Yann7
November 16, 2023, 8:18pm
1
I installed Qubes 4.1.2 on an external SSD and configured it for 2 weeks using Lenovo laptop compatible Intel VT-x and VT-d (where I unlocked the bios settings) without restarting it because I was not yet on EFI.
When I installed it, I did not encrypt it because depending on the computer on which I wanted to boot it, the keyboard can be either AZERTY or QWERTY and I cannot change it to enter my code.
When I turned off the laptop to move outside, it was impossible to boot.
I tried to boot on another computer that is used to boot on Linux distributions and impossible too.
Can you help me, please?
Yann7
November 16, 2023, 9:30pm
3
I mounted the EFI partition of my QubesOS hard drive in a Linux distribution to rename grubx64.efi and grubx64.cfg to bootx64.efi and bootx64.cfg but I don’t understand the rest of the instructions.
I tested again to boot and it now offers me a Minimal BASH of GNU GRUB version 2.04 but it does not go further.
Just to make sure, you’ve renamed grub.cfg to bootx64.cfg and not the grubx64.cfg file that shouldn’t exists there?
What’s the content of bootx64.cfg?
Yann7
November 17, 2023, 12:25am
5
the file was called grubx64.cfg which I renamed to bootx64.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub2-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
else
set default="${saved_entry}"
fi
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi
export menuentry_id_option
if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
}
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
if loadfont unicode ; then
set gfxmode=auto
load_video
insmod gfxterm
set locale_dir=$prefix/locale
set lang=fr_FR
insmod gettext
fi
terminal_output gfxterm
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 4cf1ce08-ceeb-49eb-bae4-f2e5c2bb4d89
else
search --no-floppy --fs-uuid --set=root 4cf1ce08-ceeb-49eb-bae4-f2e5c2bb4d89
fi
insmod gfxmenu
loadfont ($root)/grub2/themes/qubes/unifont-bold-16.pf2
loadfont ($root)/grub2/themes/qubes/unifont-regular-14.pf2
loadfont ($root)/grub2/themes/qubes/unifont-regular-16.pf2
loadfont ($root)/grub2/themes/qubes/unifont-regular-32.pf2
insmod png
set theme=($root)/grub2/themes/qubes/theme.txt
export theme
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=5
fi
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/01_fallback_counting ###
insmod increment
if [ -z "${boot_counter}" ]; then
set boot_counter=0
elif [ "${boot_counter}" = "0" -o "${boot_counter}" = "-1" ]; then
increment default
set boot_counter=-1
else
decrement boot_counter
fi
save_env boot_counter
### END /etc/grub.d/01_fallback_counting ###
### BEGIN /etc/grub.d/01_menu_auto_hide ###
if [ "${boot_success}" = "1" -o "${boot_indeterminate}" = "1" ]; then
set last_boot_ok=1
else
set last_boot_ok=0
fi
# Reset boot_indeterminate after a successful boot
if [ "${boot_success}" = "1" ] ; then
set boot_indeterminate=0
save_env boot_indeterminate
# Avoid boot_indeterminate causing the menu to be hidden more then once
elif [ "${boot_indeterminate}" = "1" ]; then
set boot_indeterminate=2
save_env boot_indeterminate
fi
set boot_success=0
save_env boot_success
if [ x$feature_timeout_style = xy ] ; then
if [ "${menu_show_once}" ]; then
unset menu_show_once
save_env menu_show_once
set timeout_style=menu
unset timeout
elif [ "${menu_auto_hide}" -a "${last_boot_ok}" = "1" ]; then
set orig_timeout_style=${timeout_style}
set orig_timeout=${timeout}
if [ "${fastboot}" = "1" ]; then
# timeout_style=menu + timeout=0 avoids the countdown code keypress check
set timeout_style=menu
set timeout=0
else
set timeout_style=hidden
set timeout=1
fi
fi
fi
### END /etc/grub.d/01_menu_auto_hide ###
### BEGIN /etc/grub.d/20_linux_xen ###
menuentry 'Qubes, with Xen hypervisor' --class qubes --class gnu-linux --class gnu --class os --class xen $menuentry_id_option 'xen-gnulinux-simple-/dev/mapper/qubes_dom0-root' {
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 4cf1ce08-ceeb-49eb-bae4-f2e5c2bb4d89
else
search --no-floppy --fs-uuid --set=root 4cf1ce08-ceeb-49eb-bae4-f2e5c2bb4d89
fi
echo 'Loading Xen 4.14.6 ...'
