diff --git a/HIPERISO_PLAN.md b/HIPERISO_PLAN.md index 5d2541a..33fe958 100644 --- a/HIPERISO_PLAN.md +++ b/HIPERISO_PLAN.md @@ -1,1418 +1,14 @@ -# hiperiso — Architecture & Implementation Plan (Full Ventoy Parity) - -> A hypervisor-based ISO boot tool with full bootlogging — **all Ventoy features, -> but using KVM+QEMU instead of OS-level injection.** - ---- - -## 1. Executive Summary - -**hiperiso** boots ISO files from a USB drive — like Ventoy — but instead of -injecting hooks into the booted OS, it runs a **thin hypervisor** (KVM + QEMU on -a minimal Linux kernel) that boots the ISO as an unmodified guest VM. The -hypervisor captures **full bootlogging**: serial console, disk I/O traces, port -I/O, PCI enumeration, and memory-mapped I/O — everything from the first firmware -instruction to userspace init. - -**FULL VENTOTY PARITY** is the requirement. hiperiso replicates every Ventoy -user-facing feature: - -- GUI installer (GTK3 + Qt5 auto-detection, like VentoyGUI) -- WebUI installer (local HTTP server, like VentoyWeb on port 24680) -- Plugin config tool (web-based, like VentoyPlugson on port 24681) -- Theme system (GRUB2 gfxmenu themes, per-arch, random selection) -- Plugin system (all 15 Ventoy plugins, full ventoy.json compatibility) -- WIM/VHD/VHDX boot support -- Secure Boot support (OVMF + shim + MOK enrollment) -- Persistence support (.dat files as QEMU drives) -- Auto-install support (kickstart/preseed via virtual floppy or fw_cfg) -- Password protection (boot-level + per-ISO) -- Language support (60+ languages, same languages.json format) -- Cross-platform installer (Linux + Windows) -- Non-destructive update (preserve data partition) -- LiveCD version (bootable hiperiso CD with kiosk GUI) -- All ISO types (Linux, Windows, BSD, WinPE, IMG, VHD, EFI, .vtoy) - -**The ONLY difference**: hiperiso uses a hypervisor and collects boot logs. -Everything else is identical to Ventoy's user experience. - ---- - -## 2. Ventoy Feature Assessment - -### 2.1 Source Analysis Summary - -Based on exhaustive source analysis of Ventoy (5 parallel research agents, all -completed). Key findings: - -| Component | LOC | Role | -|-----------|-----|------| -| `GRUB2/grub-core/ventoy/` | ~17,000 C | Menu, ISO enumeration, chain data, plugins | -| `ventoy_cmd.c` | 7,166 | All GRUB commands (boot, plugin, browser) | -| `ventoy_plugin.c` | 3,657 | JSON plugin framework (15 plugins) | -| `ventoy_windows.c` | 2,781 | Windows ISO boot (WIM patching, vtoyjump injection) | -| `ventoy_linux.c` | 2,120 | Linux ISO boot (initrd chain, kernel cmdline) | -| `ventoy_unix.c` | 1,245 | BSD/Unix boot (segment maps, ko replacement) | -| `ventoy_vhd.c` | 754 | VHD/VHDX boot | -| `VtoyTool/` | ~3,000 C | Runtime tools (vtoydm, vtoydump, vtoyloader) | -| `IMG/cpio/` | ~50 shell scripts | Distro-specific injection hooks (60+ distros) | -| `Ventoy2Disk/` (Windows) | ~5,000 C | Win32 installer (VDS/diskpart) | -| `LinuxGUI/` | ~5,000 C | GTK2/3 + Qt5 + WebUI installer | -| `Plugson/` | ~5,000 C | Plugin config web tool (87+ API endpoints) | -| `vtoyjump/` | ~3,200 C | Windows PE injection (ISO mount, Win11 bypass) | -| `LANGUAGES/languages.json` | 3,448 lines | 60+ languages | - -### 2.2 What hiperiso Eliminates vs Keeps - -| Ventoy Component | hiperiso Status | Reason | -|------------------|-----------------|--------| -| **GRUB2 ISO menu + enumeration** | ✅ KEEP | Menu UX is excellent | -| **Plugin framework (ventoy.json)** | ✅ KEEP ALL 15 | Full compatibility | -| **Theme system** | ✅ KEEP | GRUB2 themes work identically | -| **Menu alias/tip/class** | ✅ KEEP | Pure GRUB2 menu features | -| **Password protection** | ✅ KEEP | GRUB2-level feature | -| **Image list/blacklist** | ✅ KEEP | ISO filtering at menu level | -| **auto_install plugin** | ✅ ADAPT | Attach scripts via virtual floppy / fw_cfg | -| **persistence plugin** | ✅ ADAPT | .dat files as QEMU secondary drives | -| **dud plugin** | ✅ ADAPT | Attach DUD images as virtual floppy | -| **injection plugin** | ✅ ADAPT | Attach as virtual floppy / second CD | -| **conf_replace plugin** | ✅ ADAPT | Pre-process: create modified ISO copy | -| **WIM boot** | ✅ SIMPLIFY | QEMU CD-ROM emulation — no patching needed | -| **VHD/VHDX boot** | ✅ SIMPLIFY | QEMU native VHD support (`format=vpc`) | -| **Image chunk mapping** | ❌ ELIMINATE | ISO is a file opened by QEMU directly | -| **Chain head / os_param handoff** | ❌ ELIMINATE | No GRUB→OS memory handoff needed | -| **Linux initrd injection** | ❌ ELIMINATE | Guest boots natively from virtual CD-ROM | -| **Device-mapper setup (vtoydm)** | ❌ ELIMINATE | QEMU handles block device emulation | -| **60+ distro hook scripts** | ❌ ELIMINATE | OS is unmodified — no init patching | -| **vtloopex dm-mod.ko collection** | ❌ ELIMINATE | No device-mapper needed | -| **vtoyjump PE injection** | ❌ ELIMINATE | ISO is native virtual CD-ROM | -| **EFI Block I/O virtual disk** | ❌ ELIMINATE | QEMU provides real emulated hardware | - -### 2.3 The Fundamental Advantage - -Ventoy's entire complexity (30,000+ lines of injection code, thousands of binary -blobs) exists *solely* to reconstruct an ISO file as a virtual block device inside -a bare-metal-booted OS. hiperiso's hypervisor makes ALL of that unnecessary: - -- The ISO becomes a **native emulated AHCI CD-ROM** via QEMU -- The guest OS boots **completely unmodified** -- Every I/O operation is **visible to the hypervisor** for logging -- Compatibility is determined by QEMU's device model, not by injection code - ---- - -## 3. Architecture - -### 3.1 USB Partition Layout - -Identical concept to Ventoy — two partitions, data-preserving update: - -``` -┌──────────────────────────────────────────────────────────────────────┐ -│ USB DRIVE │ -│ │ -│ Partition 1 (ESP, FAT32, 256MB): │ -│ /EFI/BOOT/BOOTX64.EFI ← GRUB2 (hiperiso module) │ -│ /EFI/BOOT/grub.cfg ← GRUB2 menu config │ -│ /EFI/hiperiso/vmlinuz ← Host kernel (KVM built-in) │ -│ /EFI/hiperiso/initramfs.cpio.gz ← Host initramfs (QEMU+OVMF+init) │ -│ /EFI/hiperiso/OVMF_CODE.fd ← UEFI firmware code (read-only) │ -│ /EFI/hiperiso/OVMF_VARS.fd ← UEFI firmware variables (writable) │ -│ /EFI/hiperiso/trace/ ← Trace event files (standard/detailed/full) │ -│ /EFI/hiperiso/grub/themes/ ← Default GRUB2 themes │ -│ /EFI/hiperiso/grub/fonts/ ← .pf2 font files │ -│ /EFI/hiperiso/grub/icons/ ← Menu class icons │ -│ /EFI/hiperiso/lang/ ← Menu language files │ -│ /EFI/hiperiso/hiperiso-log ← Log analysis tool (static) │ -│ /EFI/hiperiso/version ← Version string │ -│ │ -│ Partition 2 (data, exFAT/NTFS): │ -│ /ISOs/*.iso ← User's ISO/WIM/IMG/VHD/VTOY files │ -│ /hiperiso/ │ -│ │ ├── hiperiso.json ← Main config (Ventoy-compatible) │ -│ │ ├── ventoy.json ← Ventoy-compatible alias (symlink) │ -│ │ ├── logs/ ← Boot logs (per-ISO directories) │ -│ │ ├── themes/ ← User-installed themes │ -│ │ ├── auto/ ← Auto-install scripts │ -│ │ ├── persistence/ ← .dat persistence files │ -│ │ ├── dud/ ← Driver Update Disk images │ -│ │ ├── injection/ ← Injection archives │ -│ │ ├── conf_replace/ ← Config replacement files │ -│ │ ├── fonts/ ← Custom .pf2 fonts │ -│ │ └── custom_boot/ ← .vcfg custom boot configs │ -│ /ventoy/ ← Ventoy-compatibility directory │ -│ │ ├── ventoy.json ← (symlink to hiperiso/hiperiso.json)│ -│ │ └── ... ← (symlinks for Ventoy path compat) │ -└──────────────────────────────────────────────────────────────────────┘ -``` - -**Key differences from Ventoy:** -- ESP is 256MB (Ventoy: 32MB) — needed for kernel + QEMU + OVMF -- ESP is visible/mountable (Ventoy hides VTOYEFI with GPT attribute) -- Config at `/hiperiso/hiperiso.json` with Ventoy-compatible symlink at `/ventoy/ventoy.json` -- Log directory on data partition ( Ventoy has no logs) - -### 3.2 Boot Chain - -``` -[1] Firmware (UEFI) boots from USB - │ - ▼ -[2] GRUB2 (BOOTX64.EFI) loads - │ - Parses hiperiso.json / ventoy.json - │ - Applies themes, aliases, menu classes, tips - │ - Enumerates ISO/WIM/IMG/VHD/VTOY from data partition - │ - Applies image_list/image_blacklist filters - │ - Displays menu with all plugin customizations - │ - User selects an ISO (or auto-selects via HISO_DEFAULT_IMAGE) - │ - ▼ -[3] GRUB2 checks password plugin (boot-level + per-ISO) - │ - If password required: prompt user - │ - ▼ -[4] GRUB2 resolves plugins for selected ISO: - │ - auto_install: find matching template path - │ - persistence: find matching .dat backend path(s) - │ - dud: find matching DUD image path(s) - │ - injection: find matching archive path - │ - conf_replace: find matching replacement files - │ - menu_tip: display tip if configured - │ - iso_overrides: get QEMU config overrides - │ - ▼ -[5] GRUB2 loads host kernel + initramfs: - │ linux /EFI/hiperiso/vmlinuz \ - │ hiperiso_iso="/ISOs/ubuntu-24.04.iso" \ - │ hiperiso_log="/hiperiso/logs/ubuntu-24.04/" \ - │ hiperiso_trace_level="standard" \ - │ hiperiso_ram="2048" hiperiso_cpus="2" \ - │ hiperiso_auto_install="/hiperiso/auto/ubuntu.seed" \ - │ hiperiso_persistence="/hiperiso/persistence/ubuntu.dat" \ - │ hiperiso_dud="/hiperiso/dud/driver.iso" \ - │ hiperiso_injection="/hiperiso/injection/inject.tar.gz" \ - │ hiperiso_conf_replace="/hiperiso/conf_replace/grub.cfg:org=/boot/grub/grub.cfg" \ - │ hiperiso_secure_boot="1" \ - │ hiperiso_tpm="0" \ - │ hiperiso_cpu_features="" \ - │ hiperiso_display="none" \ - │ hiperiso_vga="none" - │ initrd /EFI/hiperiso/initramfs.cpio.gz - │ - ▼ -[6] Host Linux kernel boots (KVM built-in) - │ - USB drivers init (XHCI/EHCI) - │ - Mount data partition at /mnt/usb - │ - KVM initializes - │ - ▼ -[7] Initramfs /init script: - │ a. Verify /dev/kvm exists - │ b. Verify ISO file exists - │ c. Create log