Closed johanneskastl closed 2 months ago
ISO doesn't have any GPT/MBR, it's an ISO. Both "regular" and "secureboot" ISOs work.
I think you're checking disk image vs. an ISO.
I was talking about a USB stick after putting the ISO on it using dd
. That is normal procedure to use ISOs (without actually burning a CD/DVD). And it works with the non-secureboot talos ISO.
This is the partition table of a USB stick after dd'ing the normal ISO to it:
Number Start (sector) End (sector) Size Code Name
1 64 335 136.0 KiB 0700 Gap0
2 336 6095 2.8 MiB EF00 EFI boot partition
3 6096 186503 88.1 MiB AF00 HFSPLUS
4 186504 187103 300.0 KiB 0700 Gap1
I thought giving the specifics would be a better way to get an answer than just "ISO does not boot..." ;-)
It could of course be an issue with the specific hardware I have, hardware is picky with UEFI and secureboot.
It could of course be an issue with the specific hardware I have, hardware is picky with UEFI and secureboot.
I could boot a openSUSE LIVE stick using secureboot without issues, so I daresay the Talos stick is not recognized due to the missing "content" (aka the UEFI does not find at least the EFI partition on the stick).
I don't have a specific answer here, but I'm pretty sure it works, you can try booting off it in QEMU for example.
$ file _out/metal-amd64.iso
_out/metal-amd64.iso: ISO 9660 CD-ROM filesystem data (DOS/MBR boot sector) 'ISOIMAGE' (bootable)
$ file _out/metal-amd64-secureboot.iso
_out/metal-amd64-secureboot.iso: ISO 9660 CD-ROM filesystem data 'Talos Secure Boot ISO' (bootable)
SecureBoot ISO will only work with UEFI systems (even with SecureBoot disabled).
you would not see partitions since SecureBoot iso is a UKI
@smira, is there a generic secureboot ISO? I found none in the official release page. Is it only available in the image-factory?
you would not see partitions since SecureBoot iso is a UKI
OK, but still somehow the UEFI needs to find something to boot. How would I put the UKI (or its content) on a USB stick?
@smira, is there a generic secureboot ISO? I found none in the official release page. Is it only available in the image-factory?
There can't be "generic" ISO, as it's signed by Sidero Labs key. You can build your own though.
you would not see partitions since SecureBoot iso is a UKI
OK, but still somehow the UEFI needs to find something to boot. How would I put the UKI (or its content) on a USB stick?
just dd
the ISO to the USB, this works. If it doesn't that's something with your hardware.
@smira, is there a generic secureboot ISO? I found none in the official release page. Is it only available in the image-factory?
There can't be "generic" ISO, as it's signed by Sidero Labs key. You can build your own though.
That is what I meant, just the plain contents without any user modifications.
I'll build one without any modifications and try that.
OK, but still somehow the UEFI needs to find something to boot. How would I put the UKI (or its content) on a USB stick?
just
dd
the ISO to the USB, this works. If it doesn't that's something with your hardware.
OK, apparently the hardware is not capable of booting from this ISO. I'll stop wasting my time and go without Secure Boot.
Thanks for the quick replies.
Hi,
I am trying to get a baremetal machine installed used secure boot. When downloading the "normal" ISO and putting it on a USB stick using
dd
, there are several partitions on the stick and the stick is recognized as a bootable device.When doing the same with the metal-amd64-secureboot.iso generated by the Talos image-factory, the stick does not have any partitions (neither GPT nor MBR) and is not recognized as bootable.
I found no generic secureboot-enabled ISO in the general downloads section, and the secure boot documentation also pointed my to the Factory.
So, how do I get the ISO to boot?
Kind Regards, Johannes