When installing memtest86+ on a machine using EFI boot via GRUB the entries generated by the GRUB configuration script that ships with the package don't seem to work. Reproducible: Always Steps to Reproduce: 1. Install sys-apps/memtest86+-7.00 with either the uefi64 or uefi32 USE flag enabled, as well as the boot flag 2. Run grub-mkconfig to produce a GRUB configuration file 3. Boot in EFI mode and try to enter one of the generated entries Actual Results: The GRUB entries don't load memtest86+, GRUB prints out an error message instead Expected Results: GRUB launches the memtest86+ executable I think the problem stems from the use of `chainloader` entries in the grub configuration file. The memtest86+ EFI executables generated on my machine appear to use Linux' EFI Boot Stub and thus cannot be loaded with the `chainloader` command, but they do work using the `linux` command instead.
This works for me as it is now. Typically the image should be bootable in either mode-- as a linux kernel, or chainloaded as an EFI application. Can you tell me more about your /boot setup? Is it on something besides a flat GPT partition with a simple FS? Can you share grub.cfg? I'm just worried that there may be unforseen consequences if we switch to "linux" now. This may be related to bug 893614. Thanks
My system is setup to boot via EFI w/ SecureBoot enabled. My boot chain starts with the shim bootloader (sys-boot/shim-15.6), which hands over the process to a GRUB image generated with: grub-mkstandalone --directory /usr/lib/grub/x86_64-efi --sbat /usr/share/grub/sbat.csv --format x86_64-efi "/boot/grub/grub.cfg=grub.cfg The GRUB image is then signed with a key which is loaded in the MOK list. The same key is used to sign the memtest86+ image (via the `SECUREBOOT_SIGN_KEY`/`SECUREBOOT_SIGN_CERT` variables in my make.conf and setting the `secureboot` `USE` flag for sys-apps/memtest86+). I'll attach my grub.cfg configuration file. The memtest86+ image is stored under /boot/memtest86plus/memtest.efi64. /boot is part of / which is a simple BTRFS partition, I don't use a separate boot partition.
Created attachment 892861 [details] GRUB configuration file
Does that signing get embedded into the memtest EFI image? I wouldn't be surprised if that makes it no longer able to boot as a linux kernel
Yes, the signing happens via `sbsign` just like the Linux kernel (see this code in secureboot.eclass): https://github.com/gentoo/gentoo/blob/master/eclass/secureboot.eclass#L143-L171 https://github.com/gentoo/gentoo/blob/master/eclass/secureboot.eclass#L130 If I call the `file` command on the memtest86+ executable it tells me it's a Linux image both before and after signing: # file /boot/memtest86plus/memtest.efi64 /boot/memtest86plus/memtest.efi64: Linux kernel x86 boot executable bzImage, version Memtest86+ v7.00, RW-rootFS, And I've verified that my signature is embedded: # sbverify --list /boot/memtest86plus/memtest.efi64 signature 1 image signature issuers: - /CN=Gabriele Svelto image signature certificates: - subject: /CN=Gabriele Svelto issuer: /CN=Gabriele Svelto ```
