Description of problem: Live USB EFI boot attempts to decrypt LUKS partitions (and assembles MD/DM devices) on existing storage devices attached when the Live USB is booted. In BIOS/Syslinux boot, the Live USB correctly ignores LUKS, MD, and DM devices. Version-Release number of selected component (if applicable): livecd-tools-16.6-1.fc16.x86_64 How reproducible: always Steps to Reproduce: 1. livecd-iso-to-disk --format --efi Live.iso /dev/sdX 2. boot USB Actual results: EFI/boot/bootx64.conf contains: default=0 splashimage=/EFI/boot/splash.xpm.gz timeout 10 hiddenmenu title Fedora-16-TC-x86_64-Live-Desktop kernel /EFI/boot/vmlinuz0 root=live:UUID=D2D8-FDDC rootfstype=vfat ro liveimg LANG=en_US.UTF-8 quiet rhgb initrd /EFI/boot/initrd0.img title Verify and Boot Fedora-16-TC-x86_64-Live-Desktop kernel /EFI/boot/vmlinuz0 root=live:UUID=D2D8-FDDC rootfstype=vfat ro liveimg LANG=en_US.UTF-8 quiet rhgb rd.live.check initrd /EFI/boot/initrd0.img whereas syslinux.cfg contains: label linux0 menu label ^Start Fedora 16 kernel vmlinuz0 append initrd=initrd0.img root=live:UUID=D2D8-FDDC rootfstype=vfat ro liveimg LANG=en_US.UTF-8 quiet rhgb rd.luks=0 rd.md=0 rd.dm=0 menu default menu separator menu begin ^Troubleshooting menu title Troubleshooting label basic0 menu label Start Fedora 16 in ^basic graphics mode. kernel vmlinuz0 append initrd=initrd0.img root=live:UUID=D2D8-FDDC rootfstype=vfat ro liveimg LANG=en_US.UTF-8 quiet rhgb rd.luks=0 rd.md=0 rd.dm=0 xdriver=vesa nomodeset text help Try this option out if you're having trouble installing Fedora 16. endtext label check0 menu label ^Test this media & start Fedora 16 kernel vmlinuz0 append initrd=initrd0.img root=live:UUID=D2D8-FDDC rootfstype=vfat ro liveimg LANG=en_US.UTF-8 quiet rhgb rd.luks=0 rd.md=0 rd.dm=0 rd.live.check Expected results: EFI/boot/bootx64.conf should have the same kernel options appended: default=0 splashimage=/EFI/boot/splash.xpm.gz timeout 10 hiddenmenu title Fedora-16-TC-x86_64-Live-Desktop kernel /EFI/boot/vmlinuz0 root=live:UUID=D2D8-FDDC rootfstype=vfat ro liveimg LANG=en_US.UTF-8 quiet rhgb rd.luks=0 rd.md=0 rd.dm=0 initrd /EFI/boot/initrd0.img title Verify and Boot Fedora-16-TC-x86_64-Live-Desktop kernel /EFI/boot/vmlinuz0 root=live:UUID=D2D8-FDDC rootfstype=vfat ro liveimg LANG=en_US.UTF-8 quiet rhgb rd.luks=0 rd.md=0 rd.dm=0 rd.live.check initrd /EFI/boot/initrd0.img Additional info:
Discussed at the 2011-10-24 QA meeting functioning as a blocker review meeting. Agreed that the impact of this is likely to be limited due to the multiple conditions needed to hit it: 1) Doing an EFI install 2) From the live image written to a USB stick3 3) With RAID or LUKS partitions present so, rejected as a blocker. Also, the bug is in the USB-writing tool - not the images themselves - so this can adequately be fixed with an update. Rejected as NTH as well. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
FYI, this bug does affect the generated Live.iso images as well when booted in EFI mode. Not sure if that is enough for a blocker, but it isn't so easy to regenerate the Live images after release. With the switch to GPT-by-default, some systems are now required to boot via EFI. You could say that those systems have buggy BIOS implementations, but then again, booting GPT via BIOS isn't really a "supported" thing as far as the GPT standards go, and is really a hack IMO.
