EFI ISO and Secure Boot Support

[Luke]

Happy Christmas

Thought I'd share my work. Patched the installer so EFI is now secure boot and built into the iso.

Most iso to usb tools should work fine.

Find the git here

[Luke]

patch is attached

[fgdn17]

so you just build an iso as normal BUT it now has EFI capabilities in it???

or is it you build an efi_img and it gives an .img as well as a iso????

what if your building an iso with a 64 bit kernel???

[Luke]

First question is correct. Use the lunch menu to select 32 or 64bit and build with iso_img

Or 32bit user space with 64bit kernel and build with iso_img also works

[rbg]

patch has been applied......

UNOFFICIAL EFI_ISO TEST BUILD

*****************************************************************

---- FOR TESTING PURPOSES ONLY----

*****************************************************************

WARNING: be advised that:

 - These changes may contain bugs that could cause DATA LOSS.

 - The iso was simply tested for boot and a couple things checked...

 - for uEFI booting on GPT disk it is UNTESTED...

 Use it AT YOUR OWN RISK. YOU WERE ADVISED

*****************************************************************

please supply: logcat / dmesg / lsmod / lspci -k to help developer

check these forums if unsure how to get the above...plenty

of help and HOWTO's..

TEST BUILD available here:

 https://drive.google.com/folderview?id=0B21yjYHo50PEdGptZkU2dnB5UGc&usp=sharing#list

"Marshmallow-x86 is still under development. 

It's not guaranteed to run on any device. 

On Saturday, December 26, 2015 at 8:53:49 AM UTC-5, Luke wrote:

patch is attached

[Chih-Wei Huang]

Many thanks for the nice work.
I'll pull it after testing.



--
Chih-Wei
Android-x86 project
http://www.android-x86.org

[Chih-Wei Huang]

2015-12-29 2:11 GMT+08:00 Chih-Wei Huang <cwh...@android-x86.org>:
> 2015-12-25 19:12 GMT+08:00 Luke <hath...@gmail.com>:
>> Happy Christmas
>>
>> Thought I'd share my work. Patched the installer so EFI is now secure boot
>> and built into the iso.
>>
>> Most iso to usb tools should work fine.
>>
>> Find the git here
>
> Many thanks for the nice work.
> I'll pull it after testing.

I'm testing it.
There is a missed dependency which
results in the error:

out/host/linux-x86/bin/mkbootfs bootable/newinstaller/install/ | gzip
-9 > out/target/product/x86_64/install.img
----- Making iso image ------
sed: can't read out/target/product/x86_64/boot/boot/grub/grub.cfg: No
such file or directory
make: *** [out/target/product/x86_64/android_x86_64.iso] Error 2

It's OK. I've corrected.

BTW, there are some binaries in your patches.
Could you explain where are they from?

boot/boot/grub/efi.img
install/grub2/efi/boot/BOOTx64.EFI
install/grub2/efi/boot/grubx64.efi

Besides, you delete the 32-bit efi
install/grub2/efi/boot/bootia32.efi
which means it's unable to boot from 32-bit
UEFI device now.
Could you add it back.

Anyway, thank you for the nice work!

[Luke]

Thanks for testing.

They are the official Ubuntu binarys. I'll find the 32bit binarys and add them.

[JJ Meijer]

Ubuntu doesn't supply them but ArchBoot does, could save you some some compiling it yourself:

https://drive.google.com/open?id=0B9vJ9JSuyPijR2NZYXNIek5iVFU

[Chih-Wei Huang]

2016-01-02 4:51 GMT+08:00 Luke <hath...@gmail.com>:
> Thanks for testing.
> They are the official Ubuntu binarys. I'll find the 32bit binarys and add them.

After pulling your repo and build the iso as usual,
Then I use dd to dump it to a usb disk and tested it.
But it can't be booted from UEFI devices as I expected.
What I tested are some ASUS notebooks,
as well as MS Surface 3 / Pro 4.
All can't boot the usb disk.

Did I miss something?
Or I misunderstood what your patch did?

[fgdn17]

FWIW:

when testing on 12-24-25 I used RUFUS to build my USB, selected

MBR partition scheme for BIOS or UEFI

create bootable disk, selected downloaded .iso file (android_x86-6.0.1_r3-EFI-20151226)

built fine, booted ok using efi/gpt disk on my asus pbz77-m motherboard,

CMS set up as BIOS or uEFI, where I could run it as live....

[JJ Meijer]

So you're actually not sure you used efi to boot it?

Implementing efi really isn't rocket science, just put the precompiled files on a supported partition type in the right location for the BIOS to find it.

[fgdn17]

FYI -

not sure who your addressing BUT I'm sure I actually used efi to boot it.....

the USB created gives 2 selections when you boot it, just the name of the usb and then the name of the usb with EFI in the string...

on my uEFI/GPT setup the usb with just the name of the string won't boot, the usb with EFI in the string will boot.....

[fgdn17]

and BTW...it installs correctly to my GPT disk and boots fine using GRUB2WIN as I'm dual-booting
with win10 on the disk....

[JJ Meijer]

Thanks for that, your last sentence made me doubt you knew what you did.

[fgdn17]

well I guess I should feel sorry for your lack of understanding...but whatever

[Luke]

Hey

I am yet to test dd dump. Due to users more likely to use tools like 'rufus' that was my first priority.

32bit uefi is currently in the works and will keep everyone posted on the progress.

[Luke]

Git has been updated with fixes.

Added bootia32.efi from Debian. This does not support secure boot.

Fixed dd dump support for 64bit uefi. Dont think 32bit uefi will work until bootia32.efi is added to efi.img

Fixed grub2 having ????? as border

[Chih-Wei Huang]

2016-01-04 15:32 GMT+08:00 Luke <hath...@gmail.com>:
> Git has been updated with fixes.
>
> Added bootia32.efi from Debian. This does not support secure boot.
>
> Fixed dd dump support for 64bit uefi. Dont think 32bit uefi will work until
> bootia32.efi is added to efi.img

I've tested the dd dump and it works.

But I hope the 32-bit uefi could be fixed
before I pull it.

Thank you for the contribution.

[Luke]

Git updated

Added bootia32.efi to efi.img

Could you please test

[Chih-Wei Huang]

2016-01-06 19:29 GMT+08:00 Luke <hath...@gmail.com>:
> Git updated
>
> Added bootia32.efi to efi.img
>
> Could you please test

Unfortunately it doesn't work as I expected.
The UEFI BIOS detects my usb disk
as a UEFI bootable device. (good)
But when I chose to boot it,
it failed (no any message) and just fallback
to the next boot device.

It doesn't work on both 32-bit and 64-bit UEFI devices I have.

[Luke]

Oops sorry should be all fixed now.

[zhongtian xie]

yes, i also met that's  problem  

--
You received this message because you are subscribed to the Google Groups "Android-x86" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-x86...@googlegroups.com.
To post to this group, send email to andro...@googlegroups.com.
Visit this group at https://groups.google.com/group/android-x86.
For more options, visit https://groups.google.com/d/optout.

[Charles Milette]

Any plans about signing the kernel and initrd.img and adding the key to shim's MOK for GRUB to check the integrity before booting Android?

Or maybe just signing it and providing, for those who want that added safety, the public key for manually adding to the MOK?