Tuesday 14 January 2020

Direct UEFI64 boot from Tails 4.2/4.16 ISO file using a1ive's grub2 File Manager

Note: Later versions of Tails Live DVD ISO files (e.g. Tails v5.1, now have a UEFI-boot grub2 menu with a 'Tails (External Hard Disk) option. So just use a _.isodef.iso file extension and choose that option if you have an E2B USB HDD - otherwise choose one of the first options.

--------

This .grubfm menu can be added to the same folder as the ISO to get a 'User Menu' option when you select the .iso file. This allows us to UEFI-boot to Tails ISOs.

You must test on a real system (not a Virtual Machine) as it needs to detect a USB boot device.

Note: for Tails 4.6, and 4.16 you must delete the union=aufs parameter (why do the devs keep changing linux parameters every distro?).

As Tails seems to change on every version (!), you should look at the isolinux\live64.cfg file to get the correct 'params' parameters if you have a different version.

Tip: If you are booting from a VM or a Fixed-disk type of E2B USB drive (e.g. USB HDD or Corsair GTX flash drive), then you will need to press TAB at the Tails grub menu and edit the kernel parameters to remove the 'live-media=removable' entry each time you boot. For E2B, you can instead use the Tails_generic_for_USB_HDD.mnu from the sample mnu files folder (copy it and the ISO to the \_ISO\LINUX\MNU folder and edit the .mnu file with the name of your tails ISO file in two places).




tails-amd64-4.2.grubfm
# available variables are:
# grubfm_file  - (dev)+fullpath+name.ext
# grubfm_path  - e.g. /test/ubunto.iso
# grubfm_dir   - e.g. /test/
# grubfm_device - e.g. hd0,msdos1
# grubfm_disk    - e.g. hd0
# grubfm_name    - e.g. ubuntu.iso
# grubfm_filename - e.g. ubuntu
# grubfm_fileext   - e.g. iso
# grub_platform=efi or pc  (UEFI or Legacy BIOS)
# grub_cpu=i386 or x86_64 (i386=Legacy mode or 32-bit UEFI, x86_64=UEFI64)
# grub_uefi_version  (e.g. 2.4)
# grub_secureboot
# CPU  (=32 or 64)

if cpuid -l; then set CPU=64; else set CPU=32; fi

# Examples:
# for 64-bit UEFI only:
# if [ "$grub_cpu" == "x86_64" -a "$grub_platform"=="efi" ] ; then
# for 32-bit Legacy
#if [ "$grub_cpu" == "i386" -a "$CPU"=="32" ] ; then

# --class=   defines the icon displayed next to the menuentry

# Only show menu if 64-bit CPU:
if [ "$CPU" == "64" ] ; then
menuentry "Tails 4.2 64-bit (USB drive, real system only) " --class=tails {
partnew --type=0x00 --file="${grubfm_file}" (${grubfm_disk}) 4
loopback loop "${grubfm_file}" 
set root=(loop)
set "params=boot=live config nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZP mce=0 vsyscall=none page_poison=1 init_on_alloc=1 init_on_free=1 mds=full,nosmt union=aufs  noapic noapm nodma nomce nolapic nomodeset nosmp vga=normal"
#live-media=removable  quiet splash
linux /live/vmlinuz ${params}
initrd /live/initrd.img
}

menuentry "Tails 4.2 64-bit - Failsafe (USB drive, real system only) " --class=tails {
partnew --type=0x00 --file="${grubfm_file}" (${grubfm_disk}) 4
loopback loop "${grubfm_file}" 
set root=(loop)
set "params=boot=live config nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZP mce=0 vsyscall=none page_poison=1 init_on_alloc=1 init_on_free=1 mds=full,nosmt union=aufs  noapic noapm nodma nomce nolapic nomodeset nosmp vga=normal"
set "failsafe=noapic noapm nodma nomce nolapic nomodeset nosmp vga=normal "
set "intel=xorg-driver=intel"
set "intelv=xorg-driver=vesa"
set "intel1=xorg-driver=modesetting"
set "intel_mobile=video=SVIDEO-1:d"
set "nvidia=nouveau.modeset=0"
set "ryzenvga=iommu=soft"
echo
echo
echo ADD AN EXTRA PATCH?
echo 1 = Intel xorg driver ($intel)
echo 2 = VESA  xorg driver ($intelv)
echo 3 = Intel modesetting ($intel1)
echo 4 = Intel mobile graphics ($intel_mobile)
echo 5 = NVidia ($nvidia)
echo 6 = RYZEN + VGA ($ryzenvga)
echo 7 = None
echo
read p
if [ "$p" == "1" ] ; then set "patch=${intel}" ; fi
if [ "$p" == "2" ] ; then set "patch=${intelv}" ; fi
if [ "$p" == "3" ] ; then set "patch=${intel1}" ; fi
if [ "$p" == "4" ] ; then set "patch=${intel_mobile}" ; fi
if [ "$p" == "5" ] ; then set "patch=${nvidia}" ; fi
if [ "$p" == "6" ] ; then set "patch=${ryzenvga}" ; fi
if [ "$p" == "7" ] ; then set "patch=" ; fi
#live-media=removable  quiet splash
echo
echo ${patch}
linux /live/vmlinuz ${params} ${failsafe} ${patch}
initrd /live/initrd.img
}

else
# return back to 'open' menu
grubfm_open "${grubfm_file}"
fi

menuentry "Back" {
grubfm_open "${grubfm_file}"
}


MBR\UEFI Tails 4.16 Desktop 64 .grubfm menu

# available variables are:
# grubfm_file  - (dev)+fullpath+name.ext
# grubfm_path  - e.g. /test/ubunto.iso
# grubfm_dir   - e.g. /test/
# grubfm_device - e.g. hd1,msdos1
# grubfm_disk    - e.g. hd1
# grubfm_name    - e.g. ubuntu.iso
# grubfm_filename - e.g. ubuntu
# grubfm_fileext   - e.g. iso
# grub_platform=efi or pc  (UEFI or Legacy BIOS)
# grub_cpu=i386 or x86_64 (i386=Legacy mode or 32-bit UEFI, x86_64=UEFI64)
# grub_uefi_version  (e.g. 2.4)
# grub_secureboot
# CPU  (=32 or 64)

# Examples:
# for 64-bit UEFI only:
# if [ "$grub_cpu" = "x86_64" -a "$grub_platform" = "efi" ] ; then
# for 32-bit Legacy
# if [ "$grub_cpu" = "i386" -a "$CPU" = "32" ] ; then

# --class=   defines the icon displayed next to the menuentry

# check file is contiguous
set x=0
set NC=0
stat -c -q -s x "${grubfm_file}"
if [ ! "${x}" = "1" ] ; then 
echo ERROR: ${grubfm_file} is not contiguous or does not exist!
sleep 5
set NC=1
fi


# Only show menu if 64-bit CPU:
if [ "$CPU" = "64" ] ; then
menuentry "Tails 4.16 64-bit (USB drive, real system only) " --class=tails {
partnew --type=0x00 --file="${grubfm_file}" (${grubfm_disk}) 4
loopback loop "${grubfm_file}" 
set root=(loop)

set "params=boot=live config live-media=removable nopersistence noprompt timezone=Etc/UTC splash noautologin module=Tails slab_nomerge slub_debug=FZP mce=0 vsyscall=none page_poison=1 init_on_free=1 mds=full,nosmt vga=normal"

linux /live/vmlinuz ${params}
initrd /live/initrd.img
}

menuentry "Tails 4.16 64-bit - Failsafe (USB drive, real system only) " --class=tails {
partnew --type=0x00 --file="${grubfm_file}" (${grubfm_disk}) 4
loopback loop "${grubfm_file}" 
set root=(loop)

set "params=boot=live config live-media=removable nopersistence noprompt timezone=Etc/UTC splash noautologin module=Tails slab_nomerge slub_debug=FZP mce=0 vsyscall=none page_poison=1 init_on_free=1 mds=full,nosmt  noapic noapm nodma nomce nolapic nomodeset nosmp vga=normal"

set "failsafe=noapic noapm nodma nomce nolapic nomodeset nosmp vga=normal "
set "intel=xorg-driver=intel"
set "intelv=xorg-driver=vesa"
set "intel1=xorg-driver=modesetting"
set "intel_mobile=video=SVIDEO-1:d"
set "nvidia=nouveau.modeset=0"
set "ryzenvga=iommu=soft"
echo
echo
echo ADD AN EXTRA PATCH?
echo 1 = Intel xorg driver ($intel)
echo 2 = VESA  xorg driver ($intelv)
echo 3 = Intel modesetting ($intel1)
echo 4 = Intel mobile graphics ($intel_mobile)
echo 5 = NVidia ($nvidia)
echo 6 = RYZEN + VGA ($ryzenvga)
echo 7 = None
echo
read p
if [ "$p" = "1" ] ; then set "patch=${intel}" ; fi
if [ "$p" = "2" ] ; then set "patch=${intelv}" ; fi
if [ "$p" = "3" ] ; then set "patch=${intel1}" ; fi
if [ "$p" = "4" ] ; then set "patch=${intel_mobile}" ; fi
if [ "$p" = "5" ] ; then set "patch=${nvidia}" ; fi
if [ "$p" = "6" ] ; then set "patch=${ryzenvga}" ; fi
if [ "$p" = "7" ] ; then set "patch=" ; fi
#live-media=removable  quiet splash
echo
echo ${patch}
linux /live/vmlinuz ${params} ${failsafe} ${patch}
initrd /live/initrd.img
}

else
# return back to 'open' menu
grubfm "${grubfm_current_path}"
fi

menuentry "Back" {
grubfm "${grubfm_current_path}"
}


Alternate Download Area - a1ive grub2 file manager folder has this file.

5 comments:

  1. i tried this menu with some edits to boot debian buster iso in uefi mode but failed to boot.also tried llopback and partnew option still no luck!

    ReplyDelete
    Replies
    1. debian-10.2.0-amd64-DVD-1.iso
      This UEFI64 boots fine just from the ISO file using partnew option - just specify /dev/sda4 instead of /dev/cdrom for the source when installing (as with all debian ISOs when using partnew).

      Delete
  2. It doesn't seem to work with Tail 4.6?

    ReplyDelete
    Replies
    1. Edit the .grubfm file and delete all occurrences of union=aufs

      Delete