kexec-iso-init: inject casper-premount script to mount ISO as loopback#2084
Closed
kexec-iso-init: inject casper-premount script to mount ISO as loopback#2084
Conversation
- Add check_hybrid_iso() using MBR signature at offset 510 (0x55AA) - Add detect_iso_boot_method() to extract boot params from initrd via strings - Add inspect_iso_boot_config() to extract boot params from GRUB configs - Simplify header to document Dracut vs Anaconda boot methods - Use DEBUG level for NOTE/WARN/STATUS spam per logging.md - Change terminal prompts to [Y,d] style with Enter defaulting to yes - Remove Anaconda blocking - let user attempt boot (Qubes R4.3 works) - Keep combined boot params approach (let ISO initrd pick what it needs) Tested with Qubes R4.3 on Q35 QEMU (works). Ref: #2083, #2008
Add resolve_grub_vars() to substitute GRUB variables like ${iso_path}
and ${isofile} with the actual ISO path when extracting boot params
from GRUB configs.
Fixes boot failure where iso-scan/filename=${iso_path} wasn't being
resolved to the actual ISO path.
Ref: #2083
Add TRACE/DEBUG to understand how boot parameters flow through kexec-boot.sh, especially the cmdline and cmdadd parameters. Ref: #2083
Kicksecure and similar GRUB configs have 'iso-scan/filename=${iso_path}' or
'findiso=${iso_path}' where ${iso_path} is never resolved, causing boot
failures. Strip these unresolved variables so ADD params take effect.
Previously using bs=2 skip=255 which is wrong offset (510). MBR signature bytes 0x55 0xAA at offset 510 indicate a hybrid ISO that can boot from USB.
…ction - MBR signature 0x55AA at offset 510 indicates USB/hard drive boot support - EFI PART magic at offset 512 indicates GPT/EFI boot support - Both required for true hybrid ISO (can boot as USB and in EFI mode)
- Hybrid detection: check MBR sig at offset 510 AND EFI PART magic at offset 512
- strip_unresolved_iso_vars: also remove orphan iso-scan/filename= params left after ${iso_path} is stripped
- confirm_menu_option: handle whiptail exit code separately for DEBUG tracing
- user_select: add DEBUG traces for force_boot/skip_confirm paths
- kexec-parse-boot: call strip_unresolved_iso_vars in grub_entry
…trace MBR signature 0x55AA at offset 510 is the standard hybrid ISO indicator. EFI PART magic check at offset 512 is unreliable - Kicksecure has no GPT header but is hybrid. Revert to MBR-only detection. kexec-boot: add DEBUG trace showing adjusted_cmd_line and kexectype before kexec execution.
… mode DEBUG writes to /dev/console which disrupts INPUT in raw terminal mode.
GRUB parsing should not modify ISO-specific parameters.
GRUB configs for hybrid ISOs often have 'iso-scan/filename=${iso_path}'
where ${iso_path} is never set, causing shell expansion to produce an
empty value. This creates malformed kernel params like 'iso-scan/filename='
with an orphaned path argument, breaking kexec.
Strip unresolved ${...} variables and bare $var patterns for
iso-scan/filename= and findiso= params before they reach kexec-boot.sh.
Fixes: Kicksecure and similar hybrid ISOs that use GRUB loopback config
with iso-scan/filename=${iso_path} but never define the variable.
…tection Drop inspect_iso_boot_config() and resolve_grub_vars() - GRUB configs are too dynamic to parse reliably (variables, conditionals, sources). Instead, rely on initrd strings analysis for boot method detection. Keep detect_iso_boot_method() which scans the ISO initrd for supported boot parameters (iso-scan, findiso, live-media, boot=casper, etc.). This tells us if the ISO can boot from USB without needing to understand the GRUB config. The ADD params (iso-scan/filename=, fromiso=, img_loop=, etc.) are passed via cmdadd and the ISO initrd picks what it needs. Also: simplify header comment, fix Kicksecure listing (Dracut-based, not Anaconda), backtick → $() conversions.
