Page MenuHomeLubuntu

Cala doesn't do 32-bit UEFI
Open, NormalPublic

Description

So there's these weird machines that have 64-bit machines and 32-bit UEFIs. Sigh.

Here's what Dolphin from MX Linux says we can use to test for this:

grep -q 64 /sys/firmware/efi/fw_platform_size 
grep 64 /sys/firmware/efi/fw_platform_size if running manually lose the -q to see the output

Event Timeline

tsimonq2 created this task.Oct 6 2018, 11:07 PM
tsimonq2 triaged this task as Normal priority.
wxl added a comment.Oct 6 2018, 11:44 PM

So are we saying that 32/32 and 64/64 works fine but not 32/64? Have you reported this upstream?

Nothing 32 works. So it's our issue either way, because we have to install the packages.

wxl added a comment.Oct 6 2018, 11:58 PM

What packages?

wxl added a comment.Oct 7 2018, 12:02 AM

Perhaps we should eschew guesswork in lieu of having someone with an affected machine test something out that we propose?

I guess so; I'll hunt down the guy I found and see if we can get some testing out of him 😄

Climby added a subscriber: Climby.Oct 7 2018, 12:06 AM
wxl added a comment.Oct 7 2018, 12:45 AM

What we learned from the after_bootloader_context.conf is that the two obvious firmwareTypes, bios and efi, are not the sum total of options. In that one, it was reasonable to just apply the same solution to everything. That doesn't work here.

So I see two possible solutions:

  1. Have the command check for the kernel architecture (e.g. uname -m) and conditionally use one or the other package (and yes, I believe grub-efi-ia32 is the right one for 32).
  2. Create a null operation (e.g. /bin/false, as the default config seems to give as an example) for bios and use the wildcard in lieu of efi, so it will match anything that's not bios.

Of the two, I think the first is more direct/straightforward I suspect it will be a bit more fragile and there's something appealingly elegant in the latter.

Thoughts?

I think I can come up with an excuse to get this in after RC freeze, but we should really get 'er done by 18.10.

I agree that the first one is the best option. Again, Dolphin's check is probably the best. We just need to decide on how exactly to go about this... @wxl did stuff with wildcards and shell processes, maybe you can help?

By the way, welcome @Climby. He's our guinea pig. 😄

wxl added a comment.EditedOct 8 2018, 10:31 AM

My concern is that adding any logic within the efi section will actually produce the results we want. In that other issue we had, it seemed to match a 'firmwareType' other than bios or efi. Also, I didn't mean uname, duh. So actually I might propose a mix of the two ideas:

---
firmwareType:
    bios:    /bin/false
    "*":
        -    command: apt-cdrom add -m -d=/media/cdrom/
             timeout: 10
        -    command: apt-get update
             timeout: 120
        -    command: apt install -y --no-upgrade -o Acquire::gpgv::Options::=--ignore-time-conflict grub-efi-$(if [ "$(grep -q 64 /sys/firmware/efi/fw_platform_size)" ]; then echo amd64-signed; else echo ia32; fi)
             timeout: 300
        -    command: apt install -y --no-upgrade -o Acquire::gpgv::Options::=--ignore-time-conflict shim-signed
             timeout: 300
        -    command: sed -i '/deb cdrom/d' /etc/apt/sources.list
             timeout: 10
        -    command: apt-get update
             timeout: 120

I'm not sure if there will be issues with any of those special characters, so it just needs to be tested. @Climby you can boot the live system, replace /etc/calamares/modules/before_bootloader_context.conf with the above, and run the installer. Let me know if you have any problems.

tsimonq2 added a comment.EditedOct 8 2018, 10:36 AM

That sounds good to me, with one exception.

