daniel/furtka
1
1
Fork 0
Code Issues 1 Pull requests Projects 1 Releases 13 Packages Wiki Activity Actions

docs: capture UEFI + Secure Boot gotchas in iso/README.md
Some checks failed
CI / lint (push) Successful in 42s
Details
CI / test (push) Successful in 47s
Details
CI / validate-json (push) Successful in 38s
Details
CI / markdown-links (push) Failing after 2s
Details

Browse source 
These two cost us real time tonight — SeaBIOS failing at ldlinux.c32,
then OVMF rejecting our unsigned GRUB with "Access Denied" until we
disabled Secure Boot in the firmware setup menu. Also flagged the
silent browser-upload truncation and the two known drive-list bugs
surfaced during the first live boot.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Daniel Maksymilian Syrnicki 2026-04-13 23:57:54 +02:00
parent a535debf2e
commit 7f15543f1c
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
iso/README.md
View file

@ -34,9 +34,11 @@ mDNS (`proksi.local`) via avahi is installed but not yet wired. First milestone
## Test flow ## Test flow
1. Build: `./iso/build.sh` 1. Build: `./iso/build.sh`
2. Copy the ISO to your Proxmox host's ISO storage (typically `/var/lib/vz/template/iso/`) 2. Copy the ISO to your Proxmox host's ISO storage (typically `/var/lib/vz/template/iso/`). Browser uploads of 1.5 GB truncate silently — prefer `scp` over the Proxmox WebUI.
3. Create a VM with: 3. Create a VM with:
- 2 vCPU, 4 GB RAM, 20 GB disk (empty) - 2 vCPU, 4 GB RAM, 20 GB disk (empty)
- **BIOS: OVMF (UEFI)**, add EFI Disk on `local-lvm`. SeaBIOS fails to load `ldlinux.c32` from our ISO; only the UEFI path works reliably.
- **Secure Boot disabled**. Our GRUB isn't signed, so Secure Boot rejects it with `Access Denied`. Either boot into OVMF setup (Esc during boot) → Device Manager → Secure Boot Configuration → Attempt Secure Boot [ ] → F10 → reboot. Or remove the EFI Disk and re-add it with "Pre-Enroll keys" unchecked.
- CD-ROM attached with the Furtka ISO - CD-ROM attached with the Furtka ISO
- Boot order: CD before disk - Boot order: CD before disk
- Network: same bridge as your LAN, DHCP - Network: same bridge as your LAN, DHCP
@ -50,3 +52,5 @@ mDNS (`proksi.local`) via avahi is installed but not yet wired. First milestone
- **Flask `/` route** returns "Hello World" instead of redirecting to `/install/step1`. Harmless but surprising; will be cleaned up when we wire up screens 48. - **Flask `/` route** returns "Hello World" instead of redirecting to `/install/step1`. Harmless but surprising; will be cleaned up when we wire up screens 48.
- **No HTTPS yet**. The Furtka plan is "local CA + green padlock on `https://proksi.local`" — that's a later milestone. For now, plain HTTP. - **No HTTPS yet**. The Furtka plan is "local CA + green padlock on `https://proksi.local`" — that's a later milestone. For now, plain HTTP.
- **archinstall is not invoked**. The wizard collects input but doesn't write to disk yet. Still a walking skeleton, not an installer. - **archinstall is not invoked**. The wizard collects input but doesn't write to disk yet. Still a walking skeleton, not an installer.
- **Drive list includes `/dev/loop0` and `/dev/sr0`**. `/dev/loop0` is the live ISO's own squashfs mounted in RAM; `/dev/sr0` is the CD-ROM itself. Both appear as install targets, which is wrong. Filter lives in `webinstaller/drives.py` and hasn't been added yet.
- **GRUB menu still says "Arch Linux install medium"**. We inherit releng's bootloader config. Cosmetic, fix when we care about end-user polish.