Double Lockout
Jan. 6th, 2026 02:29 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
diffrentcoloursRecently I was playing around with the boot systems on my two main computers - laptop and desktop - to enable Secure Boot. This is a quite old tech by now, and helps protect against "evil maid" attacks where somebody has temporary access to your hardware and uses it to install some kind of persistent backdoor. I don't think this is a huge threat to me in real life but it's fairly standard behaviour now so I figured I'd familiarise myself with it.
In the process I managed to get myself locked out of both. This was mildly concerning, because usually I'd use one system to help me repair the other. Fortunately I managed to "repair" the desktop by simply disabling Secure Boot.
The laptop was a bit more complicated. I was trying to convert it from BIOS booting to UEFI. This involved a few steps - shaving off 200MB from the 1GB /boot partition to make room to create an EFI system partition, converting the partition table itself from MBR to GPT, and installing the EFI version of the Grub bootloader.
Unfortunately I screwed up somewhere in the middle and left myself without a working bootloader - I'd converted the partition table without installing the EFI bootloader (because the partition to install it to didn't exist yet). Not to worry, I thought - I'd used SystemRescueCD, on my sole 4GB USB 2.0 pendrive (itself over a decade old), to mess around with the partitions and partition table, so surely I could use that to boot the laptop, then switch into the Debian installation and install grub-efi?
SysRescCD didn't have the firmware for the laptop's wifi card, which was annoying but predictable, and exactly why I have a couple of USB Ethernet adapters around. Though it didn't recognise that either, nor my mobile phone tethered via USB, nor the laptop's Bluetooth stack as another way to tether via phone. Four different attempts to get networking running, and none successful.
The next plan was to boot SysRescCD into RAM, remove the USB stick, reformat it as a regular data drive via the desktop, copy the Debian packages I needed onto it, plug it back into the laptop and install them that way. This took quite a bit of faffing as I had to manually resolve all the dependencies (though I eventually figured out apt --simulate install would tell me what I needed) but I downloaded them, copied them to the USB stick, plugged it back in and... nothing. Didn't even have USB mass storage drivers.
At this point I realised that SysRescCD was actually pretty useless for my needs, so I decided to download a Debian Live ISO (which should support all the things I'd tried and failed to do) and write that to the USB stick. The KDE ISO was 4GB big, I had a 4GB data stick, I had a nice fast Internet connection... downloading it was easy. Writing that much data to a USB 2.0 device took a long while though. After waiting for a long while, the write operation failed - the USB stick was only 4GiB (gibibytes), not 4GB (gigabytes), so it was just too small for the image. I might have sworn quite loudly at this point. Downloading a smaller Debian Live image was easy, and I went and had dinner while it was being written to the USB stick. After all that, the rest of the switchover went as planned. Having booted from Debian Live, I had networking and could install the new EFI bootloader with no real problems. After that, enabling Secure Boot just worked!
For all that parts of this experience were frustrating, and the stakes were moderately high since going without my laptop would be a huge pain, I quite enjoyed this little pair of experiments. I learned new things, refreshed my memory of a few others, and found a weak spot in my nerding abilities. A larger, and more importantly faster, USB stick will be replacing its venerable predecessor on my keyring - and I'll keep the old one around for smaller file transfers too, so I don't have to keep reformatting.
Next steps are to figure out why Secure Boot doesn't work on the desktop, and to try and replace Grub with systemd-bootd on the laptop. But that can wait for a while before I'm in another geeky mood...
no subject
Date: 2026-01-06 07:06 pm (UTC)Sounds like a frustrating job, and argh when both machines are unusable at once and drivers. It used to be more always like that I know, back when this sort of shit (OS reinstalls) was fun rather than a tedious slog for tired middle aged burned out geeks.
Well done for getting through the problemsolving and getting everything back up. We're due some serious Debian updateage on our server and 2x desktops but waiting till we have more spoons for Kim to do that.