- command: apt install -y --no-upgrade -o Acquire::gpgv::Options::=--ignore-time-conflict grub-efi-$([[ "$(grep 64 /sys/firmware/efi/fw_platform_size)" ]] && echo amd64 || echo ia32)-signed

should be

- command: apt install -y --no-upgrade -o Acquire::gpgv::Options::=--ignore-time-conflict grub-efi-$([[ "$(grep -q 64 /sys/firmware/efi/fw_platform_size)" ]] && echo amd64 || echo ia32)-signed

Otherwise yes, @Climby, all you'd have to do is replace the contents of the /etc/calamares/modules/before_bootloader_context.conf file with @wxl's paste prior to starting the installer, and test if it does the right thing.

We have the ability to test on all other systems except for the 32-bit EFI systems on amd64, so that's just what we need tested.

Oh, and one more thing that @Climby can probably fill us in on. Do we have to worry about secureboot on these devices? i.e. does it hurt to still install shim-signed?

wxl added a comment.Oct 8 2018, 10:38 AM

@tsimonq2 you're missing some characters. also, there's no difference between those two.

My point is @wxl, should be grep -q.

wxl added a comment.Oct 8 2018, 10:41 AM

Updated the earlier comment.

Climby added a comment.EditedOct 8 2018, 7:47 PM
In T97#1975, @wxl wrote:

My concern is that adding any logic within the efi section will actually produce the results we want. In that other issue we had, it seemed to match a 'firmwareType' other than bios or efi. Also, I didn't mean uname, duh. So actually I might propose a mix of the two ideas:

firmwareType:
	    bios:
	    - command: /bin/false
	    "*":
	    - command: apt-cdrom add -m -d=/media/cdrom/
	      timeout: 10
	    - command: apt-get update
	      timeout: 120
	    - command: apt install -y --no-upgrade -o Acquire::gpgv::Options::=--ignore-time-conflict grub-efi-$([[ "$(grep -q 64 /sys/firmware/efi/fw_platform_size)" ]] && echo amd64 || echo ia32)-signed
	      timeout: 300
	    - command: apt install -y --no-upgrade -o Acquire::gpgv::Options::=--ignore-time-conflict shim-signed
	      timeout: 300
	    - command: sed -i '/deb cdrom/d' /etc/apt/sources.list
	      timeout: 10
	    - command: apt-get update
	      timeout: 120

I'm not sure if there will be issues with any of those special characters, so it just needs to be tested. @Climby you can boot the live system, replace /etc/calamares/modules/before_bootloader_context.conf with the above, and run the installer. Let me know if you have any problems.

I tried replacing the contents of /etc/calamares/modules/before_bootloader_context.conf with the above, and when I execute the installer I get the following error message:

In T97#1993, @tsimonq2 wrote:

Oh, and one more thing that @Climby can probably fill us in on. Do we have to worry about secureboot on these devices? i.e. does it hurt to still install shim-signed?

I disable secureboot on my device, but it can be enabled.

I also wanted to mention that bootia32.efi must be present in /EFI/BOOT on the ISO in order to be able to boot on these 32-bit UEFI machines.

wxl added a comment.Oct 8 2018, 7:50 PM

Look in $HOME/.cache/Calamares/session.log for an error that might point us in the right direction.

Climby added a comment.Oct 8 2018, 7:59 PM
In T97#2030, @wxl wrote:

Look in $HOME/.cache/Calamares/session.log for an error that might point us in the right direction.

Attached $HOME/.cache/Calamares/session.log{F243702}

wxl added a comment.Oct 8 2018, 8:36 PM
2018-10-08 - 20:57:26 [1]: ERROR: YAML parser error  yaml-cpp: error at line 2, column 10: illegal map value

What's at that location in the configuration file? Maybe post the whole configuration.

Climby added a comment.EditedOct 8 2018, 8:52 PM

Attached /etc/calamares/modules/before_bootloader_context.conf{F243722}

In T97#2038, @wxl wrote:
2018-10-08 - 20:57:26 [1]: ERROR: YAML parser error  yaml-cpp: error at line 2, column 10: illegal map value

What's at that location in the configuration file? Maybe post the whole configuration.

wxl added a comment.Oct 8 2018, 9:33 PM

Add a --- as the first line.