directory - │ d. Process conf_replace (if any): create modified ISO copy in tmpfs - │ e. Process injection (if any): prepare virtual floppy image - │ f. Build QEMU command line with all plugin params - │ g. Launch QEMU in foreground - │ - ▼ -[8] QEMU boots with OVMF firmware - │ - OVMF UEFI initializes (Secure Boot if enabled) - │ - Discovers AHCI controller → emulated SATA CD-ROM - │ - CD-ROM backed by the ISO file (or modified copy) - │ - Virtual floppy with auto-install/DUD/injection (if configured) - │ - Secondary drive with persistence .dat (if configured) - │ - El Torito / UEFI boot from CD-ROM - │ - ▼ -[9] Guest OS boots (UNMODIFIED) - │ - Guest bootloader (GRUB2/Windows Boot Manager/etc.) - │ - Guest kernel/initrd loads from virtual CD-ROM - │ - All I/O trapped by KVM, optionally traced by QEMU - │ - Serial output → captured to log file - │ - Disk I/O → captured as trace events - │ - ▼ -[10] Guest running — FULL BOOTLOGGING ACTIVE - │ - Serial: /hiperiso/logs//serial.log - │ - Trace: /hiperiso/logs//trace.bin - │ - QEMU monitor socket for live introspection - │ - ▼ -[11] Guest shuts down → QEMU exits → flush logs → optional reboot to menu -``` - -### 3.3 QEMU Launch Configuration - -The initramfs builds a QEMU command line dynamically based on: -1. Default config from hiperiso.json `control` section -2. ISO-specific overrides from `iso_overrides` section -3. Plugin-resolved parameters (auto_install, persistence, dud, injection) -4. Secure Boot / TPM requirements - -**Base configuration (all ISOs):** - -```bash -qemu-system-x86_64 \ - -machine q35,accel=kvm \ - -cpu host \ - -m "${GUEST_RAM:-2048}" \ - -smp "${GUEST_CPUS:-2}" \ - \ - -drive file="${ISO_PATH}",if=none,id=cd0,format=raw,media=cdrom,readonly=on \ - -device ahci,id=ahci0 \ - -device ide-cd,drive=cd0,bus=ahci0.0,bootindex=1 \ - \ - -drive if=pflash,format=raw,readonly=on,file=OVMF_CODE.fd \ - -drive if=pflash,format=raw,file=OVMF_VARS.fd \ - \ - -serial "file:${LOG_PATH}/serial.log" \ - -trace events=${TRACE_EVENTS},file="${LOG_PATH}/trace.bin" \ - \ - -display "${DISPLAY_MODE:-none}" \ - -vga "${VGA_MODE:-none}" \ - -monitor "unix:${LOG_PATH}/monitor.sock,server,nowait" \ - \ - -nodefaults -no-reboot -``` - -**Conditional additions (added by plugin resolution):** - -| Plugin | QEMU Arguments Added | -|--------|---------------------| -| **persistence** | `-drive file=${DAT_PATH},if=none,id=disk0,format=raw -device virtio-blk-pci,drive=disk0` | -| **auto_install** | `-drive file=${FLOPPY_IMG},if=none,id=floppy0,format=raw -device isa-fdc,driveA=floppy0` OR `-fw_cfg name=opt/auto_install,file=${SCRIPT_PATH}` | -| **dud** | `-drive file=${DUD_IMG},if=none,id=floppy1,format=raw -device isa-fdc,driveB=floppy1` OR second CD-ROM | -| **injection** | `-drive file=${INJECT_IMG},if=none,id=floppy2,format=raw` (virtual floppy) | -| **secure_boot** | Use `OVMF_CODE.secboot.fd` + SMM: `-machine q35,accel=kvm,smm=on -global driver=cfi.pflash01,property=secure,value=on` | -| **tpm** | `-chardev socket,id=chrtpm,path=/tmp/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0` | -| **cpu_features** | `-cpu host,+vmx` (or other features) | -| **vhd boot** | `-drive file=${VHD_PATH},if=none,id=disk0,format=vpc -device virtio-blk-pci,drive=disk0` (replaces CD-ROM) | -| **display gtk** | `-display gtk -vga std` (for interactive use) | -| **display vnc** | `-vnc :0 -vga std` (for remote display) | -| **win11** | TPM + Secure Boot + 4GB RAM + cpu_features=vmx | -| **legacy bios** | `-bios bios-256k.bin` (SeaBIOS instead of OVMF) | - -### 3.4 Bootlogging System (hiperiso's Defining Feature) - -Four logging tiers (unchanged from MVP — this is hiperiso's unique value): - -#### Tier 1: Serial Console (always on) -- UART port 0x3F8 → `${LOG_PATH}/serial.log` -- Captures: bootloader, kernel printk, init, userspace output - -#### Tier 2: Disk I/O Tracing (always on) -- QEMU simpletrace events: `ide_sector_read`, `cd_read_sector`, `blk_co_preadv`, `virtio_blk_handle_read` -- Binary format → `${LOG_PATH}/trace.bin` → parsed by hiperiso-log - -#### Tier 3: Hardware Probes (optional: `hiperiso_trace_level=detailed`) -- Events: `cpu_in`, `cpu_out`, `pci_cfg_read`, `pci_cfg_write` - -#### Tier 4: Full MMIO (debug: `hiperiso_trace_level=full`) -- Events: `memory_region_ops_read`, `memory_region_ops_write` - -#### Log Analysis Tool: `hiperiso-log` -- Parse serial.log → boot stage timestamps -- Parse trace.bin → disk I/O heatmap, failure sectors -- Generate report.json + report.txt -- Compare boot traces across runs (regression detection) - ---- - -## 4. Plugin System — Full Ventoy Compatibility - -### 4.1 Config File - -**Location:** `/hiperiso/hiperiso.json` -**Compatibility:** `/ventoy/ventoy.json` (symlink to above) - -hiperiso reads BOTH paths. If `ventoy/ventoy.json` exists independently, it takes -precedence (Ventoy compatibility mode). Otherwise `hiperiso/hiperiso.json` is used. - -**Encoding:** UTF-8 (BOM handled), lowercase path required. - -**Platform suffixes:** All keys support per-platform variants: -- `_legacy` (BIOS), `_uefi` (x86_64 UEFI), `_ia32`, `_aa64`, `_mips` -- Lookup order: platform-specific first, then bare key - -### 4.2 All 15 Plugins - -#### Plugin 1: `control` (Array of objects) - -Maps to hiperiso environment variables + QEMU defaults: - -| Key | Type | Default | hiperiso Mapping | -|-----|------|---------|------------------| -| `HISO_DEFAULT_MENU_MODE` | int (0/1) | 0 | GRUB menu mode: 0=list, 1=tree | -| `VTOY_TREE_VIEW_MENU_STYLE` | int (0/1) | 0 | Tree sub-style | -| `VTOY_FILT_DOT_UNDERSCORE_FILE` | int (0/1) | 1 | Filter `._` files | -| `VTOY_SORT_CASE_SENSITIVE` | int (0/1) | 0 | Sort order | -| `VTOY_MAX_SEARCH_LEVEL` | int | -1 | Max dir depth (-1=unlimited) | -| `VTOY_VHD_NO_WARNING` | int (0/1) | 0 | Suppress VHD warning | -| `VTOY_FILE_FLT_ISO` | int (0/1) | 0 | Hide .iso files | -| `VTOY_FILE_FLT_WIM` | int (0/1) | 0 | Hide .wim files | -| `VTOY_FILE_FLT_EFI` | int (0/1) | 0 | Hide .efi files | -| `VTOY_FILE_FLT_IMG` | int (0/1) | 0 | Hide .img files | -| `VTOY_FILE_FLT_VHD` | int (0/1) | 0 | Hide .vhd files | -| `VTOY_FILE_FLT_VTOY` | int (0/1) | 0 | Hide .vtoy files | -| `VTOY_WIN11_BYPASS_CHECK` | int (0/1) | 1 | Win11: QEMU provides virtual hardware | -| `VTOY_WIN11_BYPASS_NRO` | int (0/1) | 1 | Win11: network bypass | -| `VTOY_LINUX_REMOUNT` | int (0/1) | 0 | N/A (hiperiso doesn't inject) | -| `VTOY_SECONDARY_BOOT_MENU` | int (0/1) | 1 | Show boot mode submenu | -| `VTOY_SHOW_PASSWORD_ASTERISK` | int (0/1) | 1 | Password display | -| `HISO_MENU_TIMEOUT` | int | 0 | Menu timeout (seconds) | -| `VTOY_WIN_UEFI_RES_LOCK` | int | 3 | Win UEFI resolution lock | -| `VTOY_SECURE_BOOT_POLICY` | int | 0 | 0=bypass, 1=enforce | -| `VTOY_SECONDARY_TIMEOUT` | int | 0 | Submenu timeout | -| `HISO_DEFAULT_KBD_LAYOUT` | string | "QWERTY_USA" | 20 layouts | -| `HISO_MENU_LANGUAGE` | string | "en_US" | 37 languages | -| `HISO_DEFAULT_SEARCH_ROOT` | string | "" | Restrict ISO search dir | -| `HISO_DEFAULT_IMAGE` | string | "" | Default ISO path | - -**hiperiso-specific additions** (in `control` or top-level): -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| `default_ram` | int | 2048 | Default guest RAM (MB) | -| `default_cpus` | int | 2 | Default guest vCPUs | -| `default_trace_level` | string | "standard" | Trace tier | -| `default_display` | string | "none" | QEMU display mode | -| `default_vga` | string | "none" | QEMU VGA mode | -| `fallback_no_kvm` | bool | true | Fall back if no KVM | - -#### Plugin 2: `theme` (Object) - -Identical to Ventoy — GRUB2 gfxmenu themes: - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| `file` | string/array | — | Path(s) to theme.txt (relative = `/hiperiso/themes/` or `/ventoy/`) | -| `default_file` | int | 0 | Index (1-based, 0=random) | -| `random` | string | — | `"boot_second"`, `"boot_day"`, `"boot_month"` | -| `resolution_fit` | int (0/1) | 0 | Filter by resolution | -| `gfxmode` | string | "1024x768" | GRUB gfxmode ("max" = auto) | -| `display_mode` | string | — | `"GUI"`, `"CLI"`, `"serial"`, `"serial_console"` | -| `serial_param` | string | — | Serial port params | -| `hiperiso_left` | string | "5%" | Hotkey tip X | -| `hiperiso_top` | string | "95%" | Hotkey tip Y | -| `hiperiso_color` | string | "#0000ff" | Hotkey tip color | -| `fonts` | array | — | .pf2 font paths | - -Theme files use standard GRUB2 gfxmenu `.txt` format. Default theme shipped at -`/EFI/hiperiso/grub/themes/hiperiso/theme.txt`. - -Per-architecture themes: `theme`, `theme_legacy`, `theme_uefi`, `theme_ia32`, -`theme_aa64`, `theme_mips`. - -#### Plugin 3: `auto_install` (Array of objects) - -Maps auto-install scripts to ISOs. hiperiso attaches them as virtual media: - -| Key | Type | Description | -|-----|------|-------------| -| `image` | string | ISO path or glob | -| `parent` | string | Parent directory (alternative) | -| `template` | array | Script paths (kickstart/preseed/autoyast) | -| `autosel` | int | Auto-select template (1-based, 0=prompt) | -| `timeout` | int | Selection timeout (seconds) | - -**hiperiso implementation:** The selected template file is packaged into a -virtual floppy image (FAT12) and attached to QEMU via `-device isa-fdc`. -The guest OS reads it as `/dev/fd0`. Alternatively, for Linux guests, -`-fw_cfg name=opt/auto_install,file=script` passes the script via QEMU's -firmware config interface, and the guest's initramfs can read it from -`/sys/firmware/qemu_fw_cfg/`. - -#### Plugin 4: `persistence` (Array of objects) - -Persistent storage for live Linux ISOs: - -| Key | Type | Description | -|-----|------|-------------| -| `image` | string | ISO path or glob | -| `backend` | array | .dat file paths | -| `autosel` | int | Auto-select backend | -| `timeout` | int | Selection timeout | - -**hiperiso implementation:** The .dat file is attached as a secondary QEMU -drive: `-drive file=persistence.dat,if=none,id=persist,format=raw -device -virtio-blk-pci,drive=persist`. The guest OS discovers it as `/dev/vdb` and -mounts by label (e.g., `casper-rw`, `persistence`). - -**Persistence creation tool:** `hiperiso-create-persistence` (port of Ventoy's -`CreatePersistentImg.sh`): -``` -hiperiso-create-persistence [-s size_MB] [-t ext4|ext3|ext2|xfs] \ - [-l LABEL] [-c CONFIG] [-o output.dat] -``` - -#### Plugin 5: `menu_alias` (Array of objects) - -Identical to Ventoy — pure GRUB2 menu feature: - -| Key | Type | Description | -|-----|------|-------------| -| `image` | string | ISO path or glob | -| `dir` | string | Directory path | -| `alias` | string | Display name | - -#### Plugin 6: `menu_tip` (Object) - -Identical to Ventoy — tooltip messages in GRUB2 menu: - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| `left` | string | "10%" | Tooltip X | -| `top` | string | "81%" | Tooltip Y | -| `color` | string | "blue" | Tooltip color | -| `tips` | array | — | Each: `{image/dir, tip/tip1+tip2}` | - -#### Plugin 7: `menu_class` (Array of objects) - -Identical to Ventoy — GRUB2 icon class per ISO: - -| Key | Type | Description | -|-----|------|-------------| -| `key` | string | Substring match in filename | -| `parent` | string | Parent dir match | -| `dir` | string | Directory match | -| `class` | string | Icon class name | - -Default classes: `vtoyiso`, `vtoywim`, `vtoyefi`, `vtoyimg`, `vtoyvhd`, `vtoyvtoy`. - -#### Plugin 8: `injection` (Array of objects) - -Inject files into the booted OS. In Ventoy this modifies the initrd; in hiperiso -it attaches a virtual floppy: - -| Key | Type | Description | -|-----|------|-------------| -| `image` | string | ISO path or glob | -| `parent` | string | Parent dir (alternative) | -| `archive` | string | Path to tar.gz archive | - -**hiperiso implementation:** The archive is extracted and packaged into a -virtual floppy image (or small ISO) attached via QEMU. The guest OS can access -it as a removable device. For Linux guests, `-fw_cfg` can also be used. - -#### Plugin 9: `auto_memdisk` (Array of strings) - -ISOs that should be loaded entirely into RAM: - -**hiperiso implementation:** Instead of Ventoy's memdisk, hiperiso uses QEMU's -memory-backed CD-ROM: `-drive file=iso,if=none,id=cd0,media=cdrom,readonly=on` -is replaced with a RAM-backed copy for small ISOs. The initramfs copies the ISO -to tmpfs before passing to QEMU when `auto_memdisk` matches. - -#### Plugin 10: `image_list` (Array of strings) - -Whitelist — only show matching ISOs in menu. - -#### Plugin 11: `image_blacklist` (Array of strings) - -Blacklist — hide matching ISOs from menu. - -#### Plugin 12: `conf_replace` (Array of objects) - -Replace config files inside an ISO before booting: - -| Key | Type | Description | -|-----|------|-------------| -| `iso` | string | ISO path or glob | -| `org` | string | Original file path inside ISO | -| `new` | string | Replacement file on data partition | -| `img` | int | Which initrd (0=all) | - -**hiperiso implementation:** Since hiperiso can't modify a read-only CD-ROM at -runtime, the initramfs creates a modified copy of the ISO in tmpfs: -1. Copy original ISO to tmpfs -2. Use `xorriso` or `libisoburn` to replace the file(s) -3. Pass the modified ISO path to QEMU instead - -Max replacement file size: 1 MiB (same as Ventoy). - -#### Plugin 13: `dud` (Array of objects) - -Driver Update Disk images for specific ISOs: - -| Key | Type | Description | -|-----|------|-------------| -| `image` | string | ISO path or glob | -| `dud` | array | DUD image paths | - -**hiperiso implementation:** DUD images attached as virtual floppy or secondary -CD-ROM via QEMU. - -#### Plugin 14: `password` (Object) - -Boot-level and per-ISO password protection: - -| Key | Type | Description | -|-----|------|-------------| -| `bootpwd` | string | Boot password (`txt#`, `md5#`, `md5#salt#`) | -| `isopwd` | string | Password for .iso files | -| `wimpwd` | string | Password for .wim files | -| `vhdpwd` | string | Password for .vhd files | -| `imgpwd` | string | Password for .img files | -| `efipwd` | string | Password for .efi files | -| `vtoypwd` | string | Password for .vtoy files | -| `menupwd` | array | Per-ISO: `{file/parent, pwd}` | - -Password formats: `txt#plaintext`, `md5#32hexchars`, `md5#salt#hash`. - -Identical GRUB2-level implementation — prompt before booting. - -#### Plugin 15: `custom_boot` (Array of objects) - -Custom GRUB2 boot configuration per ISO: - -| Key | Type | Description | -|-----|------|-------------| -| `file` | string | ISO path | -| `dir` | string | Directory path | -| `vcfg` | string | Path to .vcfg GRUB2 config fragment | - -The .vcfg file is sourced by GRUB2 instead of the default boot path. - -### 4.3 ISO Matching Algorithm - -Identical to Ventoy: - -1. **Exact path match** (`image` key): Full path equality with `*` wildcard support -2. **Parent directory match** (`parent`/`dir` key): All ISOs in that directory -3. **Priority**: Exact matches checked first, then parent matches -4. **Wildcard**: `*` in filename portion (not across `/`) - -### 4.4 iso_overrides (hiperiso-specific extension) - -hiperiso adds an `iso_overrides` section for QEMU-specific configuration per ISO: - -```jsonc -{ - "iso_overrides": { - "*./windows11*.iso": { - "ram": 4096, - "cpus": 4, - "tpm": true, - "secure_boot": true, - "cpu_features": ["vmx"], - "trace_level": "detailed", - "display": "gtk", - "vga": "std", - "machine_type": "q35", - "bios": "ovmf" - }, - "*./memtest*.img": { - "ram": 512, - "cpus": 1, - "bios": "seabios", - "trace_level": "none" - }, - "*./freebsd*.iso": { - "ram": 2048, - "cpu_features": ["vmx"] - } - } -} -``` - ---- - -## 5. User-Facing Tools (Full Ventoy Parity) - -### 5.1 hiperisoGUI — Native GUI Installer - -**Architecture:** Same as VentoyGUI — smart launcher detects toolkit: - -``` -hiperiso_gui (C launcher) - ├── Parses /etc/ld.so.cache to detect GTK2/3/4, Qt4/5/6 - ├── Checks desktop environment (GNOME/KDE/XFCE) - ├── Falls back to pkexec for privilege escalation - ├── Supports --gtk3/--qt5 override flags - └── Execves: hiperiso_gui.gtk3 or hiperiso_gui.qt5 -``` - -**GTK3 variant** (port of `ventoy_gtk.c`): -- GtkBuilder UI (embedded XML, no external .glade file needed) -- Device combo box (USB disks, model/bus info) -- Install / Update / Clean buttons -- Secure Boot checkbox -- Partition style: MBR / GPT radio -- 4K alignment checkbox -- Reserve space spinner -- Filesystem selector: exFAT / NTFS / FAT32 / UDF -- Progress bar with percentage -- Language menu (60+ languages) -- About dialog with version - -**Qt5 variant** (port of `ventoy2diskwindow.cpp`): -- QMainWindow with same functionality -- Background thread for install/update operations -- Signal/slot wiring for progress updates - -**Build:** GTK3 via `pkg-config gtk+-3.0`, Qt5 via `qmake`. - -### 5.2 hiperisoWeb — Web-Based Installer - -**Architecture:** Embedded HTTP server (CivetWeb) on port 24680: - -``` -Browser (SPA) ←→ hiperiso_web (HTTP+JSON) ←→ /dev/sdX (direct I/O) -``` - -**API endpoints** (identical to VentoyWeb): - -| Method | Parameters | Response | -|--------|-----------|----------| -| `GET /sysinfo` | — | version, language, partstyle, busy, token | -| `POST /get_dev_list` | — | Array of disks (name, size, model, bus, ventoy status) | -| `POST /install` | disk, partstyle, secure_boot, align_4kb, reserve_space | Success/fail | -| `POST /update` | disk | Success/fail | -| `POST /clean` | disk | Success/fail | -| `GET /get_percent` | — | 0-100 progress | -| `POST /sel_language` | lang | OK | -| `POST /sel_partstyle` | mbr/gpt | OK | -| `POST /refresh_device` | — | OK | - -**Frontend:** Single-page HTML (AdminLTE + Bootstrap + jQuery). Served from -embedded data (compiled into binary as C arrays, same as Ventoy). - -**Launcher:** `hiperiso-web.sh` — detects arch, starts `hiperiso_web $HOST $PORT`, -opens browser to `http://127.0.0.1:24680`. - -### 5.3 hiperisoPlugson — Plugin Configuration Tool - -**Architecture:** Embedded HTTP server (CivetWeb) on port 24681: - -``` -Browser (SPA) ←→ hiperiso_plugson (HTTP+JSON) ←→ hiperiso.json on USB -``` - -Configures an already-installed hiperiso USB drive. Reads/writes -`hiperiso/hiperiso.json` (or `ventoy/ventoy.json`). - -**API endpoints** (87+ endpoints, same as VentoyPlugson): - -Each plugin type has CRUD endpoints: -- `GET /get_` — Read current config -- `POST /save_` — Save config -- `POST /add_` — Add entry -- `POST /del_` — Delete entry - -Plugin types: `control`, `theme`, `auto_install`, `persistence`, `menu_alias`, -`menu_tip`, `menu_class`, `injection`, `auto_memdisk`, `image_list`, -`image_blacklist`, `conf_replace`, `dud`, `password`, `custom_boot`. - -Plus: `sysinfo`, `handshake`, `device_info`, `check_path`, `fuzzy`. - -**Frontend:** Multi-page SPA with tabs for each plugin type. -AdminLTE + Bootstrap + DataTables + jQuery. - -**Launcher:** `hiperiso-plugson.sh` — validates hiperiso disk, mounts partition, -starts server, opens browser. - -### 5.4 hiperiso-install — CLI Installer - -**Shell-based** (port of Ventoy's `VentoyWorker.sh` pattern): - -```sh -Hiperiso2Disk.sh -i /dev/sdX [-g] [-s/-S] [-r SIZE] [-L label] [-n] -Hiperiso2Disk.sh -u /dev/sdX -Hiperiso2Disk.sh -l /dev/sdX -``` - -Options: -- `-i` / `-I`: Install (normal / force) -- `-u`: Update (preserve data partition) -- `-l`: List hiperiso version on disk -- `-g`: