Tiny Core Linux

Tiny Core Base => CorePlus => Topic started by: Sashank999 on November 24, 2021, 11:44:46 PM

Title: TCL CorePlus, UEFI Secure Boot, Shim or LF Loader
Post by: Sashank999 on November 24, 2021, 11:44:46 PM
Hi!

Its been a long time since I visited this forum again.

Can I boot the TCL Coreplus ISO on my 64-bit Secure Boot enabled UEFI laptop ?

My laptop does not work when Secure Boot is disabled. It doesn't boot at all when Secure Boot is disabled, even when I try to boot TCL from a 2 GB USB. I don't know what to do.

I did some basic Google searching and I found that there are 2 ways to do this. Shim and "LF Loader"/PreLoader.
The PreLoader works by installing hash of the pre-loader created by Linux Foundation into the NVRAM of the system. And then, the "loader.efi" loads the bootloader(syslinux or GRUB 2) and Linux
- https://askubuntu.com/questions/594747/how-to-use-the-linux-foundations-preloader
- https://blog.hansenpartnership.com/linux-foundation-secure-boot-system-released/

Regarding Shim, I honestly have no idea what it is or how it works.

The only thing I need is to boot TCL on my Secure Boot enabled UEFI laptop from my 2GB USB. I have OpenSSL installed on Windows 10 for Git so (I think) I can sign binaries or kernels myself. If I need to sign the TCL kernel for it to boot on my PC, can you please show me the way please ?
Title: Re: TCL CorePlus, UEFI Secure Boot, Shim or LF Loader
Post by: gadget42 on November 25, 2021, 12:06:12 AM
make sure windows is allowing your machine to shut down completely.
to confirm this is the case you will need to check the "power settings" area.
(there should be some "advanced" setting named "rapid-start" or "quick-start" which needs to be "off" / unchecked)
(make sure after you find it and uncheck it that you also save that change in settings)

***also note that windows can and will turn this feature back on without the user necessarily knowing that this occurred***
Title: Re: TCL CorePlus, UEFI Secure Boot, Shim or LF Loader
Post by: PDP-8 on November 25, 2021, 01:02:17 PM
The most convenient way to deal with this on that modern machine is not to use CorePlus, but TinyCorePure64 loaded by Ventoy which easily deals with Secure-boot.

You create the Ventoy drive with the secure-boot option dropdown.  Copy TCPure64 iso to it.

Reboot and enroll the keys for your machine.  Once done, it will be recognized normally thereafter.  See the Ventoy project for more details.

Of course, in this environment, it won't recognize the cde directory, so standard procedure is to either copy cde directory from the iso you mounted previously, rename it to tce -  to a supported external filesystem, or build up from an initial commandline environment setting your tce location manually.  (tce-setdrive et al)