…anning Add check_hybrid_iso() - detects hybrid ISOs via MBR sig at offset 510 (0x55AA). Hybrid ISOs can boot from USB file (kexec), non-hybrid are CD-ROM only. Remove detect_iso_boot_method() - unreliable because initrd strings are often compressed, in binaries, or not readable text. The simpler approach is correct: mount ISO, pass boot params via kexec, let ISO initrd pick what it needs. The ADD params (iso-scan/filename=, fromiso=, img_loop=, img_dev=) cover Dracut-based ISOs including Kicksecure (boot=live), Ubuntu (iso-scan), Tails (live-media=), NixOS (findiso), Fedora Workstation (boot=casper). Also: backtick -> $() conversions, header documentation.
…llback Add detect_initrd_boot_support() - scans ISO initrd for: - Filesystem support: ext4, vfat, exfat (warns if USB fs not supported) - Boot param support: iso-scan, findiso, live-media, boot=live, boot=casper, nixos, anaconda Add extract_grub_boot_params() - fallback: grep GRUB config for boot params (boot=live, rd.live.image, rd.live.squash) when initrd detection fails. Fail early with clear guidance if no boot method detected: - Known compatible: Ubuntu, Debian Live, Tails, NixOS, Fedora Workstation, PureOS, Kicksecure - For unsupported ISOs: use Ventoy/Rufus, dd, or report to upstream Hybrid ISO check (MBR sig) remains for DEBUG visibility.
- Fix: add missing '| xargs strings' to boot=live grep in initrd detection - Rename extract_grub_boot_params() -> extract_boot_params_from_cfg() - Search all *.cfg files (GRUB + syslinux), not just grub.cfg - Add iso-scan, findiso, live-media, boot=casper, anaconda, nixos patterns - Rename GRUB_BOOT -> CFG_BOOT variable, 'grub:' -> 'cfg:' tag
- Add hybrid ISO detection (MBR sig 0x55AA at offset 510) - Document boot method detection table (Dracut, Anaconda, NixOS, Unknown) - Document initrd scanning for FS support (ext4, vfat, exfat) - Document config scanning for boot params (*.cfg fallback) - Update compatible ISO table with all tested ISOs - Add TinyCore as unknown boot method example - Clarify limited ISOs (Anaconda block device, Debian DVD installer) - Fix: Kicksecure listed correctly as Dracut-based (boot=live) - Fix: Fedora Silverblue and Qubes OS marked as limited (Anaconda)
Collaborator
Author
|
duplicate of #2083 |
There was a problem hiding this comment.
Pull request overview
This PR aims to improve “boot ISO from a file on a USB stick” flows by (1) making ISO boot detection/compatibility checks more robust, (2) hardening GRUB entry parsing to avoid malformed kernel parameters, and (3) improving kexec boot diagnostics, with corresponding documentation updates.
Changes:
- Add ISO “hybrid” detection and best-effort initrd/config scanning for filesystem + boot-method compatibility in
kexec-iso-init.sh. - Strip certain unresolved GRUB variable-based ISO parameters during GRUB entry parsing in
kexec-parse-boot.sh. - Improve option parsing/readability and add debug logging in
kexec-boot.sh; document the ISO boot stage indoc/boot-process.md.
Reviewed changes
Copilot reviewed 1 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| initrd/bin/kexec-parse-boot.sh | Adds sed-based stripping of unresolved iso-scan/filename / findiso params in parsed GRUB entries. |
| initrd/bin/kexec-iso-init.sh | Adds ISO hybrid detection plus initrd/config scanning and user warnings for ISO-on-USB-file boot compatibility. |
| initrd/bin/kexec-boot.sh | Refactors getopts handling, improves readability, and adds debug logs around cmdline adjustment + kexec execution. |
| doc/boot-process.md | Documents the new “Stage 2b” USB ISO boot flow and compatibility heuristics. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Changes
Testing
Tested with PureOS 10.3 GNOME live ISO on QEMU/Heads.