On Tue, 1 Oct 2019 at 16:19, Peter Humphrey <pe...@prh.myzen.co.uk> wrote: > > On Tuesday, 1 October 2019 15:32:27 BST Mick wrote: > > On Tue, 1 Oct 2019 at 13:18, Mick <michaelkintz...@gmail.com> wrote: > > > When using Secure Boot the UEFI firmware check the binaries to be > > > loaded have been signed by Microsoft. The 'SHA256 verified' message > > > indicates the systemd-boot binary is signed using a key which is > > > ultimately signed by Microsoft and is contained in the whitelist > > > (MokList). If the verification failed I think it would spit something > > > back to allow you to enrol a valid hash or key. > > > > Scratch that - the message itself is a debug message following an > > early SHA-256 implementation self-test[1] before the systemd provided > > random seed file is loaded. All the Secure Boot signature checks that > > follow will utilise the random seed file systemd provides. > > > > [1] > > https://github.com/systemd/systemd/blob/4c858c6fd5d588b30d9851bb576520e74b0 > > 41739/src/boot/efi/random-seed.c#L172 > > Okay, thanks. > > [I hope I've been clear enough in what follows :) ] > > Yet another attempt. I've repartitioned the disk without the unformatted > partition, as in Neil's usual scheme; deleted all boot entries using > efibootmgr; allowed the UEFI BIOS to set itself up again; and run 'bootctl > update' to copy the latest kernel into place. > > Then, bootctl status shows this: > Default Boot Loader Entry: > title: Gentoo TestSys 4.19.72 (no network) > id: 92-testsys-4.19.72.nonet > source: /boot/loader/entries/92-testsys-4.19.72.nonet.conf > linux: /vmlinuz-4.19.72-gentoo-testsys > options: root=/dev/sda4 initrd=/intel-uc.img net.ifnames=0 > softlevel=nonetwork > > That's supposed to be a secondary entry, not the primary, so I tried to set a > different default. Man bootctl includes this: > set-default ID, set-oneshot ID > Sets the default boot loader entry. Takes a single boot loader > entry ID > string as argument. The set-oneshot command will set the default > entry only > for the next boot, the set-default will set it persistently for > all future > boots. > > bootctl list output includes this entry: > title: Gentoo Linux 4.19.72 > id: 30-gentoo-4.19.72 > source: /boot/loader/entries/30-gentoo-4.19.72.conf > linux: /vmlinuz-4.19.72-gentoo > options: root=/dev/nvme0n1p4 initrd=/intel-uc.img net.ifnames=0 > > That's the one I want to set as default, but then: > # bootctl set-default 30-gentoo-4.19.72 > Failed to update EFI variable: Invalid argument > > What is this ID supposed to be, if not the ID shown by bootctl list? Oh, and > efivars is mounted rw, of course.
I admire your patience! I would have moved on to some other boot manager a long time ago. :-) As I understand it this ID must be the ID bootctl itself reports. However, earlier bootctl versions do not have this set-default ID subcommand. If you run bootctl with no arguments does it show up? > Bootctl and efibootmgr seem to operate orthogonally, at least in some > respects, which doesn't help me to uderstand what's going on. If you follow the UEFI spec and store one kernel per EFI/ subdirectory, the UEFI firmware will pick them up on its own and the efibootmgr will list them. I would think bootctl will also pick them up and add them in its own menu. If you use a suitable alphanumeric nomenclature to elevate the subdirectory of your kernel of choice, it should be selected as the default (hopefully). Meanwhile, assuming you have set the systemd-boot timeout to a value greater than 0, you could try pressing 'd' after you move the cursor to the desired kernel image. I think it sets the selected image as a default, but I don't have a systemd-boot available to see if it merely boots the existing default setting. -- Regards, Mick