Climby added a comment.EditedOct 8 2018, 11:57 PM
In T97#2040, @wxl wrote:

Add a --- as the first line.

Still producing an error, here are the newly attached $HOME/.cache/Calamares/session.log{F243838} and /etc/calamares/modules/before_bootloader_context.conf{F243841}

wxl added a comment.Oct 9 2018, 11:02 AM

Revised slightly. Try again.

Climby added a comment.EditedOct 9 2018, 12:10 PM
In T97#2044, @wxl wrote:

Revised slightly. Try again.

The installer runs but I get the following error message when it tries to retrieve grub-efi-ia32-signed

Instead of

	    - command: apt install -y --no-upgrade -o Acquire::gpgv::Options::=--ignore-time-conflict grub-efi-$([[ "$(grep -q 64 /sys/firmware/efi/fw_platform_size)" ]] && echo amd64 || echo ia32)-signed

I'm going to try using

	    - command: apt install -y --no-upgrade -o Acquire::gpgv::Options::=--ignore-time-conflict grub-efi-$([[ "$(grep -q 64 /sys/firmware/efi/fw_platform_size)" ]] && echo amd64 || echo ia32)

That worked! Installation succeeded and I was able to boot no problem.

@wxl I would then suggest we change it to something like this:

	    - command: apt install -y --no-upgrade -o Acquire::gpgv::Options::=--ignore-time-conflict grub-efi-$([[ "$(grep -q 64 /sys/firmware/efi/fw_platform_size)" ]] && echo amd64-signed || echo ia32)

That way it's the best of both worlds.

@Climby Mind giving that one more smoke test? Otherwise, is that the only change you can see to get this working? :)

Oh, right, I was also going to ask about secureboot. @Climby does this work with and without it?

Climby added a comment.Oct 9 2018, 1:24 PM
In T97#2048, @tsimonq2 wrote:

Oh, right, I was also going to ask about secureboot. @Climby does this work with and without it?

Not sure that I'll be able to test with secureboot enabled, as when I try to boot from the live image I get the error Secure Boot Violation Invalid signature detected. Check Secure Boot Policy in Setup.

Not sure that I'll be able to test with secureboot enabled, as when I try to boot from the live image I get the error Secure Boot Violation Invalid signature detected. Check Secure Boot Policy in Setup.

On my computer if I just press Enter I can get past it. Is that not the case with you?

Climby added a comment.EditedOct 9 2018, 1:34 PM
In T97#2050, @tsimonq2 wrote:

Not sure that I'll be able to test with secureboot enabled, as when I try to boot from the live image I get the error Secure Boot Violation Invalid signature detected. Check Secure Boot Policy in Setup.

On my computer if I just press Enter I can get past it. Is that not the case with you?

Nope, it just takes me back to the UEFI Setup screen

Harumph.

Well, I think this is good enough for now. I'll talk to Dolphin and see if there's anything else we should be considering.

wxl added a comment.Oct 9 2018, 2:25 PM

Yes, it should not be -signed on ia32. My bad.

However, I'm surprised it works since the error seems to suggest /bin/sh is being used (which tends to be the default; again my bad) and sadly that means no [[ (which you can see in the error). The more portable way to do this would be to replace:

[[ "$(grep -q 64 /sys/firmware/efi/fw_platform_size)" ]] && echo amd64-signed || echo ia32

with

if [ "$(grep -q 64 /sys/firmware/efi/fw_platform_size)" ]; then echo amd64-signed; else echo ia32; fi

Sounds good to me.

@wxl Could you please create a diff so we can get some final testing out of @Climby and land this thing? :)

wxl added a comment.Oct 9 2018, 2:42 PM

Revised the thing again.