if [ "$grub_platform" = "pc" -o "$grub_platform" = "" ]; then
xen_rm_opts=
else
xen_rm_opts="no-real-mode edd=off"
fi
multiboot2 /xen-4.14.6.gz placeholder console=none dom0_mem=min:1024M dom0_mem=max:4096M ucode=scan smt=off gnttab_max_frames=2048 gnttab_max_maptrack_frames=4096 ${xen_rm_opts}
echo 'Loading Linux 6.1.43-1.qubes.fc32.x86_64 ...'
module2 /vmlinuz-6.1.43-1.qubes.fc32.x86_64 placeholder root=/dev/mapper/qubes_dom0-root ro rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap plymouth.ignore-serial-consoles rd.driver.pre=btrfs rhgb quiet
echo 'Loading initial ramdisk ...'
module2 --nounzip /initramfs-6.1.43-1.qubes.fc32.x86_64.img
}
submenu 'Advanced options for Qubes (with Xen hypervisor)' $menuentry_id_option 'gnulinux-advanced-/dev/mapper/qubes_dom0-root' {
submenu 'Xen hypervisor, version 4.14.6' $menuentry_id_option 'xen-hypervisor-4.14.6-/dev/mapper/qubes_dom0-root' {
menuentry 'Qubes, with Xen 4.14.6 and Linux 6.1.43-1.qubes.fc32.x86_64' --class qubes --class gnu-linux --class gnu --class os --class xen $menuentry_id_option 'xen-gnulinux-6.1.43-1.qubes.fc32.x86_64-advanced-/dev/mapper/qubes_dom0-root' {
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 4cf1ce08-ceeb-49eb-bae4-f2e5c2bb4d89
else
search --no-floppy --fs-uuid --set=root 4cf1ce08-ceeb-49eb-bae4-f2e5c2bb4d89
fi
echo 'Loading Xen 4.14.6 ...'
if [ "$grub_platform" = "pc" -o "$grub_platform" = "" ]; then
xen_rm_opts=
else
xen_rm_opts="no-real-mode edd=off"
fi
multiboot2 /xen-4.14.6.gz placeholder console=none dom0_mem=min:1024M dom0_mem=max:4096M ucode=scan smt=off gnttab_max_frames=2048 gnttab_max_maptrack_frames=4096 ${xen_rm_opts}
echo 'Loading Linux 6.1.43-1.qubes.fc32.x86_64 ...'
module2 /vmlinuz-6.1.43-1.qubes.fc32.x86_64 placeholder root=/dev/mapper/qubes_dom0-root ro rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap plymouth.ignore-serial-consoles rd.driver.pre=btrfs rhgb quiet
echo 'Loading initial ramdisk ...'
module2 --nounzip /initramfs-6.1.43-1.qubes.fc32.x86_64.img
}
menuentry 'Qubes, with Xen 4.14.6 and Linux 5.15.94-1.qubes.fc32.x86_64' --class qubes --class gnu-linux --class gnu --class os --class xen $menuentry_id_option 'xen-gnulinux-5.15.94-1.qubes.fc32.x86_64-advanced-/dev/mapper/qubes_dom0-root' {
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 4cf1ce08-ceeb-49eb-bae4-f2e5c2bb4d89
else
search --no-floppy --fs-uuid --set=root 4cf1ce08-ceeb-49eb-bae4-f2e5c2bb4d89
fi
echo 'Loading Xen 4.14.6 ...'
if [ "$grub_platform" = "pc" -o "$grub_platform" = "" ]; then
xen_rm_opts=
else
xen_rm_opts="no-real-mode edd=off"
fi
multiboot2 /xen-4.14.6.gz placeholder console=none dom0_mem=min:1024M dom0_mem=max:4096M ucode=scan smt=off gnttab_max_frames=2048 gnttab_max_maptrack_frames=4096 ${xen_rm_opts}
echo 'Loading Linux 5.15.94-1.qubes.fc32.x86_64 ...'