The problem is actually in python-imgcreate, it doesn't add the dracut args to the grub.conf file when it is created so this will hit iso and usb on EFI.
per comment #3, the bug will actually affect the image when written to a CD as well, so we could re-consider NTH status. I'm re-proposing as NTH and re-voting +1 NTH. Others?
If this does indeed affect the livecd isos, then I'm +1 NTH as well.
As Brian has a trivial fix for this already, clearly +1 NTH
im +1 for nth here
livecd-tools-16.7-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/livecd-tools-16.7-1.fc16
so, we now accept this as NTH. update needs karma.
Package livecd-tools-16.7-1.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing livecd-tools-16.7-1.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2011-14893 then log in and leave karma (feedback).
livecd-tools-16.7-1.fc16.x86_64 Does not fix the originally reported problem: [root@t cra]# livecd-iso-to-disk --format --efi Fedora-16-TC-x86_64-Live-Desktop.iso /dev/sdc Verifying image... /home/cra/Fedora-16-TC-x86_64-Live-Desktop.iso: 541ec71a9f2438669763863b5abfff87 Fragment sums: b2678385c14b222d876d1562e7688ba775e45e1c43d533639aafa3217e9b Fragment count: 20 Press [Esc] to abort check. Checking: 100.0% The media check is complete, the result is: PASS. It is OK to use this media. WARNING: THIS WILL DESTROY ANY DATA ON /dev/sdc!!! Press Enter to continue or ctrl-c to abort wipefs: WARNING: /dev/sdc: appears to contain 'gpt' partition table Waiting for devices to settle... mkdosfs 3.0.11 (24 Dec 2010) Copying live image to target device. squashfs.img 601718784 100% 159.57MB/s 0:00:03 (xfer#1, to-check=0/1) sent 601792309 bytes received 31 bytes 171940668.57 bytes/sec total size is 601718784 speedup is 1.00 osmin.img 8192 100% 0.00kB/s 0:00:00 (xfer#1, to-check=0/1) sent 8265 bytes received 31 bytes 16592.00 bytes/sec total size is 8192 speedup is 0.99 Updating boot config file Installing boot loader Target device is now set up with a Live image! [root@t cra]# mkdir /mnt/tmp [root@t cra]# mount /dev/sdc1 /mnt/tmp [root@t boot]# cat /mnt/tmp/EFI/boot/bootx64.conf default=0 splashimage=/EFI/boot/splash.xpm.gz timeout 10 hiddenmenu title Fedora-16-TC-x86_64-Live-Desktop kernel /EFI/boot/vmlinuz0 root=live:UUID=6021-58A0 rootfstype=vfat ro liveimg LANG=en_US.UTF-8 quiet rhgb initrd /EFI/boot/initrd0.img title Verify and Boot Fedora-16-TC-x86_64-Live-Desktop kernel /EFI/boot/vmlinuz0 root=live:UUID=6021-58A0 rootfstype=vfat ro liveimg LANG=en_US.UTF-8 quiet rhgb rd.live.check initrd /EFI/boot/initrd0.img
If I'm reading things correctly, then livecd-iso-to-disk only copies the bootx64.conf from the source ISO, and only appends extra kernelargs if they are passed with --extra-kernel-args: --extra-kernel-args) kernelargs=$2 shift echo "Updating boot config file" # adjust label and fstype if [ -n "$LANG" ]; then kernelargs="$kernelargs LANG=$LANG" fi sed -i -e "s/CDLABEL=[^ ]*/$TGTLABEL/" -e "s/rootfstype=[^ ]*/rootfstype=$TGTFS/" -e "s/LABEL=[^ ]*/$TGTLABEL/" $BOOTCONFIG $BOOTCONFIG_EFI if [ -n "$kernelargs" ]; then sed -i -e "s/liveimg/liveimg ${kernelargs}/" $BOOTCONFIG $BOOTCONFIG_EFI fi if [ "$LIVEOS" != "LiveOS" ]; then sed -i -e "s;liveimg;liveimg live_dir=$LIVEOS;" $BOOTCONFIG $BOOTCONFIG_EFI fi So if that is the case, then I need to create a new Live image in order to test this? Can someone do that and upload the image somewhere or show me how to do it? Thanks.