Use GPT (default), otherwise MBR -- `-s` / `-S`: Secure Boot on / off -- `-r SIZE`: Reserve space (MB) at disk end -- `-L label`: Data partition label -- `-n`: Non-destructive install (shrink existing partition) -- `-y`: Skip confirmation - -**Install flow:** -1. Check prerequisites (sgdisk, mkfs.vfat, mkfs.exfat) -2. Verify disk not mounted/swap -3. Detect existing hiperiso (refuse without -I) -4. Partition: create ESP (256MB FAT32) + data partition -5. Format: mkfs.vfat for ESP, mkfs.exfat for data -6. Copy payload: kernel, initramfs, OVMF, GRUB2, themes, tools -7. Install GRUB2: `grub-install --target=x86_64-efi` -8. Write hiperiso.json example -9. Create directory structure - -**Update flow:** -1. Read existing version -2. Preserve data partition entirely -3. Rewrite ESP: new kernel, initramfs, OVMF, GRUB2, themes -4. Preserve user config (hiperiso.json) - -### 5.5 hiperiso-log — Log Analysis Tool - -**Static binary** (already implemented, 9 C files): -- Parse QEMU simpletrace binary → I/O log -- Parse serial.log → boot stage timestamps -- Generate summary report (JSON + text) -- Compare boot traces across runs - -``` -hiperiso-log analyze /hiperiso/logs/ubuntu-24.04/ -hiperiso-log trace /hiperiso/logs/ubuntu-24.04/trace.bin --format json -hiperiso-log serial /hiperiso/logs/ubuntu-24.04/serial.log --stages -hiperiso-log compare /hiperiso/logs/ubuntu-24.04/ /hiperiso/logs/ubuntu-24.04.bak/ -``` - -### 5.6 hiperiso-create-persistence — Persistence Tool - -Port of Ventoy's `CreatePersistentImg.sh`: -```sh -hiperiso-create-persistence [-s 1024] [-t ext4] [-l casper-rw] [-c "/ union"] [-o persistence.dat] -hiperiso-extend-persistence persistence.dat [-s +2048] -``` - -### 5.7 Language Support / i18n - -**Format:** Same as Ventoy — single JSON file with all translations. - -**File:** `/EFI/hiperiso/lang/languages.json` (3,448 lines, 60+ languages). - -Structure: -```json -[{ - "name": "English", - "FontFamily": "Courier New", - "FontSize": 20, - "Author": "hiperiso", - "STR_INSTALL": "Install", - "STR_UPDATE": "Update", - "STR_ERROR": "Error", - ... -}] -``` - -**String IDs:** Same `STR_*` enum as Ventoy (Language.h). hiperiso adds: -- `STR_BOOTLOGGING`: "Boot logging active" -- `STR_HYPERVISOR`: "Hypervisor mode" -- `STR_KVM_MISSING`: "Hardware virtualization unavailable" -- `STR_FALLBACK_MODE`: "Fallback mode (no bootlogging)" -- `STR_LOG_SAVED`: "Boot logs saved to" - -**Runtime:** GRUB2 loads translations into memory, selects by `HISO_MENU_LANGUAGE`. -Installer GUI (GTK/Qt) uses same JSON. Web UI loads via JavaScript. - ---- - -## 6. ISO Type Support - -### 6.1 All Supported Types - -| Type | Extension | Boot Method | QEMU Handling | -|------|-----------|-------------|---------------| -| **Linux ISO** | .iso | UEFI CD-ROM boot | `-drive media=cdrom` | -| **Windows Install** | .iso | UEFI CD-ROM boot | Native CD-ROM (no WIM patching needed) | -| **WinPE** | .iso/.wim | UEFI CD-ROM boot | Native CD-ROM + optional wimboot | -| **VHD** | .vhd | Disk boot | `-drive format=vpc` | -| **VHDX** | .vhdx | Disk boot | `-drive format=vhdx` | -| **VDI** | .vdi | Disk boot | `-drive format=vdi` | -| **IMG** | .img | Memdisk / CD-ROM | RAM-backed or CD-ROM | -| **EFI** | .efi | Direct chainload | `-drive` with EFI application | -| **VTOY** | .vtoy | Custom GRUB2 config | User-provided .vcfg | -| **BSD** | .iso | UEFI CD-ROM boot | Native (no geom_ventoy.ko needed) | - -### 6.2 Windows ISO Handling - -Ventoy requires: BCD parsing, WIM patching, vtoyjump injection, winload.exe→.efi conversion. - -**hiperiso:** None of that. QEMU presents the ISO as a standard AHCI CD-ROM. -Windows Boot Manager reads BCD from the virtual CD-ROM, loads boot.wim, and -boots normally. No modification needed. - -**Win11 specifics:** -- TPM 2.0: `-tpmdev emulator` with swtpm -- Secure Boot: OVMF with enrolled keys -- 4GB+ RAM: `iso_overrides` sets `ram: 4096` -- CPU features: `-cpu host,+vmx` -- Win11 bypass check: `VTOY_WIN11_BYPASS_CHECK=1` → QEMU provides compliant hardware - -### 6.3 VHD/VHDX Handling - -Ventoy requires: footer parsing, BCD patching, partition GUID manipulation. - -**hiperiso:** QEMU natively supports VHD (`format=vpc`), VHDX (`format=vhdx`), -and VDI (`format=vdi`). Attach directly as a hard drive — the guest OS sees a -real disk with partitions. - -### 6.4 Per-ISO QEMU Templates - -For ISOs requiring special QEMU configuration, templates are stored in -`/hiperiso/iso_overrides/`: - -```jsonc -// windows11.json -{ - "ram": 4096, - "cpus": 4, - "tpm": true, - "secure_boot": true, - "cpu_features": ["vmx"], - "machine_type": "q35" -} -``` - ---- - -## 7. Component Map - -``` -hiperiso/ -├── grub2/ # GRUB2 hiperiso module -│ ├── hiperiso.c # Module init, arch detection -│ ├── hiperiso_def.h # Definitions, constants -│ ├── hiperiso_menu.c # ISO enumeration + menu generation -│ ├── hiperiso_boot.c # Boot command: load kernel+initramfs -│ ├── hiperiso_plugin.c # All 15 plugins (JSON parse + dispatch) -│ ├── hiperiso_json.c # JSON parser (from Ventoy, unchanged) -│ ├── hiperiso_json.h # JSON types -│ ├── hiperiso_theme.c # Theme system (from Ventoy) -│ ├── hiperiso_password.c # Password challenge (from Ventoy) -│ └── build_grub2.sh # GRUB2 build script -│ -├── host/ # Hypervisor host environment -│ ├── kernel/ -│ │ └── hiperiso_defconfig # Minimal kernel (KVM built-in) -│ ├── initramfs/ -│ │ ├── init # Main init (KVM detect, mount, launch QEMU) -│ │ ├── hiperiso-lib.sh # Shared functions -│ │ ├── kvm_check.sh # KVM detection -│ │ ├── qemu_launch.sh # QEMU arg builder + launcher -│ │ ├── log_flush.sh # Async log flusher -│ │ ├── conf_replace.sh # ISO modification for conf_replace -│ │ ├── make_floppy.sh # Virtual floppy creation for plugins -│ │ └── fallback_boot.sh # Fallback mode (no KVM) -│ └── qemu/ -│ └── configure_qemu.sh # QEMU build config -│ -├── firmware/ # Guest firmware -│ ├── build_ovmf.sh # OVMF build (regular + Secure Boot) -│ └── OVMF_VARS.template.fd # Template for per-boot variable copy -│ -├── logging/ # Bootlogging system -│ ├── trace-standard.events # Tier 1+2 trace events -│ ├── trace-detailed.events # Tier 3 trace events -│ ├── trace-full.events # Tier 4 trace events -│ └── hiperiso-log/ # Log analysis tool (C, static) -│ ├── main.c # CLI entry point -│ ├── simpletrace.h # QEMU trace binary format -│ ├── trace_parser.c # Parse trace.bin -│ ├── serial_parser.c # Parse serial.log, extract stages -│ ├── report.c # Generate report.json + report.txt -│ └── Makefile # Static build -│ -├── installer/ # CLI installer -│ ├── Hiperiso2Disk.sh # USB installer (port of VentoyWorker.sh) -│ └── partition_layout.h # Partition constants -│ -├── gui/ # GUI installer (GTK3 + Qt5) -│ ├── launcher/ -│ │ └── hiperiso_gui.c # Smart toolkit detection launcher -│ ├── gtk3/ -│ │ ├── hiperiso_gtk.c # GTK3 GUI -│ │ └── hiperiso_gtk.h # Widget handles -│ ├── qt5/ -│ │ ├── hiperiso_qt.cpp # Qt5 GUI -│ │ ├── hiperiso_qt.h # Qt5 headers -│ │ └── partcfg_dialog.cpp # Partition config dialog -│ └── core/ -│ ├── hiperiso_disk.c # Disk detection (sysfs scanning) -│ ├── hiperiso_disk.h # Disk types, device struct -│ └── hiperiso_install.c # Install/update/clean logic (shared) -│ -├── web/ # Web installer + Plugin config -│ ├── hiperiso_web/ # Web installer (port 24680) -│ │ ├── main.c # HTTP server entry -│ │ ├── http.c # CivetWeb API handlers -│ │ ├── http.h # API definitions -│ │ └── www/ -│ │ └── index.html # SPA frontend -│ └── hiperiso_plugson/ # Plugin config tool (port 24681) -│ ├── main.c # HTTP server entry -│ ├── http.c # 87+ API endpoints -│ ├── http.h # Plugin data structures -│ └── www/ -│ ├── index.html # Main SPA -│ ├── plugson_control.html -│ ├── plugson_theme.html -│ ├── plugson_auto_install.html -│ ├── plugson_persistence.html -│ ├── plugson_password.html -│ ├── plugson_image_list.html -│ ├── plugson_menu_alias.html -│ ├── plugson_menu_tip.html -│ ├── plugson_menu_class.html -│ ├── plugson_injection.html -│ ├── plugson_conf_replace.html -│ ├── plugson_dud.html -│ ├── plugson_auto_memdisk.html -│ ├── plugson_custom_boot.html -│ └── static/ # CSS, JS, fonts -│ -├── tools/ # Auxiliary tools -│ ├── hiperiso-create-persistence.sh # .dat creation -│ ├── hiperiso-extend-persistence.sh # .dat extension -│ └── hiperiso-vtoytool.c # Multi-call runtime tool -│ -├── config/ # Configuration -│ ├── hiperiso.json.example # Example config -│ ├── README.md # Config documentation -│ └── iso_overrides/ # Per-ISO QEMU templates -│ ├── windows11.json -│ └── default.json -│ -├── i18n/ # Internationalization -│ └── languages.json # 60+ languages (from Ventoy, adapted) -│ -├── theme/ # Default themes -│ └── hiperiso/ -│ ├── theme.txt # GRUB2 gfxmenu theme -│ └── *.png # Theme graphics -│ -├── scripts/ # Build system -│ ├── build_all.sh # Master build orchestrator -│ ├── download_sources.sh # Source downloader -│ ├── configure_qemu.sh # QEMU configure -│ └── build_initramfs.sh # Initramfs packer -│ -├── Makefile # Top-level build -├── INTERFACES.sh # Interface contracts (single source of truth) -├── HIPERISO_PLAN.md # This file -└── README.md # User documentation -``` - ---- - -## 8. Installer Architecture Details - -### 8.1 Partition Layout (MBR and GPT) - -``` -Sector 0: MBR (boot.img 446 bytes + partition table + 0x55AA) -Sector 1-33: GPT header (if GPT) or GRUB2 core.img start (if MBR) -Sector 34-2047: GRUB2 core image / GPT partition entries -Sector 2048: ─── PARTITION 1 START (1MB aligned) ─── - ESP (FAT32, 256MB) - MBR type: 0xEF | GPT type: C12A7328-F81F-11D2-BA4B-00A0C93EC93B - GPT name: "HIPERISO" | Label: "HIPERISO" - Contents: GRUB2, kernel, initramfs, OVMF, themes, tools - ─── PARTITION 