With legacy BIOS I was able to add unattended installation files to SLES boot media by copying the DVD media to a folder, adding my unattended installation files to this folder, then creating a bootable iso image by running mkisofs:
mkisofs -r -o /tmp/.iso -b boot/x86_64/loader/isolinux.bin -c boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table .
I could burn a DVD with the iso in /tmp and boot from it (and install SLES with it). This no longer works with UEFI enabled as that mkisofs cmd does not capture the efi boot loader. After reading this forum, I tried this:
but that doesn’t work either (UEFI +Secure Boot rejects it). I also tried using ultraiso to open the original SUSE iso, add some files, and then save it. That resulting iso won’t boot either (if UEFI enabled). Anyone know how to capture both Legacy BIOS and EFI boot using mkisofs to recreate the Build media?
Could this be intentionally no longer possible - violation of security model?
Hi
I would say it’s the enrolment of the secure boot keys into the system BIOS, especially if the system has never been booted with SLE. You need to use shim.efi for secure boot as well.
Is it possible to create a bootable iso image (UEFI + Secure Boot) using mkisofs or genisoimage on SLES11 SP3 x86_64? If so, how?
I have installed SLES11 SP3 x86_64 on my server configured for UEFI + Secure Boot. I want to create my own SLES 11 SP3 build media that contains everything in the original iso image but with an additional folder containing unattended installation files. So I copy the entire build media to a folder, add my files, then run mkisofs to create an iso image. I have been doing this with SLES build media since SLES9. So far all my attempts of using mkisofs to capture the efi boot loader have failed - at boot time the loader is rejected. It seems that adding ‘eltorito-alt-boot -b EFI/BOOT/bootx64.efi’ to the mkisofs command does not help.
shim.efi didn’t work either. Resulting iso still won’t boot:
mkisofs -r -o /tmp/.iso -b boot/x86_64/loader/isolinux.bin -c boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -eltorito-alt-boot -b EFI/BOOT/shim.efi -no-emul-boot .
Also tried every other efi file in EFI/BOOT
Perhaps this can’t be done with SLES11 (mkisofs and genisoimage versions too old?)
Hi
If you run fdisk -l <someiso.iso> you will see there are two partitions
(one for the efi) AFAIK, kiwi is used for the images these days, maybe
you can investigate that?
–
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel
3.12.43-52.6-default If you find this post helpful and are logged into
the web interface, please show your appreciation and click on the star
below… Thanks!
Got it sorted out. For SLES11 SP4 x86_64 the command that works for me is (executed from the root directory containing all the DVD files from the distribution plus the ones I add):