[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1033913: marked as done (partman-auto-lvm: Broken "Guided - use entire disk and set up LVM" in UEFI mode)

Your message dated Thu, 13 Apr 2023 13:03:56 +0000
with message-id <E1pmwcG-0062JZ-NY@fasolo.debian.org>
and subject line Bug#1033913: fixed in partman-efi 99
has caused the Debian Bug report #1033913,
regarding partman-auto-lvm: Broken "Guided - use entire disk and set up LVM" in UEFI mode
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1033913: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033913
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: partman-auto-lvm
Version: 87
Severity: serious
Justification: Maintainer says so

TL;DR: Answering “Yes” to the “Force UEFI installation?” makes sure the
installer pulls the right bootloader packages, despite misreading the
situation.

I've discovered this while testing D-I Bookworm RC 1 but also confirmed
it already existed in D-I Bookworm Alpha 2, and I'm therefore filing it
against the version found in the previous release (and deciding not to
block the Bookworm RC 1 release on it).

----

For baremetal tests on laptops requiring various firmware packages, I've
been using guided partitioning since forever, with one of these:
 - Guided - use entire disk
 - Guided - use entire disk and set up encrypted LVM

The former is used most of the time since it's slightly faster (fewer
prompts), while the latter is only used once in a while, to make sure a
“real” laptop-oriented install works fine (since every laptop should be
encrypted in my opinion).

Since I had just tested “Guided - use entire disk” in a virtual machine,
I decided to pick this instead when switching to the first laptop
(Asus Vivobook S14/S15 but that's very likely not a factor):
 - Guided - use entire disk and set up LVM

And… *WOW!*

The first surprise is this prompt:

    Force UEFI installation?

    This machine's firmware has started the installer in UEFI mode but
    it looks like there may be existing operating systems already
    installed using "BIOS compatibility mode". If you continue to
    install Debian in UEFI mode, it might be difficult to reboot the
    machine into any BIOS-mode operating systems later.

    If you wish to install in UEFI mode and don't care about keeping the
    ability to boot one of the existing systems, you have the option to
    force that here. If you wish to keep the option to boot an existing
    operating system, you should choose NOT to force UEFI installation
    here.

which defaults to No.

That's very surprising since the only operating system prior to the
installation was a Debian system, which was getting entirely erased (due
to using the full disk), and was installed in UEFI mode anyway.

I went for the default choice, since we expect the installer to make
smart suggestions, and unsuspecting users shouldn't have to know better.

That means we end up with installing grub-pc instead of grub-efi-amd64
and shim, being prompted where to install GRUB, and of course when it's
time to reboot, the UEFI firmware rightfully refuses to boot anything
since there's absolutely no signature whatsoever, which isn't a great
idea under Secure Boot:

    Secure Boot Violation

    Invalid signature detected. Check Secure Boot Policy in Setup.


Some additional info:
 - As mentioned in TL;DR, this can be worked around by answering Yes to
   “Force UEFI installation?”.
 - It doesn't seem to be dependent on possible traces of an existing
   system prior to the installation: Debian installed on the entire disk
   or with encrypted LVM on the entire disk doesn't seem to make a
   difference. Starting with a wiped disk (writing ~ 2 GB worth of
   zeros at the beginning of the disk) doesn't make a difference either.
 - It very much looks like the intermediary states are slightly
   different when setting up LVM and when setting up encrypted LVM, and
   the LVM case case leads to some confusion in partman-efi's
   /lib/partman/init.d/50efi (which logs to /var/log/partman rather than
   to /var/log/syslog): “Found 0 ESPs, 3 non-ESPs”.
 - I'm filing this issue against partman-auto-lvm though, for
   discoverability purposes.


Cheers,
-- 
Cyril Brulebois (kibi@debian.org)            <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

--- End Message ---
--- Begin Message --- 
Source: partman-efi
Source-Version: 99
Done: Steve McIntyre <93sam@debian.org>

We believe that the bug you reported is fixed in the latest version of
partman-efi, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1033913@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve McIntyre <93sam@debian.org> (supplier of updated partman-efi package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 10 Apr 2023 00:22:53 +0100
Source: partman-efi
Architecture: source
Version: 99
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Steve McIntyre <93sam@debian.org>
Closes: 834373 1033913
Changes:
 partman-efi (99) unstable; urgency=medium
 .
   * Fix detection of BIOS-bootable systems. Closes: #834373, #1033913
Checksums-Sha1:
 c6669f6568735b3d7ebb0df2d728d7977f6998dc 1717 partman-efi_99.dsc
 dbbbdab03485b088b7f77d4e3dac02af68825c61 61736 partman-efi_99.tar.xz
 0be5a2e6a02627a730932166b5274c7b3686d800 6079 partman-efi_99_source.buildinfo
Checksums-Sha256:
 474899b3adc810fea0381266a8550dc3fdaff395ed453bcae27c0c0b7da470bf 1717 partman-efi_99.dsc
 ae7ab27997eac2b53d3cb1ddb49611e64a1278d50ca7fec6a95f78e0eda6d66e 61736 partman-efi_99.tar.xz
 5c662acc5d38e971be64fcf442ab0f9326fd52c8752b9d28d612a7dad8fe15ca 6079 partman-efi_99_source.buildinfo
Files:
 194a88a5494016558ba2211655a5d70b 1717 debian-installer standard partman-efi_99.dsc
 b9dbcd93d2cc9435a01d535337d8440c 61736 debian-installer standard partman-efi_99.tar.xz
 0e8d0c4db41491f91c7c01ee87e32db8 6079 debian-installer standard partman-efi_99_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCAAvFiEEzrtSMB1hfpEDkP4WWHl5VzRCaE4FAmQ3+lsRHDkzc2FtQGRl
Ymlhbi5vcmcACgkQWHl5VzRCaE62+xAAnCK8/8OHZZSZWfFU5Opr4y600a5A3hbF
aifV41WVXKyAgsZKvt8tnhwK0XGf4vWXiuZUv29KQFRfVLTUA2a3T9vWLg7kQIIW
rmpKHy/Z4o+lo86WmsmTkbkWdDS2Aq6u1hK+sGrtjKmTqWlsOYs+WvRzJ0PH9jaC
reoYlzYdtCOA5hJpSKNpUA5ilwtOFAFqadF3Sddh+D/sO/ICMPAEn/YP0F/R9EOy
UbXjL7vOqQny6c5wqrleWaZdglklOmb9tGau7GdzBudCCdJSfCRQHrVpu5mK3QS2
T8hCeZdu1ue10Sv7+yUJZRU9n8b5XLaG0h4XwSKCI8Ilq3WX+ZbLTd5twSg9SMUV
psu6KCEsZOpFip0oOGAEfcnm4MfqOuA29BSQHAwNM0vgZ1Q9jNR/VqK/mR5bA0gN
OLLd5PpAzkIZ+WPl5hq2LPVUHzQTE4nM44Uw1NrZBCyHeflw1ybtUqYefEcSAup/
PFKFSUbN559Gayc5aVQ4GqZn7yCWuX74Q5Ibu4kedMEAlOvUBT4p1bH8fmAY2hIf
noVo8Aq8InnW41NqnZyH7qCT+WYdPA0SpsjgJrv7FHPnaM6J0DFludi2rP0mzWA4
If21R96v6NIMhwqKfWh5B8nLSiJBR+Bp/THif+y+m0TD4zMVl4/rc3kOFMBnGMtZ
9vScpHpF1Nc=
=ldAp
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: