Hi,
I'm moving forward with the first message shown by the AMI Bios "GPT header corruption". Here is an analysis of the USB Boot drive:
Methodology:
1) USB drive burned from ISO, The ISO checksum has been verified to be correct!
2) Executed several tools to extract information from the GPT partition and disk
3) The USB is inserted in the PC using an AMI BIOS. The message about corrupted GPT appears
4) The BIOS is configured to repair the corrupted GPT. The system boots again
5) The message about corrupted GPT is gone and the initial menu to install TrueNAS (from EFI) pops up
6) As stated, when pressing 1, the system DOES NOT BOOT to the Installer Op System. Most likely because of the Secure Boot can't be disabled?
7) Power off the computer, extract USB and execute the same tools in step (2)
8) Compare the results
Results: The information is Exactly the same! so the good news is that the fix about the corruption is not removing essential data that would be required for the installation.
Images and files attached:
- USB analysis collected at step 2
- USB analysis collected as step 7
- IMG_0154: BIOS message at step 3
- IMG_0155: Warning message from the BIOS when activating "repair"
- IMG_0156: TrueNAS EFI menu
- IMG_0157: what happens when I press "1" to start the install process.
Conclusion:
* To solve the issue, the root of the problem is the lack of signature of the modules loaded by the TrueNAS installation process. Note I could run the installed of Proxmox without any issue so TrueNAS could just "do the same"?.
* If obtaining an intermediate certificate to digitally sign the boot modules is "expensive" for iXsystems, an alternative is to create their own root CA and intermediate certificates and distribute them in a separate ISO so we can use the BIOS mechanism to load the PK and the rest of the keys at our own risk.
I'll continue exploring what else could I do in regard with the Secure Boot blocker issue.
Any help will be appreciated!
Regards
Ignacio
www.truenas.com