module2 /vmlinuz-5.15.94-1.qubes.fc32.x86_64 placeholder root=/dev/mapper/qubes_dom0-root ro rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap plymouth.ignore-serial-consoles rd.driver.pre=btrfs rhgb quiet
echo 'Loading initial ramdisk ...'
module2 --nounzip /initramfs-5.15.94-1.qubes.fc32.x86_64.img
}
}
submenu 'Xen hypervisor, version 4.14.6.config' $menuentry_id_option 'xen-hypervisor-4.14.6.config-/dev/mapper/qubes_dom0-root' {
menuentry 'Qubes, with Xen 4.14.6.config and Linux 6.1.43-1.qubes.fc32.x86_64' --class qubes --class gnu-linux --class gnu --class os --class xen $menuentry_id_option 'xen-gnulinux-6.1.43-1.qubes.fc32.x86_64-advanced-/dev/mapper/qubes_dom0-root' {
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 4cf1ce08-ceeb-49eb-bae4-f2e5c2bb4d89
else
search --no-floppy --fs-uuid --set=root 4cf1ce08-ceeb-49eb-bae4-f2e5c2bb4d89
fi
echo 'Loading Xen 4.14.6.config ...'
if [ "$grub_platform" = "pc" -o "$grub_platform" = "" ]; then
xen_rm_opts=
else
xen_rm_opts="no-real-mode edd=off"
fi
multiboot /xen-4.14.6.config placeholder console=none dom0_mem=min:1024M dom0_mem=max:4096M ucode=scan smt=off gnttab_max_frames=2048 gnttab_max_maptrack_frames=4096 ${xen_rm_opts}
echo 'Loading Linux 6.1.43-1.qubes.fc32.x86_64 ...'
module /vmlinuz-6.1.43-1.qubes.fc32.x86_64 placeholder root=/dev/mapper/qubes_dom0-root ro rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap plymouth.ignore-serial-consoles rd.driver.pre=btrfs rhgb quiet
echo 'Loading initial ramdisk ...'
module --nounzip /initramfs-6.1.43-1.qubes.fc32.x86_64.img
}
menuentry 'Qubes, with Xen 4.14.6.config and Linux 5.15.94-1.qubes.fc32.x86_64' --class qubes --class gnu-linux --class gnu --class os --class xen $menuentry_id_option 'xen-gnulinux-5.15.94-1.qubes.fc32.x86_64-advanced-/dev/mapper/qubes_dom0-root' {
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 4cf1ce08-ceeb-49eb-bae4-f2e5c2bb4d89
else
search --no-floppy --fs-uuid --set=root 4cf1ce08-ceeb-49eb-bae4-f2e5c2bb4d89
fi
echo 'Loading Xen 4.14.6.config ...'
if [ "$grub_platform" = "pc" -o "$grub_platform" = "" ]; then
xen_rm_opts=
else
xen_rm_opts="no-real-mode edd=off"
fi
multiboot /xen-4.14.6.config placeholder console=none dom0_mem=min:1024M dom0_mem=max:4096M ucode=scan smt=off gnttab_max_frames=2048 gnttab_max_maptrack_frames=4096 ${xen_rm_opts}
echo 'Loading Linux 5.15.94-1.qubes.fc32.x86_64 ...'
module /vmlinuz-5.15.94-1.qubes.fc32.x86_64 placeholder root=/dev/mapper/qubes_dom0-root ro rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap plymouth.ignore-serial-consoles rd.driver.pre=btrfs rhgb quiet
echo 'Loading initial ramdisk ...'
module --nounzip /initramfs-5.15.94-1.qubes.fc32.x86_64.img
}
}
}
### END /etc/grub.d/20_linux_xen ###
### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###
### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###
### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###
A post was merged into an existing topic: Impossible de booter sur QubesOS 4.1.2
That’s where the mistake is. From what @apparatus said, there should be two files orgininally:
It’s grub.cfg
that needs to be renamed to become bootx64.cfg
. Not the other one! (Even if the names look similar and that’s an easy mistake to make.)