Climby added a comment.Oct 9 2018, 6:06 PM
In T97#2062, @wxl wrote:

Revised the thing again.

Just tested and it works!

wxl added a comment.Oct 11 2018, 4:00 PM

@Climby this has officially landed but there's a wee little error preventing the installer from behaving properly. You can get around this with sudo wget -O /etc/calamares/branding/lubuntu/icon.png https://phab.lubuntu.me/file/data/moj3rnsr7vten43wzesn/PHID-FILE-gfg2n5xho5hlt7afdjnz/icon.png and then run the installer like normally.

Climby added a comment.EditedOct 16 2018, 2:25 AM

I just tested the latest daily build and I'm receiving the following error upon grub installation

Here is the Calamares session.log{F247410}

I was successfully able to boot after a chroot to installation target and running the following:
grub-install --efi-directory /boot/efi
update-grub

I also still had to add bootia32.efi to the ISO under /EFI/BOOT

wxl added a comment.Oct 16 2018, 10:14 PM

We currently have problems with encryption + EFI which we'll punt until next release, unfortunately.

However, @Climby I'm surprised you're having problems. You're not using encryption, right? Did you manual partition or what?

Climby added a comment.EditedOct 16 2018, 10:56 PM
In T97#2209, @wxl wrote:

We currently have problems with encryption + EFI which we'll punt until next release, unfortunately.

However, @Climby I'm surprised you're having problems. You're not using encryption, right? Did you manual partition or what?

No encryption. I did a manual partition with a 100mb FAT32 ESP, 4gb swap and the rest a root ext4 partition.

wxl added a comment.Oct 16 2018, 11:02 PM

Oh, actually we found it. Changing /etc/modules/before_bootloader_context.conf like so should fix it:

diff --git a/lubuntu/modules/before_bootloader_context.conf b/lubuntu/modules/before_bootloader_context.conf
index 064594a..1c6d60c 100644
--- a/lubuntu/modules/before_bootloader_context.conf
+++ b/lubuntu/modules/before_bootloader_context.conf
@@ -8,13 +8,11 @@ firmwareType:
     "*":
         -    command: apt-cdrom add -m -d=/media/cdrom/
              timeout: 10
+        -    command: sed -i '/deb http/d' /etc/apt/sources.list
+             timeout: 10
         -    command: apt-get update
              timeout: 120
         -    command: apt install -y --no-upgrade -o Acquire::gpgv::Options::=--ignore-time-conflict grub-efi-$(if grep -q 64 /sys/firmware/efi/fw_platform_size; then echo amd64-signed; else echo ia32; fi)
              timeout: 300
         -    command: apt install -y --no-upgrade -o Acquire::gpgv::Options::=--ignore-time-conflict shim-signed
              timeout: 300
-        -    command: sed -i '/deb cdrom/d' /etc/apt/sources.list                                       
-             timeout: 10                                                                                
-        -    command: apt-get update                                                                    
-             timeout: 120  
Climby added a comment.EditedOct 17 2018, 12:00 AM

I made those changes and still getting the following error:

Here is my /etc/calamares/modules/before_bootloader_context.conf file{F248190}

Here is my ~/.cache/Calamares/session.log{F248192}

tsimonq2 reassigned this task from tsimonq2 to wxl.Oct 30 2018, 2:11 PM
Setting up grub-efi-ia32 (2.02+dfsg1-5ubuntu7) ...
Unknown terminal: qterminal
Check the TERM environment variable.
Also make sure that the terminal is defined in the terminfo database.
Alternatively, set the TERMCAP environment variable to the desired
termcap entry.
debconf: whiptail output the above errors, giving up!
dpkg: error processing package grub-efi-ia32 (--configure):
installed grub-efi-ia32 package post-installation script subprocess returned error exit status 255
Errors were encountered while processing:
 grub-efi-ia32
E: Sub-process /usr/bin/dpkg returned an error code (1)

Maybe this is the same problem as in T170?