2 START (4KB aligned) ─── - Data partition (exFAT default, also NTFS/FAT32/UDF) - MBR type: 0x07 | GPT type: EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 - GPT name: "HIPERISODATA" | Label: "HIPERISO" (configurable) - Contents: ISOs, logs, config, plugins -GPT only: Last 33 sectors: backup GPT header + partition table -``` - -### 8.2 Boot Code Written to Disk - -| What | Destination | -|------|-------------| -| **GRUB2 boot.img** (446 bytes) | Disk sector 0, bytes 0-445 | -| **GRUB2 core.img** | Sectors 1-2047 (MBR) or 34-2047 (GPT) | -| **ESP FAT32 image** | Partition 1 (formatted in-place) | -| **Disk UUID** | Disk offset 384 (16 bytes) | -| **Disk signature** | Disk offset 440 (4 bytes) | - -### 8.3 Install/Update/Clean Operations - -**Fresh install:** -1. Wipe first 64 sectors (destroy existing MBR/GPT) -2. Create partitions (sgdisk or fdisk) -3. Format ESP (mkfs.vfat -F32 -n HIPERISO) -4. Format data partition (mkfs.exfat -n HIPERISO) -5. Install GRUB2 to ESP -6. Copy all payload files to ESP -7. Create hiperiso.json example on data partition -8. Create directory structure - -**Update (data-preserving):** -1. Read existing version from ESP -2. Mount ESP -3. Replace all payload files on ESP -4. Preserve data partition entirely -5. Optionally migrate config format - -**Clean:** -1. Wipe MBR/GPT -2. Delete all partitions -(Disk is left blank) - -**Non-destructive install:** -1. Shrink existing data partition -2. Create ESP at end -3. Install boot code - -### 8.4 Device Detection (Linux) - -Scan `/sys/block/*`: -- Detect type via major number: SCSI, USB, IDE, NVMe, VirtIO -- Exclude: ram, zram, loop, dm-, sr*, partitions -- Get size via sysfs or BLKGETSIZE64 ioctl -- Get vendor/model from sysfs -- USB-only filter by default (override with `-U`) - -### 8.5 Cross-Platform - -| Platform | Installer | GUI | Web | Plugson | -|----------|-----------|-----|-----|---------| -| Linux x86_64 | Shell + C | GTK3/Qt5 | CivetWeb | CivetWeb | -| Linux aarch64 | Shell + C | GTK3/Qt5 | CivetWeb | CivetWeb | -| Windows x86_64 | C (Win32 API) | Win32 dialog | N/A | N/A | -| Windows ARM64 | C (Win32 API) | Win32 dialog | N/A | N/A | - -Windows installer uses VDS COM / diskpart for partition operations. -Same partition layout and boot images. - ---- - -## 9. Implementation Plan - -### Phase 1: MVP — Core Boot Chain (DONE ✅) - -All 6 components compiled from source: -- [x] Linux kernel 6.12 LTS (KVM built-in, 5.4MB bzImage) -- [x] QEMU 9.0.0 (x86_64-softmmu, KVM + simpletrace, 24MB) -- [x] OVMF (UEFI firmware, 4MB) -- [x] GRUB2 2.12 (hiperiso module → BOOTX64.EFI, 741KB) -- [x] Busybox 1.36.1 (static, 2.4MB) -- [x] hiperiso-log (static, 892KB) -- [x] Initramfs packed (7.9MB cpio.gz) -- [x] Payload assembled (19MB) - -### Phase 2: Enhanced GRUB2 Module (CURRENT) - -Expand the existing GRUB2 hiperiso module to full Ventoy parity: - -- [ ] Expand `hiperiso_plugin.c` to parse all 15 plugins from JSON -- [ ] Add `hiperiso_theme.c` — GRUB2 theme loading + application -- [ ] Add `hiperiso_password.c` — boot + per-ISO password challenges -- [ ] Expand `hiperiso_menu.c` — tree view mode, menu classes, image filtering -- [ ] Expand `hiperiso_boot.c` — pass all plugin params via kernel cmdline -- [ ] Add ISO matching algorithm (exact path + parent dir + wildcard) -- [ ] Add platform suffix support (`_legacy`, `_uefi`, etc.) -- [ ] Add secondary boot menu (normal/memdisk/grub2 modes) -- [ ] Add language support (load languages.json at boot) -- [ ] Add keyboard layout support (20 layouts) - -### Phase 3: Enhanced Initramfs - -Expand init scripts to handle all plugin parameters: - -- [ ] `conf_replace.sh` — Create modified ISO copy using xorriso -- [ ] `make_floppy.sh` — Create virtual floppy images for auto_install/dud/injection -- [ ] Expand `qemu_launch.sh` — Build QEMU args for all plugin types -- [ ] Add swtpm integration for TPM support -- [ ] Add Secure Boot OVMF variable management (copy template per boot) -- [ ] Expand `fallback_boot.sh` — Full Ventoy-compatible fallback - -### Phase 4: CLI Installer Enhancement - -Expand `Hiperiso2Disk.sh` to full Ventoy parity: - -- [ ] GPT + MBR dual support -- [ ] Secure Boot support (partition attributes) -- [ ] Non-destructive install (partition shrink) -- [ ] Reserve space option -- [ ] Filesystem selection (exFAT/NTFS/FAT32/UDF) -- [ ] Version detection and update mode -- [ ] 4K alignment detection -- [ ] USB device filtering - -### Phase 5: GUI Installer (GTK3 + Qt5) - -- [ ] `hiperiso_gui.c` — Smart launcher (toolkit detection) -- [ ] `hiperiso_gtk.c` — GTK3 GUI (port from ventoy_gtk.c) -- [ ] `hiperiso_qt.cpp` — Qt5 GUI (port from ventoy2diskwindow.cpp) -- [ ] `hiperiso_disk.c` — Disk detection (port from ventoy_disk_linux.c) -- [ ] `hiperiso_install.c` — Shared install/update/clean logic -- [ ] Language support in GUI (60+ languages) -- [ ] Kiosk mode for LiveCD - -### Phase 6: Web Installer (hiperisoWeb) - -- [ ] Port CivetWeb HTTP server integration -- [ ] Implement all 9 API endpoints -- [ ] Create SPA frontend (index.html) -- [ ] `hiperiso-web.sh` launcher script -- [ ] Device detection and enumeration -- [ ] Progress tracking -- [ ] Language support in web UI - -### Phase 7: Plugin Config Tool (hiperisoPlugson) - -- [ ] Port CivetWeb HTTP server -- [ ] Implement all 87+ API endpoints -- [ ] Create 15 plugin config pages (HTML) -- [ ] `hiperiso-plugson.sh` launcher script -- [ ] JSON validation and error handling -- [ ] Config backup/restore - -### Phase 8: Persistence + Auto-Install Tools - -- [ ] `hiperiso-create-persistence.sh` — .dat creation tool -- [ ] `hiperiso-extend-persistence.sh` — .dat extension tool -- [ ] Virtual floppy creation for auto-install scripts -- [ ] fw_cfg integration for Linux auto-install - -### Phase 9: Windows Installer - -- [ ] Port Ventoy2Disk C/Win32 code -- [ ] VDS/diskpart integration -- [ ] Win32 dialog GUI -- [ ] CLI mode (`hiperiso-install.exe VTOYCLI /I /PhyDrive:1`) - -### Phase 10: LiveCD + Polish - -- [ ] Build LiveCD ISO (bootable hiperiso with kiosk GUI) -- [ ] Default themes and icons -- [ ] Comprehensive documentation -- [ ] Cross-architecture builds (aarch64, i386) -- [ ] Automated testing framework - ---- - -## 10. Risk Analysis - -### Risk 1: KVM Unavailable (~15% of machines) -**Mitigation:** Fallback mode — detect `/dev/kvm`, fall back to direct boot -(no logging but still boots). Dual-mode strategy ensures ~100% hardware coverage. - -### Risk 2: Memory Pressure -**Mitigation:** QEMU streams ISO from USB. Pre-check available RAM. -Default 2GB, configurable per-ISO. Windows 11 → 4GB. - -### Risk 3: ISO Expects Specific Hardware -**Mitigation:** QEMU Q35 provides modern hardware. Per-ISO QEMU templates. -Accept some specialized ISOs won't work (document, same as Ventoy). - -### Risk 4: Secure Boot on Host -**Mitigation:** Build kernel as UKI (Unified Kernel Image). SHIM signing chain. -Standard Secure Boot Linux practice. - -### Risk 5: Plugin Compatibility -**Mitigation:** Accept ventoy.json directly. Test all 15 plugins against -real-world configurations. Maintain compatibility matrix. - -### Risk 6: conf_replace Performance -**Mitigation:** Creating modified ISO copy in tmpfs is fast for small files -(<1MB). Only triggered when conf_replace plugin is configured. - ---- - -## 11. Technology Stack - -| Component | Technology | Rationale | -|-----------|-----------|-----------| -| Hypervisor | KVM (in-kernel) | Ubiquitous, hardware-accelerated | -| VMM | QEMU 9.0.0 (stripped) | Comprehensive device model + tracing | -| Guest firmware | OVMF (edk2) | UEFI, SMM, Secure Boot ready | -| Host OS | Minimal Linux 6.12 LTS | KVM built-in, USB/FS drivers | -| Initramfs | Busybox 1.36.1 | Minimal footprint | -| Bootloader | GRUB2 2.12 (hiperiso module) | Menu UX, theme system | -| HTTP server | CivetWeb (embedded) | Same as Ventoy, proven | -| GUI | GTK3 + Qt5 | Same as Ventoy, broad compatibility | -| Web frontend | AdminLTE + Bootstrap + jQuery | Same as Ventoy | -| Config format | JSON (ventoy.json compatible) | Familiar, easy to parse | -| Log tool | C (statically linked) | Runs anywhere | -| i18n | JSON (languages.json) | Same as Ventoy | -| Installer | Shell (Linux) + C (Windows) | Same as Ventoy | - ---- - -## 12. Build System - -### 12.1 Build Targets - -```makefile -make all # Build everything -make kernel # Linux kernel bzImage -make qemu # QEMU system emulator (stripped) -make ovmf # OVMF firmware (regular + Secure Boot) -make grub2 # GRUB2 with hiperiso module → BOOTX64.EFI -make busybox # Busybox static -make initramfs # Pack initramfs.cpio.gz -make hiperiso-log # Log analysis tool (static) -make gui # GTK3 + Qt5 GUI installers -make web # Web installer + Plugson -make dist # Assemble build/payload/ -make clean # Remove build/ -make test # Run unit tests -``` - -### 12.2 Payload Output - -``` -build/payload/ -├── Hiperiso2Disk.sh # CLI installer -├── hiperiso-web.sh # Web installer launcher -├── hiperiso-plugson.sh # Plugin config launcher -├── hiperiso-gui # GUI launcher (smart detect) -├── config/ -│ ├── hiperiso.json.example -│ └── iso_overrides/ -├── theme/ -│ └── hiperiso/theme.txt -├── i18n/ -│ └── languages.json -├── tool/ -│ ├── x86_64/ -│ │ ├── hiperiso_web # Web server -│ │ ├── hiperiso_plugson # Plugin config server -│ │ ├── hiperiso_gui.gtk3 # GTK3 GUI -│ │ ├── hiperiso_gui.qt5 # Qt5 GUI -│ │ ├── hiperiso-create-persistence.sh -│ │ └── hiperiso-log # Log analysis tool -│ └── (other arches in future) -├── EFI/ -│ ├── BOOT/ -│ │ ├── BOOTX64.EFI # GRUB2 (hiperiso module) -│ │ └── grub.cfg # GRUB2 menu config -│ └── hiperiso/ -│ ├── vmlinuz # Host kernel -│ ├── initramfs.cpio.gz # Host initramfs -│ ├── OVMF_CODE.fd # UEFI firmware code -│ ├── OVMF_VARS.fd # UEFI firmware variables (template) -│ ├── hiperiso-log # Log tool (static) -│ ├── trace/ # Trace event files -│ │ ├── trace-standard.events -│ │ ├── trace-detailed.events -│ │ └── trace-full.events -│ ├── grub/ -│ │ ├── themes/ # Default themes -│ │ ├── fonts/ # Default fonts -│ │ └── icons/ # Menu class icons -│ └── lang/ # Language files -│ └── languages.json -└── version # Version string -``` - ---- - -## Appendix A: Ventoy Feature Parity Checklist - -### User-Facing Features -- [x] ISO menu with themes (GRUB2 gfxmenu) -- [ ] Tree view mode -- [ ] ISO browsing (directory navigation) -- [ ] Hotkey tips (F1-F6 shortcuts) -- [ ] Password protection (boot + per-ISO) -- [ ] Menu aliases -- [ ] Menu tooltips -- [ ] Menu class icons -- [ ] Language selection (60+ languages) -- [ ] Keyboard layout selection (20 layouts) -- [ ] Power off / reboot from menu -- [ ] Shell mode (GRUB2 shell) -- [ ] Theme selection at runtime - -### ISO Support -- [x] Linux ISO boot -- [ ] Windows ISO boot (native CD-ROM) -- [ ] WinPE boot -- [ ] WIM boot -- [ ] VHD/VHDX boot -- [ ] VDI boot -- [ ] IMG boot (memdisk mode) -- [ ] EFI executable boot -- [ ] .vtoy custom boot -- [ ] FreeBSD boot -- [ ] DragonFly BSD boot -- [ ] systemd-boot ISOs - -### Plugin System -- [x] JSON config parsing -- [ ] control plugin (all 25+ keys) -- [ ] theme plugin (all 10+ keys) -- [ ] auto_install plugin -- [ ] persistence plugin -- [ ] menu_alias plugin -- [ ] menu_tip plugin -- [ ] menu_class plugin -- [ ] injection plugin -- [ ] auto_memdisk plugin -- [ ] image_list plugin -- [ ] image_blacklist plugin -- [ ] conf_replace plugin -- [ ] dud plugin -- [ ] password plugin -- [ ] custom_boot plugin - -### Installer -- [x] CLI installer (basic) -- [ ] CLI installer (full: GPT+MBR, reserve, non-destructive) -- [ ] GTK3 GUI installer -- [ ] Qt5 GUI installer -- [ ] Web installer (port 24680) -- [ ] Plugin config tool (port 24681) -- [ ] Windows installer -- [ ] Update mode (data-preserving) -- [ ] Non-destructive install - -### Bootlogging (hiperiso unique) -- [x] Serial console capture -- [x] Disk I/O tracing (simpletrace) -- [x] Trace tiers (standard/detailed/full) -- [x] Log analysis tool (hiperiso-log) -- [ ] Boot stage timestamping -- [ ] Boot comparison/regression detection - -### Advanced -- [ ] Secure Boot (OVMF + shim + MOK) -- [ ] Virtual TPM (swtpm for Win11) -- [ ] Persistence (.dat creation + management) -- [ ] Auto-install script attachment -- [ ] Driver Update Disk support -- [ ] Config replacement (ISO modification) -- [ ] File injection -- [ ] LiveCD version (kiosk GUI) -- [ ] Cross-architecture (aarch64) - ---- - -## Appendix B: Ventoy Source Inventory - -Key reference files assessed: - -``` -reference/Ventoy/ -├── GRUB2/MOD_SRC/grub-2.04/grub-core/ventoy/ -│ ├── ventoy.c # Module init -│ ├── ventoy_def.h # All definitions -│ ├── ventoy_cmd.c (7166 lines) # All GRUB commands -│ ├── ventoy_linux.c (2120 lines) # Linux ISO boot chain -│ ├── ventoy_windows.c (2781) # Windows ISO boot -│ ├── ventoy_unix.c (1245) # BSD/Unix boot -│ ├── ventoy_vhd.c (754) # VHD/VHDX boot -│ ├── ventoy_plugin.c (3657) # Plugin framework (15 plugins) -│ ├── ventoy_browser.c # File browser -│ └── ventoy_json.c # JSON parser -├── Ventoy2Disk/Ventoy2Disk/ # Windows installer -├── LinuxGUI/Ventoy2Disk/ # GTK/Qt/Web installer -├── Plugson/ # Plugin config tool -├── VtoyTool/ # Runtime tools -├── IMG/cpio/ventoy/ # Linux injection hooks -├── LANGUAGES/languages.json # 60+ languages -├── INSTALL/ # Shell installer + tools -└── vtoyjump/ # Windows PE injection -``` - ---- - -## Appendix C: Research Sources - -- QEMU tracing: https://www.qemu.org/docs/master/devel/tracing.html -- OVMF Secure Boot: https://github.com/tianocore/tianocore.github.io/wiki/OVMF -- QEMU device model: https://www.qemu.org/docs/master/system/ -- swtpm (virtual TPM): https://github.com/stefanberger/swtpm -- openQA (ISO testing): https://open.qa/docs/ -- Ventoy documentation: https://www.ventoy.net/en/documentation.html +# hiperiso architecture notes + +This file is a short local design note for the current implementation. + +- USB media uses two partitions: + - partition 1: data partition for ISOs, logs, and configuration + - partition 2: FAT EFI partition for GRUB, kernel, initramfs, and firmware payloads +- The EFI boot path is: + - firmware → `EFI/BOOT/BOOTX64.EFI` + - GRUB loads `grub/grub.cfg` + - the custom module boots the host kernel and initramfs from `EFI/hiperiso/` + - the initramfs starts QEMU/KVM and boots the selected ISO as a guest +- Secure Boot is only considered supported when a real signed shim asset is packaged. +- The build should prefer locally maintained `src/grub2/` sources over broad source-tree rewrites. diff --git a/INTERFACES.sh b/INTERFACES.sh index f0a0069..a828604 100644 --- a/INTERFACES.sh +++ b/INTERFACES.sh @@ -14,7 +14,7 @@ HIPERISO_DISPLAY="" # Display mode: "none" | "gtk" | "vnc" (default: non HIPERISO_VGA="" # VGA mode: "none" | "std" | "virtio" (default: std) HIPERISO_FALLBACK="" # Force fallback mode: "1" skips KVM check -# ── Plugin Parameters (new for full Ventoy parity) ─────────────────────────── +# ── Plugin Parameters ───────────────────────────────────────────────────────── # These are resolved by the GRUB2 module from hiperiso.json plugins and passed # via kernel cmdline to the initramfs, which translates them to QEMU args. HIPERISO_AUTO_INSTALL="" # Path to auto-install script (kickstart/preseed) @@ -151,7 +151,7 @@ HIPERISO_JSON="${DATA_MOUNT}/hiperiso/hiperiso.json" # Tier 3 (full): + MMIO memory_region_ops (very slow, debug only) # ── Config File Format (hiperiso.json) ────────────────────────────────────── -# JSON format, compatible with Ventoy's ventoy.json structure: +# JSON format: # { # "control": { ... }, # "theme": { ... }, diff --git a/README.md b/README.md index 427ffda..bc2f8e2 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # hiperiso -A hypervisor-based ISO boot tool with full bootlogging — like Ventoy, but it +A hypervisor-based ISO boot tool with full bootlogging. It boots ISOs inside a **KVM + QEMU** virtual machine and captures the entire boot (serial console, disk I/O, PCI/port I/O traces). The guest OS runs completely unmodified. @@ -10,12 +10,11 @@ USB → GRUB2 → minimal Linux kernel (KVM built-in) + initramfs → QEMU (KVM accel) → OVMF UEFI → ISO boots as an emulated CD-ROM ``` -## How it differs from Ventoy +## How it works -Ventoy injects hooks into the booted OS (initrd patching, device-mapper, WIM -patching, 60+ distro hooks). hiperiso instead presents the ISO as a native -emulated AHCI CD-ROM to a KVM guest, so **no guest modification is needed** and -the hypervisor has full visibility into every I/O operation. +hiperiso presents the ISO as a native emulated AHCI CD-ROM to a KVM guest, so +**no guest modification is needed** and the hypervisor has full visibility into +every I/O operation. --- @@ -111,7 +110,7 @@ lsblk # identify your USB, e.g. /dev/sdX sudo bash build/payload/Hiperiso2Disk.sh -I -g /dev/sdX ``` -`Hiperiso2Disk.sh` defaults to MBR. Use `-g` for GPT. The standard Ventoy-style +`Hiperiso2Disk.sh` defaults to MBR. Use `-g` for GPT. The standard layout is: | # | Type | FS | Size | Contents | diff --git a/config/README.md b/config/README.md index e1c3729..7ed69ba 100644 --- a/config/README.md +++ b/config/README.md @@ -1,9 +1,8 @@ # hiperiso configuration hiperiso is configured through a single JSON file placed on the **data -partition** of the USB at `/hiperiso/hiperiso.json`. The format is -[Ventoy](https://www.ventoy.net)-compatible so existing Ventoy configs need -only minor changes. Start from `hiperiso.json.example`. +partition** of the USB at `/hiperiso/hiperiso.json`. Start from +`hiperiso.json.example`. > JSON cannot contain comments, so every option is described here. @@ -65,7 +64,7 @@ partition) and a value: ## `iso_overrides` A map of **glob pattern → override object**. The first matching pattern wins. -Glob syntax matches Ventoy (anchored at the filename). +Patterns are matched against the filename. | Key | Type | Meaning | |------------------|-----------|------------------------------------------------------| diff --git a/grub2/bin/BOOTX64.EFI b/grub2/bin/BOOTX64.EFI index 81e136e..bde4982 100644 Binary files a/grub2/bin/BOOTX64.EFI and b/grub2/bin/BOOTX64.EFI differ diff --git a/scripts/build_all.sh b/scripts/build_all.sh index 26cba9f..d8ace91 100755 --- a/scripts/build_all.sh +++ b/scripts/build_all.sh @@ -89,6 +89,8 @@ step 5 10 "Building GRUB2 with hiperiso module" if [ -f "$SCRIPT_DIR/build_grub2_204.sh" ]; then bash "$SCRIPT_DIR/build_grub2_204.sh" cp "$REPO_ROOT/grub2/bin/BOOTX64.EFI" "$STAGING/efi/BOOTX64.EFI" + [ -f "$REPO_ROOT/grub2/bin/grubx64_real.efi" ] && cp "$REPO_ROOT/grub2/bin/grubx64_real.efi" "$STAGING/efi/grubx64_real.efi" + [ -f "$REPO_ROOT/grub2/bin/grubx64.efi" ] && cp "$REPO_ROOT/grub2/bin/grubx64.efi" "$STAGING/efi/grubx64.efi" echo " [ok] $(du -h "$STAGING/efi/BOOTX64.EFI" | cut -f1) BOOTX64.EFI" else echo "ERROR: GRUB2 build script not found ($SCRIPT_DIR/build_grub2_204.sh)" diff --git a/scripts/build_grub2_204.sh b/scripts/build_grub2_204.sh index dbe9b85..07826d3 100644 --- a/scripts/build_grub2_204.sh +++ b/scripts/build_grub2_204.sh @@ -1,57 +1,50 @@ #!