I’m not sure about this, but I suspect that for some reason Qubes OS doesn’t use grubx64.cfg
or something along those lines. @apparatus likely knows.
Yann7
November 17, 2023, 12:53am
8
That’s where the mistake is. From what @apparatus said, there should be two files orgininally:
It’s grub.cfg
that needs to be renamed to become bootx64.cfg
. Not the other one! (Even if the names look similar and that’s an easy mistake to make.)
I’m not sure about this, but I suspect that for some reason Qubes OS doesn’t use grubx64.cfg
or something along those lines. @apparatus likely knows.
There was only grubx64.cfg and no grub.cfg file
I don’t know then. @apparatus will be able to tell if the content of the file is what’s expected.
Looks like the grub config file content is correct.
But Qubes OS don’t use (and I think never did use) grubx64.cfg as config file and only used grub.cfg config file name so it seems strange to me that you have grubx64.cfg instead of grub.cfg.
Just to make sure, did you follow the guide and first copied directory /mnt/EFI/qubes/ to /mnt/EFI/BOOT/ and then renamed files in BOOT directory? You didn’t rename files in /mnt/EFI/qubes/ directory?
Yann7
November 17, 2023, 1:35am
11
I just rename also the files of EFI/qubes grubx64.efi and grubx64.efi in bootx64.efi and bootx64.cfg but I did not have time to test it (and it was really grubx64 for both I remember well); I rename it to grub.efi and grub.cfg to test it.
You shouldn’t rename files in /EFI/qubes/ directory, only in /EFI/BOOT/ directory.
Can you double check that you’re booting from correct drive? Check the boot order in BIOS.
Or you can add EFI boot entry with efibootmgr:
boot like before, and make sure your external ssd is /dev/sda (it could change, run lsblk first, if it’s still /dev/sda then no need to change command below, if it was /dev/sdb or /dev/sdc, change the /dev/sda below to /dev/sdb or /dev/sdc).
mount /dev/sda2 /mnt
mount /dev/sda1 /mnt/efi
cp /mnt/efi/EFI/qubes/grubx64.efi /mnt/efi/EFI/boot/bootx64.efi
cp /mnt/efi/EFI/qubes/grub.cfg /mnt/efi/EFI/boot/bootx64.cfg
efibootmgr -v -c -u -L "TheEnemy1" -l /EFI/boot/bootx64.efi -d /dev/sda -p 1
reboot
b…
Yann7
November 17, 2023, 2:04am
13
Thank you very much, it works again.
By cons I had seen the empty EFI/BOOT directory before I filled in EFI/qubes, I hope it will stay that way in the future (as I am at home with another computer, I could fix the problem but if it does it again when I am elsewhere, I would be blocked for the day).
1 Like
If you’ve got a moment to update the other thread with what you did, that’d be fantastic and would enhance the knowledge base in French too!
I’ve marked @apparatus ’s last reply as the solution @Yann7 . That allows to highlight that post at the begining of the thread and will make it easier for future people with similar issues to find it.
That is something that you can do yourself if you want by using the little “checkbox” icon at the bottom of the post.
Of course, if I picked the wrong one, please feel free to correct it!
1 Like
The files in EFI/BOOT directory won’t be updated when you install new kernel. You need to also create a hook so that the files in this directory will be updated automatically on kernel update:
opened 02:53PM - 15 Jul 23 UTC
T: bug
P: default
needs diagnosis
affects-4.1
C: boot
### Qubes OS release
R4.1 and R4.2
### Brief summary
When making a raw … disk backup from a Qubes installed to an internal hard drive to an external hard drive, the external hard drive is unbootable.
raw disk backup means a backup using `dd` or 1 to 1 exact copy.
### Steps to reproduce
1. install Qubes normally on a computer that only support EFI booting on the internal harddrive
2. reboot
3. brief test that Qubes is working normally (yes)
4. shutdown Qubes
5. boot from an external drive, boot a live DVD or live USB such as Debian Live
6. perform a raw disk backup from the internal disk to the external disk
7. unplug that disk and try to boot from it in a different computer (or the same Qubes computer)
([example instructions for raw disk backups](https://www.kicksecure.com/wiki/Raw_Disk_Backup))
### Expected behavior
The raw disk backup of Qubes is bootable.
