image minimal grub.cfg to seach for /disk/.info instead of /live/vmlinuz.
This fixes unbootable Secure Boot (even if you boot with Secure Boot turned off) when live-build is setup to build with more than one linux kernel flavour. This has been tested in: * HP250 G6 2X60EA with UEFI Boot and Secure Boot turned off (Boot from UEFI USB) * Tianacore (Boot from UEFI CDROM) ( Note: The actual test had this additional patch: https://github.com/rescatux/live-build/commit/ad11d1c44909466baa259c2716d126dc9bc54080.patch applied to it. This enables the final user to use: --linux-flavours "686 amd64:amd64" ) Thus I conclude it works in binary_iso outputs. The same thing that happens with grub-efi enabled outputs. I never added added grub-efi support for either binary_hdd or binary_netboot and it seems nobody else added it. So I guess, as long as we only support binary_iso it's fine for now to rely on /disk/.info (only generated by xorriso) till we find a better method (like the one suggested by Thomas). Thank you. adrian15 -- Support free software. Donate to Super Grub Disk. Apoya el software libre. Dona a Super Grub Disk. http://www.supergrubdisk.org/donate/
>From 8e5f36048559a00abbd7102ab0f7ecb2f278bf4f Mon Sep 17 00:00:00 2001 From: adrian15 <adrian15...@gmail.com> Date: Sat, 9 Mar 2019 14:49:01 +0100 Subject: [PATCH] Detect device media by its /.disk/info file. This fixes Secure Boot boot when internal hard disks have /live/vmlinuz files in it. --- scripts/build/binary_grub-efi | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/scripts/build/binary_grub-efi b/scripts/build/binary_grub-efi index 7afa07eb7..6e402683d 100755 --- a/scripts/build/binary_grub-efi +++ b/scripts/build/binary_grub-efi @@ -215,12 +215,11 @@ esac # look in that partition for a grub.cfg file, and even if it finds it # it will not be able to find the vmlinuz and initrd. # Drop a minimal grub.cfg in the EFI partition that sets the root and prefix -# to whatever partition holds the /live/vmlinuz image, and load the grub +# to whatever partition holds the /.disk/info file, and load the grub # config from that same partition. -# This is what the Ubuntu livecd already does. mkdir -p ${_CHROOT_DIR}/grub-efi-temp-cfg cat >${_CHROOT_DIR}/grub-efi-temp-cfg/grub.cfg <<EOF -search --set=root --file /live/vmlinuz +search --set=root --file /.disk/info set prefix=(\\\$root)/boot/grub configfile (\\\$root)/boot/grub/grub.cfg EOF