USB /boot on UEFI (Thinkpad T470 2018 with Win10)

Postby rmdca » 2018-07-22 17:18

Hey Guys,

I would appreciate if you can help me around this "wall" I hit:

I am familiar with installing Debian, and I've been doing so on some laptops, usually with an encrypted partition + LVM on the disk and a USB drive with the /boot partition to serve as key and avoid leaving the encryption key on the unencrypted boot partition.

I got this brand new 2018 Thinkpad T470, with Win10 installed which I need to keep for work. I hacked to get admin rights and shrinked a 100 GB space which I wanted to used as /root using a 8GB USB as /boot.

I'am using the Debian testing + non-free torrent for quick offline install.
I don't install grub on MBR, just direct it to the /dev/sdX1 partition of the USB.

However the USB "key" doesn't work well with UEFI.
If formatted as MBR + ext2/ext4, it gets recognized as the laptop boots mas doesn't launch Debian (kept it unencrypted to simplify).
If formatted as GPT, is not recognized at all. Tried several options: GPT + EFI, GPT + Linux filesystem, legacy boot flag on and off, etc

Before you ask, yes, I've went through ALL the UEFI BIOS options:
Secure boot is off, Legacy boot is enabled, boot order is ok, only left SGX on, because I don't want to try my luck for now.

Anyone ran into the same issue?
I already did a lot of installs and ran out of options to try.

Much obliged
Re: USB /boot on UEFI (Thinkpad T470 2018 with Win10)

Postby rmdca » 2018-07-22 18:44

To anyone that reads this, I found the solution:

The bootloader grub was not launching, the usb was not the issue.

1. enter rescue mode on the installation
2. when the install asks, give it your /root location to mount it, enter the crypto key if that is the case, and also mount the /boot partition (usb)
3. Reinstall bootloader grub to the /boot -> enter manually: /dev/sdX (X=a,b,c... your drive letter)

The USB /boot is formatted as MBR+ext4(linux filesystem) with bootable flag on.
If other computer is available, use a live Kali distro and gnome disks to check and edit the usb partition.

If it fails to reinstall grub, repeat the process, I had two fails myself, but I could be doing something wrong.
