Gentoo Forums :: View topic - Wrong partition in GRUB with secure boot and UKI

Wrong partition in GRUB with secure boot and UKI

View unanswered posts
View posts from last 24 hours

Gentoo Forums Forum Index

Installing Gentoo

View previous topic :: View next topic

Author

Message

herberteuler
n00b
n00b

Joined: 02 Apr 2005
Posts: 36

Posted: Wed May 14, 2025 2:20 pm Post subject: Wrong partition in GRUB with secure boot and UKI

Hello community,

I have a new Gentoo installation with UKI and secure boot enabled. I am using Shim, which can boot into the GRUB interface, but the kernel entry is invalid.

Here is my partition info:

Code:

/dev/sda2: UUID="746c50da-db9a-4e00-8cfc-7bb56a437d2f" BLOCK_SIZE="512" TYPE="xfs" PARTUUID="a39433a8-7478-4a9a-bdf4-0a93e763fb31"
/dev/sda1: UUID="C526-7530" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="ddd8e9b0-e9b3-498b-8003-86ee08d164a1"

/dev/sda1 is mounted as /efi, and /dev/sda2 as /, and kernel installation says

Code:

Backing up existing grub config as /efi/EFI/gentoo/grub.cfg~
Generating new GRUB config as /efi/EFI/gentoo/grub.cfg
Generating grub configuration file ...
Found linux image: /efi/EFI/Linux/bce19cc36d15ec921fd9273468184d7a-6.12.21-gentoo-gentoo-dist.efi
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
Adding boot menu entry for UEFI Firmware Settings ...
done
/usr/lib/kernel/install.d/91-grub-mkconfig.install succeeded.

All look good, except the generated GRUB entry is

Code:

menuentry 'Gentoo GNU/Linux' --class gentoo --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-746c50da-db9a-4e00-8cfc-7bb56a437d2f' {
load_video
insmod gzio
insmod part_gpt
insmod xfs
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 746c50da-db9a-4e00-8cfc-7bb56a437d2f
else
search --no-floppy --fs-uuid --set=root 746c50da-db9a-4e00-8cfc-7bb56a437d2f
fi
echo 'Loading Linux bce19cc36d15ec921fd9273468184d7a-6.12.21-gentoo-gentoo-dist.efi ...'
linux /EFI/Linux/bce19cc36d15ec921fd9273468184d7a-6.12.21-gentoo-gentoo-dist.efi root=PARTUUID=a39433a8-7478-4a9a-bdf4-0a93e763fb31 ro
}

grub-mkconfig somehow selects the root partition (a39433a8-7478-4a9a-bdf4-0a93e763fb31) instead of the ESP partition (ddd8e9b0-e9b3-498b-8003-86ee08d164a1), causing the kernel file unable to be found.

What can I do to fix it? Thanks.

pingtoo
Veteran
Veteran

Joined: 10 Sep 2021
Posts: 1680
Location: Richmond Hill, Canada

Posted: Wed May 14, 2025 4:57 pm Post subject: Re: Wrong partition in GRUB with secure boot and UKI

herberteuler wrote:

Code:

/dev/sda1 is mounted as /efi, and /dev/sda2 as /, and kernel installation says

Code:

All look good, except the generated GRUB entry is

Code:

This looks to me /dev/sda1 is not mounted at the time when you install kernel.

if you expect to use uki then you should consider drop GRUB as boot loader and use EFI directly. if you want GRUB+uki then what is "layout=" in /usr/lib/kernel/install.conf and/or /etc/kernel/install.conf? the sys-kernel/installkernel have predefined way of install depend on that "layout=XXXX" you should try man installkernel for information.

Or you just want to fix so you can get into Gentoo/Linux? you can modify the /efi/EFI/gentoo/grub.cfg change all ther reference "hd0,gpt2" to "hd0,gpt1", "xfs" to "fat" and uuid "746c50da-db9a-4e00-8cfc-7bb56a437d2f" to "C526-7530". However this will likely lost next time when you install kernel again.

herberteuler
n00b
n00b

Joined: 02 Apr 2005
Posts: 36

Posted: Wed May 14, 2025 8:04 pm Post subject:

I see. I tried a few GRUB commands from its own CLI, but when I typed the "linux..." command with the correct partition and kernel file path, I got the "invalid magic number" error. AI told me to try chainloader, but that did not work either. Then I found this and this, confirming that what I am trying is impossible to achieve yet. I will revert UKI, continue to get this system up and running, and set up UKI with a different method later. Thanks.

pietinger
Moderator

Joined: 17 Oct 2006
Posts: 5734
Location: Bavaria

Posted: Wed May 14, 2025 10:02 pm Post subject:

herberteuler wrote:

[...] and set up UKI with a different method later.

To make manually an "UKI" you have to create a kernel image which contains all relevant parts. This is the list:

1. Kernel needs an efi-stub (*). Our Gentoo-distribution kernel is already correct configured (if you configure your kernel manually then it is enabled as default also) ... just check it:
https://wiki.gentoo.org/wiki/EFI_stub#EFI_stub_support

2. You CAN emebedd the kernel command line parameter into the kernel OR use UEFI when creating the UEFI entry:
https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Kernel_Commandline_Parameter

3. Embedd your CPU microcode into the kernel:
https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Manual_Configuring_Kernel_Version_6.12#CPU_Microcode

4. Embedd all your firmware files into the kernel
https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Manual_kernel_configuration#Driver_needs_Firmware
(to get a list use "dmesg | grep firmware" after booting with our GentooLiveCD -> https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Manual_kernel_configuration#Before_you_start )

5. Embedd you external CPIO (=initramfs) into the kernel:
https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Initramfs_Overview#Special_Case:_Building_an_embedded_initramfs_with_a_CPIO_archive

(* Today an "UKI" is only named UKI if it uses the efi-stub from sytemd ... I dont care about this academic nonsense ... I have built my "UKI" before many years with the kernel's efistub when the term UKI did not yet exist)

See also: https://uapi-group.org/specifications/specs/unified_kernel_image/

(I hate this sentence: "systemd-stub provides the reference implementation of the stub.")
_________________
https://wiki.gentoo.org/wiki/User:Pietinger

herberteuler
n00b
n00b

Joined: 02 Apr 2005
Posts: 36

Posted: Wed May 14, 2025 11:50 pm Post subject:

pietinger wrote:

Thank you so much for the detailed information!

Nowa
Developer

Joined: 25 Jun 2014
Posts: 486
Location: Nijmegen

Posted: Sun May 18, 2025 1:19 pm Post subject:

herberteuler wrote:

I tried a few GRUB commands from its own CLI, but when I typed the "linux..." command with the correct partition and kernel file path, I got the "invalid magic number" error. AI told me to try chainloader, but that did not work either.

An UKI is an EFI executable and therefore should be loaded with the "chainload" command instead of the "linux" command.

Quote:

Then I found this and this, confirming that what I am trying is impossible to achieve yet.

Impossible, no. Difficult, yes. It will work if you apply the Fedora/Red Hat patches linked in the bug report you found.
_________________
OS: Gentoo 6.10.12-gentoo-dist, ~amd64, 23.0/desktop/plasma/systemd
MB: MSI Z370-A PRO
CPU: Intel Core i9-9900KS
GPU: Intel Arc A770 16GB & Intel UHD Graphics 630
SSD: Samsung 970 EVO Plus 2 TB
RAM: Crucial Ballistix 32GB DDR4-2400

Display posts from previous:

	Gentoo Forums Forum Index Installing Gentoo	All times are GMT
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy

	
		OSZAR »