Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 931825 - sys-apps/memtest86+-7.00 GRUB configuration script doesn't produce working entries for EFI images
Summary: sys-apps/memtest86+-7.00 GRUB configuration script doesn't produce working en...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Ben Kohler
Keywords: PullRequest
Depends on:
Reported: 2024-05-12 16:24 UTC by Gabriele Svelto
Modified: 2024-05-13 12:32 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

GRUB configuration file (grub.cfg,6.67 KB, text/plain)
2024-05-13 12:21 UTC, Gabriele Svelto

Note You need to log in before you can comment on or make changes to this bug.
Description Gabriele Svelto 2024-05-12 16:24:43 UTC
When installing memtest86+ on a machine using EFI boot via GRUB the entries generated by the GRUB configuration script that ships with the package don't seem to work.

Reproducible: Always

Steps to Reproduce:
1. Install sys-apps/memtest86+-7.00 with either the uefi64 or uefi32 USE flag enabled, as well as the boot flag
2. Run grub-mkconfig to produce a GRUB configuration file
3. Boot in EFI mode and try to enter one of the generated entries
Actual Results:  
The GRUB entries don't load memtest86+, GRUB prints out an error message instead

Expected Results:  
GRUB launches the memtest86+ executable

I think the problem stems from the use of `chainloader` entries in the grub configuration file. The memtest86+ EFI executables generated on my machine appear to use Linux' EFI Boot Stub and thus cannot be loaded with the `chainloader` command, but they do work using the `linux` command instead.
Comment 1 Ben Kohler gentoo-dev 2024-05-13 10:14:57 UTC
This works for me as it is now.  Typically the image should be bootable in either mode-- as a linux kernel, or chainloaded as an EFI application.

Can you tell me more about your /boot setup? Is it on something besides a flat GPT partition with a simple FS?  Can you share grub.cfg?

I'm just worried that there may be unforseen consequences if we switch to "linux" now.

This may be related to bug 893614.

Comment 2 Gabriele Svelto 2024-05-13 12:20:19 UTC
My system is setup to boot via EFI w/ SecureBoot enabled. My boot chain starts with the shim bootloader (sys-boot/shim-15.6), which hands over the process to a GRUB image generated with:

grub-mkstandalone --directory /usr/lib/grub/x86_64-efi --sbat /usr/share/grub/sbat.csv --format x86_64-efi "/boot/grub/grub.cfg=grub.cfg

The GRUB image is then signed with a key which is loaded in the MOK list. The same key is used to sign the memtest86+ image (via the `SECUREBOOT_SIGN_KEY`/`SECUREBOOT_SIGN_CERT` variables in my make.conf and setting the `secureboot` `USE` flag for sys-apps/memtest86+).

I'll attach my grub.cfg configuration file. The memtest86+ image is stored under /boot/memtest86plus/memtest.efi64. /boot is part of / which is a simple BTRFS partition, I don't use a separate boot partition.
Comment 3 Gabriele Svelto 2024-05-13 12:21:15 UTC
Created attachment 892861 [details]
GRUB configuration file
Comment 4 Ben Kohler gentoo-dev 2024-05-13 12:22:45 UTC
Does that signing get embedded into the memtest EFI image? I wouldn't be surprised if that makes it no longer able to boot as a linux kernel
Comment 5 Gabriele Svelto 2024-05-13 12:32:24 UTC
Yes, the signing happens via `sbsign` just like the Linux kernel (see this code in secureboot.eclass):

If I call the `file` command on the memtest86+ executable it tells me it's a Linux image both before and after signing:

# file /boot/memtest86plus/memtest.efi64
/boot/memtest86plus/memtest.efi64: Linux kernel x86 boot executable bzImage, version Memtest86+ v7.00, RW-rootFS,

And I've verified that my signature is embedded:

# sbverify --list /boot/memtest86plus/memtest.efi64
signature 1
image signature issuers:
 - /CN=Gabriele Svelto
image signature certificates:
 - subject: /CN=Gabriele Svelto
   issuer:  /CN=Gabriele Svelto