(In reply to comment #12) > So if that is the case, then I need to create a new Live image in order to test > this? Can someone do that and upload the image somewhere or show me how to do > it? Thanks. That is correct, the problem was in livecd-creator so you need an iso built with it.
creating a live image is reasonably easy. I do it like this... I have a ~/local/live directory, with spin-kickstarts checked out of git as a sub-directory of that dir. It also has subdirs named 'tmp' and 'cache'. To create a live image I do: livecd-creator -c spin-kickstarts/fedora-livecd-desktop.ks -f adamw-20111011-x86_64 -t /home/adamw/local/live/tmp/ --cache=/home/adamw/local/live/cache/ -v the -f parameter gives the name of the generated live image (it'll determine the file name and the volume label and stuff), and the -t and --cache parameters tell it where to put various files it uses during the generation process (putting them in my home directory speeds things up as it keeps them around for re-use on future runs; if you don't specify, I think half of them go in /var and thus use up space on the / partition, and half of them go in /tmp and thus get blown away soon after). The -c parameter specifies which kickstart file to use as a base; obviously you can pick whichever one from spin-kickstarts you want.
Failure with livecd-tools-16.7-1.fc16.x86_64: Unmounting directory /home/cra/live/tmp/imgcreate-KXLSM6/install_root Losetup remove /dev/loop0 Traceback (most recent call last): File "/usr/bin/livecd-creator", line 210, in <module> sys.exit(main()) File "/usr/bin/livecd-creator", line 194, in main creator.configure() File "/usr/lib/python2.7/site-packages/imgcreate/creator.py", line 718, in configure self._create_bootconfig() File "/usr/lib/python2.7/site-packages/imgcreate/live.py", line 232, in _create_bootconfig self._configure_bootloader(self.__ensure_isodir()) File "/usr/lib/python2.7/site-packages/imgcreate/live.py", line 764, in _configure_bootloader self._configure_efi_bootloader(isodir) File "/usr/lib/python2.7/site-packages/imgcreate/live.py", line 744, in _configure_efi_bootloader cfg += self.__get_efi_image_stanzas(isodir, self.name) File "/usr/lib/python2.7/site-packages/imgcreate/live.py", line 703, in __get_efi_image_stanzas if self.isDracut: AttributeError: 'x86LiveImageCreator' object has no attribute 'isDracut'
Created attachment 530219 [details] proposed fix Rather than implement separate checking for a dracut-style initramfs in __get_efi_image_stanzas(), just always add the rd.* arguments to the kernel_options. There should be no harm for non-dracut initrd's (they will just ignore the rd.* options), and do we really care about those for Fedora anymore anyway? I tested 16.7 with this additional patch, and the generated live.iso has the correct rd.* arguments added to grub.conf/bootx64.conf. Please apply and submit update quickly before F16 RC. Thanks :-)
Shouldn't it just be self._isDracut ? It seems like that was the intention with http://git.fedorahosted.org/git/?p=livecd;a=commitdiff;h=b7816d38ec991eedc2cf422d0539f8321775e65b. It might not be so pretty that _isDracut is created and assigned as a side effect of __get_image_stanzas from _configure_syslinux_bootloader, but __get_efi_image_stanzas will depend on it anyway when it calls __get_efi_image_stanza.
livecd-tools-16.8-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/livecd-tools-16.8-1.fc16
Yeah, operator error. I had _isDracut on my working tree when I tested, but forgot to commit it before pushing things. Should be fixed now, please test and add karma to the package.
Package livecd-tools-16.8-1.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing livecd-tools-16.8-1.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2011-14938 then log in and leave karma (feedback).
livecd-tools-16.8-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
unfortunately the fix for this didn't make F16 RC1 or RC2, it was missed from the buildroot. if we spin an RC3 this will be fixed. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
Fix confirmed in RC2-respin.