### Actual behavior
The raw disk backup of Qubes is unbootable.
### Additional information
According to my research that might be because of missing entries in the EFI firmware's NVRAM which is stored on the motherboard. Unfortunately, the EFI boot process doesn't seem by default to be self-contained on 1 harddrive but require extra settings stored outside harddrives on the motherboard (EFI NVRAM).
Using `grub2-install` with options `--removable` / `--force-extra-removable` during Qubes installation might help?
> [--removable](https://manpages.debian.org/bookworm/grub2-common/grub-install.8.en.html#removable)
> the installation device is removable. This option is only available on EFI.
> [--force-extra-removable](https://manpages.debian.org/bookworm/grub2-common/grub-install.8.en.html#force~2)
> force installation to the removable media path also. This option is only available on EFI.
Qubes does not have good support for multiboot support anyhow:
* https://github.com/QubesOS/qubes-issues/issues/8351
* https://www.qubes-os.org/faq/#can-i-install-qubes-os-together-with-other-operating-system-dual-bootmulti-boot
* It's "patches welcome". (And that's okay.)
This ticket is not a feature request to improve multiboot support. Why do I mention this? Because otherwise, when considering options `--removable` / `--force-extra-removable` one *might* argue "but that breaks mutliboot support". I would argue that being able to boot a raw disk backup of Qubes is more important than mutliboot support.
[Why do I like full raw disk backups? See this link.](https://forum.qubes-os.org/t/how-do-you-organize-your-backups/3986/16?u=adrelanos)
Manually updating the NVRAM can be challenging:
* It's vendor dependent because of many different EFI BIOS versions.
* Some BIOS don't even have such an option.
* Might require booting into an operating system installed on USB and running console commands to fix it.
* Difficult, impossible for far most users to do or even to find instructions for it.
Qubes with legacy BIOS booting as far as I remember didn't have this issue. However, never notebooks sometimes (or often, dunno) don't even support legacy BIOS booting anymore. Therefore "use legacy BIOS booting" is a non-solution. Also not a good long term solution in either case because of Qubes planned Secure Boot support.
This bug might also make Qubes "non-portable". Meaning, Qubes installed to an external drive such as a USB SSD might be bootable on the computer where it was installed but unbootable when attempting to boot the same Qubes USB SSD on another computer. I didn't test this very part mentioned in this very chapter. Anaconda by Fedora might be using `grub2-install` with options `--removable` / `--force-extra-removable` already when installing to external devices (USB) instead of internal harddrive.
Where is the Qubes code which defines bootloader / grub2 / EFI installation? Or is this currently all done by upstream's Anaconda?
@apparatus This is the relevant section of the issue, am I correct? (I’m trying to help @Yann7 read through it.)
Based on that, the /etc/kernel/postinst.d
hook folder could be utilized for automatically creating the EFI fallback bootloader file.
File:
/etc/kernel/postinst.d/zzz-50-efi-default-bootloader
Content:
#!/bin/sh
set -e
if [ "$1" = "configure" ]; then
if [ -d "/boot/efi/EFI/qubes" ]; then
cp -r /boot/efi/EFI/qubes/* /boot/efi/EFI/BOOT/
mv /boot/efi/EFI/BOOT/grubx64.efi /boot/efi/EFI/BOOT/BOOTX64.efi
mv /boot/efi/EFI/BOOT/grub.cfg /boot/efi/EFI/BOOT/BOOTX64.cfg
fi
fi
exit 0
File naming reasoning:
On Debian unfortunately there is a imo badly named file /etc/kernel/postinst.d/zz-update-grub
. For the script to run after zz-update-grub
, it needs to start for example with zzz
.
Status:
Not yet tested. Please let me know if this looks conceivable. Happy to test and send a pull request.
Subsidiary question (kinda off-topic): do you know what Debian has to do with that if dom0 is Fedora-based? (I feel I’m missing smtg important, and that dom0 may not have anything to to with booting…)
That’s right.
I think it’s a consideration to make this solution distribution-independent so it won’t break in the future if Qubes OS will use Debian in dom0 instead of Fedora.
1 Like