High chance of boot problems on Debian arm64 and other EFI system

Summary: The Debian 10.10 distribution does not successfully boot on arm64 (aarch64) EFI systems, according to a report by Cypou who noted it as they were testing the ESXi Arm Fling. This is in part because Debian stopped arm64 support for shim-signed due to toolchain problems that made it difficult to get a working system. The ESXi Fling was not using secure boot, and the unsigned shim is now the default loader on arm64.

The symptoms are a "Synchronous exception" error on boot. Similar problems are seen by Ubuntu and SUSE, as shim occasionally crashes in _relocate()

The GNU toolchain does not currently have a good direct supported path for creation of EFI binaries on arm64, which are in the PE/COFF file format.

Timeline

• July 5, 2020: Request for native EFI support for aarch64 in GNU binutils (not assigned)
• May 2021: Debian no longer supports UEFI Secure Boot on arm64 systems, per Debian Secure Boot arm64 problems wiki
• May 10, 2021: dannf (Ubuntu) reports shim crashes in Ubuntu on arm64
• May 13, 2021: dannf reports shim occasionally crashes in _relocate() in upstream [rhboot/shim] 371
• June 15, 2021: ESXi Arm Fling v1.4 released
• June 16, 2021: lcp (SUSE) posts shim patch upstream for arm64
• June 19, 2021: Debian 10.10 released
• June 19, 2021: Steve McIntyre posts: High chance of boot problems on Debian arm64
• June 20, 2021: Cypou (VMware) notes "latest debian 10.10 update does not boot in ESXi Arm Fling VMs"
• June 22, 2021: Debian installer fails to load in QEMU, bug 990190 reported

Updates

Updated 6/21 to reflect a misunderstanding in Fling boot process (it's not using secure boot).

Updated 6/22 with QEMU issue.

cooling the attic, summer 2021 edition

June 2021 has been a hot month, which means I am working in a hot attic most of the day. Based on what I learned last summer this is what I should be doing this year.

Bring ice water to the attic. I should always have something cool to sip on. There are enough water bottles from pre-pandemic conference swag to use to make this straightforward if I think about it.

Get up earlier and have an earlier start to the workday. A 600a start would lop off 3 hours of the hottest part of the day. Alas I also like staying up late so I don't know if this is practical, but it's worth saying.

Open all the windows and turn on all of the fans. There's an east window and a west window, and I know that if I put a fan in the window nearest me and turn it on max that the airflow makes the whole place more pleasant.

Take the laptop in to coworking, which is air conditioned. Workantile is open again, and the bus runs frequently enough that I don't need a car if I plan a little. That would be a great way to not care so much about the attic temperatures.

Work at a cafe. I am not ready for this just yet because of pandemic. Coworking with known coworkers is one thing, hanging out indoors with strangers is not something I'm quite prepared for.

Last year I went to some elaborate efforts to log the temperatures to make sure I knew what changes I could make to get the attic more temperate. This year I don't need all that, because I know what will work!