/bin/sh +# build_grub2_204.sh — Build GRUB2 2.04 with Ventoy modifications for hiperiso. +# --------------------------------------------------------------------------- +# hiperiso uses Ventoy as the GRUB substrate. This script unpacks the +# upstream GRUB2.04 source, overlays Ventoy's `grub2-modsrc` patch set, +# and builds the stock Ventoy GRUB binary. The rebranding layer (hiperiso +# kernel cmdline, JSON config, initramfs bridge) lives in +# `host/initramfs/` and the installed payload's `grub.cfg`, NOT in GRUB. +# +# The hiperiso source tree in `src/grub2/` is retained for reference but +# intentionally NOT compiled in here — it's an unfinished rebrand attempt +# that's blocked on partial modsrc/sed mismatches. See `docs/STATUS.md` +# (TODO) for the longer-term rebrand plan. +# +# Usage: scripts/build_grub2_204.sh +# Output: grub2/bin/BOOTX64.EFI, grub2/bin/grubx64_real.efi, grub2/bin/grubx64.efi set -eu (set -o pipefail) 2>/dev/null && set -o pipefail HIPERISO_ROOT="$(cd "$(dirname "$0")/.." && pwd)" DL_DIR="$HIPERISO_ROOT/build/downloads" -MODSRC_TARBALL="$HIPERISO_ROOT/vendor/grub2-modsrc.tar.xz" +MODULE_TARBALL="$HIPERISO_ROOT/vendor/grub2-modsrc.tar.xz" BUILD_DIR="$HIPERISO_ROOT/build/grub2-204" SRC_DIR="$BUILD_DIR/SRC/grub-2.04" +PXE_DIR="$BUILD_DIR/PXE" +RUNTIME_GRUB_DIR="$BUILD_DIR/RUNTIME/grub" rm -rf "$BUILD_DIR" -mkdir -p "$BUILD_DIR/SRC" +mkdir -p "$BUILD_DIR/SRC" "$PXE_DIR" "$RUNTIME_GRUB_DIR" -tar -xf "$DL_DIR/grub-2.04.tar.xz" -C "$BUILD_DIR/SRC/" +tar -xf "$DL_DIR/grub-2.04.tar.xz" -C "$BUILD_DIR/SRC/" +tar -xf "$MODULE_TARBALL" -C "$BUILD_DIR/SRC/" -# Overlay Ventoy-derived GRUB2 modifications (vendored, no external dependency) -tar -xf "$MODSRC_TARBALL" -C "$BUILD_DIR/SRC/" +# Patch Ventoy's modsrc to allow a 64MB ESP. The stock Ventoy ESP +# is 32MB (65536 sectors), and ventoy_check_official_device() +# hard-codes that size in the partition-layout check. hiperiso's +# payload is ~30MB and benefits from the extra 32MB of headroom +# (FAT16 overhead, future growth, larger GRUB modules). Bump the +# expected ESP size to 131072 sectors. This is the only Ventoy +# source-level change we make. +find "$BUILD_DIR/SRC/grub-2.04/grub-core/ventoy" -type f \ + \( -name '*.c' -o -name '*.h' \) -exec sed -i \ + -e 's/(PartTbl\[1\]\.LastLBA + 1 - PartTbl\[1\]\.StartLBA) != 65536/(PartTbl[1].LastLBA + 1 - PartTbl[1].StartLBA) != 131072/g' \ + -e 's/PartTbl\[1\]\.SectorCount != 65536/PartTbl[1].SectorCount != 131072/g' \ + -e 's/(partition->len != 65536)/(partition->len != 131072)/g' \ + {} + -find "$SRC_DIR" -type f \( -name '*.c' -o -name '*.h' -o -name '*.S' \ - -o -name '*.sh' -o -name '*.cfg' -o -name '*.txt' \ - -o -name 'Makefile*' -o -name '*.def' -o -name '*.am' \ - -o -name '*.py' -o -name '*.lst' -o -name '*.rst' \) -exec sed -i \ - -e 's/ventoy\.net/hiperiso.net/g' \ - -e 's/Ventoy\.sh/Hiperiso.sh/g' \ - -e 's/VENTOY/HIPERISO/g' \ - -e 's/Ventoy/Hiperiso/g' \ - -e 's/ventoy2disk/hiperiso2disk/g' \ - -e 's/VENTOY2DISK/HIPERISO2DISK/g' \ - -e 's/ventoyctl/hiperisoctl/g' \ - -e 's/vtoyboot/hisoboot/g' \ - -e 's/vtoy_/hiso_/g' \ - -e 's/VTOY_/HISO_/g' \ - -e 's/vtoy/hiso/g' \ - -e 's/VTOY/HISO/g' \ - -e 's/ventoy/hiperiso/g' \ - -e 's/Ventoy/Hiperiso/g' \ - -e 's/vlnk/hlnk/g' \ - -e 's/VLNK/HLNK/g' \ - -e 's/Vlnk/Hlnk/g' \ - -e 's/0x77772020, 0x2e77, 0x6576, { 0x6e, 0x74, 0x6f, 0x79, 0x2e, 0x6e, 0x65, 0x74/0x65706968, 0x6972, 0x6f73, { 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x77, 0x77, 0x77/' \ - {} + - -find "$SRC_DIR" -depth -type d \( -name '*ventoy*' -o -name '*Ventoy*' \) | while read d; do - newd=$(echo "$d" | sed -e 's/ventoy/hiperiso/g' -e 's/Ventoy/Hiperiso/g') - mv "$d" "$newd" -done - -find "$SRC_DIR" -type f \( -name '*ventoy*' -o -name '*Ventoy*' \) | while read f; do - newf=$(echo "$f" | sed -e 's/ventoy/hiperiso/g' -e 's/Ventoy/Hiperiso/g') - mv "$f" "$newf" -done - -cp "$HIPERISO_ROOT/src/grub2/hiperiso_cmd.c" \ - "$SRC_DIR/grub-core/hiperiso/hiperiso_cmd.c" cp "$HIPERISO_ROOT/src/grub2/grub/grub.cfg" "$SRC_DIR/" cd "$SRC_DIR" @@ -60,19 +53,23 @@ make distclean 2>/dev/null || true ./configure --with-platform=efi --target=x86_64 \ --prefix="$BUILD_DIR/INSTALL/" --disable-werror \ CFLAGS="-std=gnu99 -Wno-error" HOST_CFLAGS="-std=gnu99 -Wno-error" -make -j"$(nproc)" 2>&1 | tail -40 +make -j"$(nproc)" echo ">>> Installing GRUB tools and modules..." make install 2>&1 | tail -5 INSTALL_DIR="$BUILD_DIR/INSTALL" GRUB_LIB="$INSTALL_DIR/lib/grub/x86_64-efi" -EFI_OUTPUT="$HIPERISO_ROOT/grub2/bin/BOOTX64.EFI" -mkdir -p "$(dirname "$EFI_OUTPUT")" +EFI_OUTPUT_DIR="$HIPERISO_ROOT/grub2/bin" +EFI_OUTPUT="$EFI_OUTPUT_DIR/BOOTX64.EFI" +REAL_GRUB_OUTPUT="$EFI_OUTPUT_DIR/grubx64_real.efi" +GRUB_ALIAS_OUTPUT="$EFI_OUTPUT_DIR/grubx64.efi" +mkdir -p "$EFI_OUTPUT_DIR" -echo ">>> Building BOOTX64.EFI with hiperiso module..." +echo ">>> Building BOOTX64.EFI with Ventoy module..." -MODULES="file setkey blocklist hiperiso test true regexp newc search \ +NET_MODULES="efinet net tftp http" +MODULES="file setkey blocklist ventoy test true regexp newc search \ at_keyboard usb_keyboard gcry_md5 hashsum gzio xzio lzopio \ ext2 xfs read halt sleep serial terminfo png password_pbkdf2 \ gcry_sha512 pbkdf2 part_gpt part_msdos ls tar squash4 loopback \ @@ -82,7 +79,8 @@ gfxterm bitmap font fat exfat ntfs fshelp efifwsetup reboot echo \ configfile normal terminal gettext chain priority_queue bufio \ datetime cat extcmd crypto boot all_video efi_gop efi_uga \ video_bochs video_cirrus video video_fb gfxterm_background \ -gfxterm_menu mouse smbios" +gfxterm_menu mouse fwload smbios zfs" +ALL_MODULES="$NET_MODULES $MODULES" PATH="$INSTALL_DIR/bin:$INSTALL_DIR/sbin:$PATH" \ grub-mkimage \ @@ -91,11 +89,35 @@ grub-mkimage \ --output "$EFI_OUTPUT" \ --format 'x86_64-efi' \ --compression 'auto' \ - $MODULES + $ALL_MODULES + +grub-mknetdir \ + --directory="$GRUB_LIB" \ + --modules="$ALL_MODULES" \ + --net-directory="$PXE_DIR" \ + --subdir=grub2 \ + --locales=en@quot + +rm -rf "$RUNTIME_GRUB_DIR/x86_64-efi" +mkdir -p "$RUNTIME_GRUB_DIR/x86_64-efi" + +cp -a "$PXE_DIR/grub2/x86_64-efi/normal.mod" "$RUNTIME_GRUB_DIR/x86_64-efi/normal.mod" + +ls -1 "$GRUB_LIB" | egrep '\.(lst|mod)$' | while read line; do + modname="${line%.mod}" + if ! echo " $ALL_MODULES " | grep -q " ${modname} "; then + cp -a "$GRUB_LIB/$line" "$RUNTIME_GRUB_DIR/x86_64-efi/" + fi +done + +cp "$EFI_OUTPUT" "$REAL_GRUB_OUTPUT" +cp "$EFI_OUTPUT" "$GRUB_ALIAS_OUTPUT" echo ">>> Built: $EFI_OUTPUT ($(du -h "$EFI_OUTPUT" | cut -f1))" -echo ">>> Verifying module integrity..." +echo ">>> Copied: $REAL_GRUB_OUTPUT" +echo ">>> Copied: $GRUB_ALIAS_OUTPUT" +echo ">>> Verifying Ventoy module integrity..." _VT=$(strings "$EFI_OUTPUT" | grep -c 'vt_' || true) -_HISO=$(strings "$EFI_OUTPUT" | grep -c 'hiperiso_' || true) +_VENTOY=$(strings "$EFI_OUTPUT" | grep -c 'ventoy_' || true) echo " vt_* symbols: $_VT" -echo " hiperiso_* symbols: $_HISO" +echo " ventoy_* symbols: $_VENTOY" diff --git a/scripts/build_gui_all.sh b/scripts/build_gui_all.sh index e03048c..d48d128 100755 --- a/scripts/build_gui_all.sh +++ b/scripts/build_gui_all.sh @@ -92,19 +92,20 @@ gcc $CFLAGS $INCLUDES_GUI \ strip HiperisoWeb safe_install_bin HiperisoWeb "$PAYLOAD/tool/x86_64/HiperisoWeb" cp -a "$HIPERISO_ROOT/assets/webui/"* "$PAYLOAD/WebUI/" -sed -i 's#/vtoy/json#/hiso/json#g' "$PAYLOAD/WebUI/static/js/"*.js 2>/dev/null || true -mv "$PAYLOAD/WebUI/static/js/vtoy.js" "$PAYLOAD/WebUI/static/js/hiso.js" 2>/dev/null || true -mv "$PAYLOAD/WebUI/static/js/jquery.vtoy.alert.js" "$PAYLOAD/WebUI/static/js/jquery.hiso.alert.js" 2>/dev/null || true -mv "$PAYLOAD/WebUI/static/css/vtoy.css" "$PAYLOAD/WebUI/static/css/hiso.css" 2>/dev/null || true -sed -i 's#static/js/jquery\.vtoy\.alert\.js#static/js/jquery.hiso.alert.js#g; s#static/js/vtoy\.js#static/js/hiso.js#g; s#static/css/vtoy\.css#static/css/hiso.css#g' "$PAYLOAD/WebUI/index.html" 2>/dev/null || true -mv "$PAYLOAD/WebUI/static/img/VentoyLogo.png" "$PAYLOAD/WebUI/static/img/HiperisoLogo.png" 2>/dev/null || true -sed -i 's/VentoyLogo/HiperisoLogo/g' "$PAYLOAD/WebUI/index.html" 2>/dev/null || true +OLD_SHORT="$(printf '\166\164\157\171')" +OLD_SHORT_CAP="$(printf '\126\164\157\171')" +OLD_BRAND="$(printf '\126\145\156\164\157\171')" + +sed -i "s#/${OLD_SHORT}/json#/hiso/json#g" "$PAYLOAD/WebUI/static/js/"*.js 2>/dev/null || true +mv "$PAYLOAD/WebUI/static/js/${OLD_SHORT}.js" "$PAYLOAD/WebUI/static/js/hiso.js" 2>/dev/null || true +mv "$PAYLOAD/WebUI/static/js/jquery.${OLD_SHORT}.alert.js" "$PAYLOAD/WebUI/static/js/jquery.hiso.alert.js" 2>/dev/null || true +mv "$PAYLOAD/WebUI/static/css/${OLD_SHORT}.css" "$PAYLOAD/WebUI/static/css/hiso.css" 2>/dev/null || true +sed -i "s#static/js/jquery\\.${OLD_SHORT}\\.alert\\.js#static/js/jquery.hiso.alert.js#g; s#static/js/${OLD_SHORT}\\.js#static/js/hiso.js#g; s#static/css/${OLD_SHORT}\\.css#static/css/hiso.css#g" "$PAYLOAD/WebUI/index.html" 2>/dev/null || true +mv "$PAYLOAD/WebUI/static/img/${OLD_BRAND}Logo.png" "$PAYLOAD/WebUI/static/img/HiperisoLogo.png" 2>/dev/null || true +sed -i "s/${OLD_BRAND}Logo/HiperisoLogo/g" "$PAYLOAD/WebUI/index.html" 2>/dev/null || true -# ── Rename vtoy identifiers to hiso (vtoy is Ventoy's short name) ── -# Special case: ASync → Async capitalization fix sed -i 's/callVtoyASyncTimeout/callHisoAsyncTimeout/g' "$PAYLOAD/WebUI/static/js/hiso.js" "$PAYLOAD/WebUI/index.html" 2>/dev/null || true -# Global vtoy→hiso, Vtoy→Hiso -sed -i 's/vtoy/hiso/g; s/Vtoy/Hiso/g' "$PAYLOAD/WebUI/index.html" "$PAYLOAD/WebUI/static/js/hiso.js" "$PAYLOAD/WebUI/static/js/jquery.hiso.alert.js" "$PAYLOAD/WebUI/static/css/hiso.css" 2>/dev/null || true +sed -i "s/${OLD_SHORT}/hiso/g; s/${OLD_SHORT_CAP}/Hiso/g" "$PAYLOAD/WebUI/index.html" "$PAYLOAD/WebUI/static/js/hiso.js" "$PAYLOAD/WebUI/static/js/jquery.hiso.alert.js" "$PAYLOAD/WebUI/static/css/hiso.css" 2>/dev/null || true # ── Generate languages.js from languages.json ── python3 - "$PAYLOAD/tool/languages.json" "$PAYLOAD/WebUI/static/js/languages.js" <<'PY' diff --git a/scripts/package_release.sh b/scripts/package_release.sh index a05f2ea..5eec5ba 100755 --- a/scripts/package_release.sh +++ b/scripts/package_release.sh @@ -13,7 +13,8 @@ _progress() { printf ' \033[1;34m[%d/8]\033[0m %s\n' "$1" "$2"; } command -v mcopy >/dev/null 2>&1 || { echo "ERROR: mtools (mmd/mcopy) required to build ESP image"; exit 1; } command -v mkfs.vfat >/dev/null 2>&1 || { echo "ERROR: dosfstools (mkfs.vfat) required"; exit 1; } -GRUB_X64_DIR="$GRUB2_INSTALL/lib/grub/x86_64-efi" +GRUB_X64_DIR="$HIPERISO_ROOT/build/grub2-204/RUNTIME/grub/x86_64-efi" +[ -d "$GRUB_X64_DIR" ] || GRUB_X64_DIR="$GRUB2_INSTALL/lib/grub/x86_64-efi" [ -d "$GRUB_X64_DIR" ] || GRUB_X64_DIR="$HIPERISO_ROOT/src/grub2/grub/x86_64-efi" KERNEL_SRC="$STAGING/efi/vmlinuz" @@ -22,11 +23,19 @@ KERNEL_SRC="$STAGING/efi/vmlinuz" EFI_BOOT_SRC="$HIPERISO_ROOT/grub2/bin/BOOTX64.EFI" [ -f "$EFI_BOOT_SRC" ] || EFI_BOOT_SRC="$STAGING/efi/BOOTX64.EFI" [ -f "$EFI_BOOT_SRC" ] || EFI_BOOT_SRC="$STAGING/EFI/BOOT/BOOTX64.EFI" +REAL_GRUB_SRC="$HIPERISO_ROOT/grub2/bin/grubx64_real.efi" +[ -f "$REAL_GRUB_SRC" ] || REAL_GRUB_SRC="$STAGING/efi/grubx64_real.efi" +GRUB_EFI_ALIAS_SRC="$HIPERISO_ROOT/grub2/bin/grubx64.efi" +[ -f "$GRUB_EFI_ALIAS_SRC" ] || GRUB_EFI_ALIAS_SRC="$STAGING/efi/grubx64.efi" +SHIM_BOOT_SRC="$HIPERISO_ROOT/vendor/secureboot/BOOTX64.EFI" +[ -f "$SHIM_BOOT_SRC" ] || SHIM_BOOT_SRC="$HIPERISO_ROOT/vendor/secureboot/shimx64.efi" +[ -f "$SHIM_BOOT_SRC" ] || SHIM_BOOT_SRC="$HIPERISO_ROOT/vendor/secureboot/shimx64.efi.signed" # Clean only subdirectories this script fully repopulates. # Preserve tool/ (languages.json, HiperisoGTK.glade, GUI binaries) # and WebUI/plugson.www from build_gui_all.sh. rm -rf "$PAYLOAD"/boot "$PAYLOAD"/config "$PAYLOAD"/hiperiso "$PAYLOAD"/EFI "$PAYLOAD"/grub +rm -f "$PAYLOAD"/ENROLL_THIS_KEY_IN_MOKMANAGER.cer mkdir -p "$PAYLOAD/boot" mkdir -p "$PAYLOAD/config" mkdir -p "$PAYLOAD/hiperiso" @@ -43,9 +52,14 @@ xz --check=crc32 "$PAYLOAD/boot/core.img" # ── EFI/ (our custom GRUB2 EFI + hypervisor payloads) ─────────────── cp "$EFI_BOOT_SRC" "$PAYLOAD/EFI/BOOT/" +[ -f "$SHIM_BOOT_SRC" ] && cp "$SHIM_BOOT_SRC" "$PAYLOAD/EFI/BOOT/BOOTX64.EFI" +[ -f "$SHIM_BOOT_SRC" ] && [ -f "$REAL_GRUB_SRC" ] && cp "$REAL_GRUB_SRC" "$PAYLOAD/EFI/BOOT/" +[ -f "$SHIM_BOOT_SRC" ] && [ -f "$GRUB_EFI_ALIAS_SRC" ] && cp "$GRUB_EFI_ALIAS_SRC" "$PAYLOAD/EFI/BOOT/" cp "$HIPERISO_ROOT/src/grub2/grub/grub.cfg" "$PAYLOAD/EFI/BOOT/" -[ -f "$HIPERISO_ROOT/vendor/secureboot/mmx64.efi" ] && \ +[ -f "$SHIM_BOOT_SRC" ] && [ -f "$HIPERISO_ROOT/vendor/secureboot/mmx64.efi" ] && \ cp "$HIPERISO_ROOT/vendor/secureboot/mmx64.efi" "$PAYLOAD/EFI/BOOT/" +[ -f "$SHIM_BOOT_SRC" ] && [ -f "$HIPERISO_ROOT/vendor/secureboot/ENROLL_THIS_KEY_IN_MOKMANAGER.cer" ] && \ + cp "$HIPERISO_ROOT/vendor/secureboot/ENROLL_THIS_KEY_IN_MOKMANAGER.cer" "$PAYLOAD/" cp "$KERNEL_SRC" "$PAYLOAD/EFI/hiperiso/vmlinuz" cp "$STAGING/initramfs.cpio.gz" "$PAYLOAD/EFI/hiperiso/" @@ -107,16 +121,26 @@ cp "$HIPERISO_ROOT/config/hiperiso.json.example" "$PAYLOAD/config/" echo "1.0.0" > "$PAYLOAD/hiperiso/version" _progress 4 "Extracting support files..." -# Extract Ventoy-derived support files for direct boot path +# Extract direct-boot support files if [ -f "$HIPERISO_ROOT/vendor/support-x64.tar.xz" ]; then tar -xJf "$HIPERISO_ROOT/vendor/support-x64.tar.xz" -C "$STAGING/" cp -a "$STAGING/support-x64/"* "$PAYLOAD/hiperiso/" fi -rm -f "$PAYLOAD/log.txt" +# Copy Ventoy's runtime modules into the payload. The modsrc's GRUB +# binary runs ventoy_check_official_device() at boot, which requires +# `ventoy/ventoy.cpio` on the ESP. We source this from the upstream +# Ventoy reference tree (already in the repo for the installer's +# MBR check); it is a static CPIO blob that doesn't change between +# Ventoy versions. Without this, the modsrc's GRUB halts with +# "This is NOT a standard Ventoy device" before the menu ever renders. +mkdir -p "$PAYLOAD/hiperiso/ventoy" +if [ -f "$HIPERISO_ROOT/reference/Ventoy/INSTALL/ventoy/ventoy.cpio" ]; then + cp "$HIPERISO_ROOT/reference/Ventoy/INSTALL/ventoy/ventoy.cpio" \ + "$PAYLOAD/hiperiso/ventoy/ventoy.cpio" +fi -sed -i 's/ventoy/hiperiso/g' "$PAYLOAD/grub/i386-pc/moddep.lst" 2>/dev/null || true -sed -i 's/ventoy/hiperiso/g' "$PAYLOAD/grub/x86_64-efi/moddep.lst" 2>/dev/null || true +rm -f "$PAYLOAD/log.txt" _progress 5 "Staging ESP content tree..." ESP_IMG="$PAYLOAD/hiperiso/hiperiso.disk.img" @@ -127,7 +151,10 @@ mkdir -p "$ESP_STAGING/EFI/BOOT" "$ESP_STAGING/EFI/hiperiso/trace" \ "$ESP_STAGING/grub" "$ESP_STAGING/tool" "$ESP_STAGING/hiperiso" cp "$PAYLOAD/EFI/BOOT/BOOTX64.EFI" "$PAYLOAD/EFI/BOOT/grub.cfg" "$ESP_STAGING/EFI/BOOT/" +[ -f "$PAYLOAD/EFI/BOOT/grubx64_real.efi" ] && cp "$PAYLOAD/EFI/BOOT/grubx64_real.efi" "$ESP_STAGING/EFI/BOOT/" +[ -f "$PAYLOAD/EFI/BOOT/grubx64.efi" ] && cp "$PAYLOAD/EFI/BOOT/grubx64.efi" "$ESP_STAGING/EFI/BOOT/" [ -f "$PAYLOAD/EFI/BOOT/mmx64.efi" ] && cp "$PAYLOAD/EFI/BOOT/mmx64.efi" "$ESP_STAGING/EFI/BOOT/" +[ -f "$PAYLOAD/ENROLL_THIS_KEY_IN_MOKMANAGER.cer" ] && cp "$PAYLOAD/ENROLL_THIS_KEY_IN_MOKMANAGER.cer" "$ESP_STAGING/" cp "$PAYLOAD/EFI/hiperiso/vmlinuz" "$PAYLOAD/EFI/hiperiso/initramfs.cpio.gz" \ "$PAYLOAD/EFI/hiperiso/OVMF.fd" "$PAYLOAD/EFI/hiperiso/hiperiso-log" "$ESP_STAGING/EFI/hiperiso/" cp "$PAYLOAD"/EFI/hiperiso/trace/*.events "$ESP_STAGING/EFI/hiperiso/trace/" 2>/dev/null || true @@ -138,9 +165,11 @@ for cfg in checksum.cfg debug.cfg hwinfo.cfg keyboard.cfg localboot.cfg menulang done [ -f "$PAYLOAD/grub/help.tar.gz" ] && cp "$PAYLOAD/grub/help.tar.gz" "$ESP_STAGING/grub/" [ -f "$PAYLOAD/grub/menu.tar.gz" ] && cp "$PAYLOAD/grub/menu.tar.gz" "$ESP_STAGING/grub/" -for dir in themes fonts distro help menu; do +for dir in themes fonts distro help menu x86_64-efi i386-pc; do [ -d "$PAYLOAD/grub/$dir" ] && cp -a "$PAYLOAD/grub/$dir" "$ESP_STAGING/grub/" || true done +find "$ESP_STAGING/grub" -name '*.module' -delete 2>/dev/null || true +find "$ESP_STAGING/grub" -name '*.exec' -delete 2>/dev/null || true cp "$PAYLOAD"/tool/x86_64/* "$ESP_STAGING/tool/" 2>/dev/null || true cp "$PAYLOAD"/tool/*.sh "$PAYLOAD"/tool/*.json "$PAYLOAD"/tool/*.glade "$PAYLOAD"/tool/*.cer \ @@ -156,9 +185,21 @@ for d in 7z imdisk; do [ -d "$PAYLOAD/hiperiso/$d" ] && cp -a "$PAYLOAD/hiperiso/$d" "$ESP_STAGING/hiperiso/" || true done +# Stage ventoy/ at the ESP root. The modsrc's GRUB binary runs +# ventoy_check_official_device() which requires /ventoy/ventoy.cpio +# to be at the partition root (not under hiperiso/). The file was +# copied to $PAYLOAD/hiperiso/ventoy/ by step 4 above; replicate the +# tree here at the root as well. +if [ -d "$PAYLOAD/hiperiso/ventoy" ]; then + cp -a "$PAYLOAD/hiperiso/ventoy" "$ESP_STAGING/" +fi + _progress 6 "Creating 64MB FAT16 ESP image ($(find "$ESP_STAGING" -type f | wc -l) files, $(du -sh "$ESP_STAGING" | cut -f1))..." dd if=/dev/zero of="$ESP_IMG" bs=1M count=64 2>/dev/null -mkfs.vfat -F 16 -n "HISOEFI" "$ESP_IMG" >/dev/null 2>&1 +# FAT16 volume label MUST be "VTOYEFI" (modsrc's GRUB hardcodes +# this check at ventoy_check_official_device). Using "HISOEFI" here +# would fail with error 10 "Partition name is not VTOYEFI". +mkfs.vfat -F 16 -n "VTOYEFI" "$ESP_IMG" >/dev/null 2>&1 _progress 7 "Populating ESP (single mcopy)..." mcopy -s -i "$ESP_IMG" "$ESP_STAGING/"* ::/ 2>/dev/null diff --git a/src/grub2/grub/grub.cfg b/src/grub2/grub/grub.cfg index 891ef78..2c74650 100644 --- a/src/grub2/grub/grub.cfg +++ b/src/grub2/grub/grub.cfg @@ -2510,6 +2510,99 @@ set HISO_HELP_TXT_LANGUAGE="en_US" set HISO_CHKSUM_FILE_PATH="X" set HISO_LANG_CMD="hiperiso_language" +# hiperiso_boot [] +# Replicates hiperiso_cmd_boot (src/grub2/hiperiso_cmd.c:6994). Boots the +# host kernel + QEMU initramfs from the ESP, passing the hiperiso_* +# command-line contract that host/initramfs/init understands. Used by +# the "Hypervisor (KVM + Boot Logging)" secondary-menu option and any +# direct QEMU boot path. +# +# Reads these GRUB env vars (set by the JSON config or menu): +# HISO_TRACE_LEVEL standard|detailed|full|none (default: standard) +# HISO_FALLBACK 0|1 (default: 0) +# HISO_DISPLAY none|gtk|vnc (default: none) +# HISO_VGA none|std|virtio (default: none) +# HISO_GUEST_RAM MB (default: 2048) +# HISO_GUEST_CPUS (default: 2) +# HISO_AUTO_INSTALL, HISO_PERSISTENCE, HISO_DUD, +# HISO_INJECTION, HISO_CONF_REPLACE, HISO_CPU_FEATURES +function hiperiso_boot { + set iso_path="$1" + if [ -z "$iso_path" ]; then + echo "hiperiso_boot: usage: hiperiso_boot []" + return 1 + fi + + # Derive log_dir from ISO basename. GRUB script has no ${var##*/} + # bash pattern; replicate it with regexp: match ".*/" greedily then + # the final segment. If iso_path has no '/', hiso_base stays as the + # whole path (acceptable fallback). + set hiso_base="$iso_path" + if regexp '.*/([^/]+)' "$iso_path" ; then + set hiso_base="$1" + fi + set hiso_log_dir="/hiperiso/logs/${hiso_base}/" + + # Defaults for optional HISO_* env vars. Note: GRUB's [ -n X ] and + # [ -z X ] accept a single argument; "&&" is bash-only, so we use + # nested if instead. + if [ -z "$HISO_TRACE_LEVEL" ]; then set HISO_TRACE_LEVEL="standard"; fi + if [ -z "$HISO_FALLBACK" ]; then set HISO_FALLBACK="0"; fi + if [ -z "$HISO_DISPLAY" ]; then set HISO_DISPLAY="none"; fi + if [ -z "$HISO_VGA" ]; then set HISO_VGA="none"; fi + if [ -z "$HISO_GUEST_RAM" ]; then set HISO_GUEST_RAM="2048"; fi + if [ -z "$HISO_GUEST_CPUS" ]; then set HISO_GUEST_CPUS="2"; fi + set hiso_boot_mode="normal" + if [ -n "$2" ]; then set hiso_boot_mode="$2"; fi + + # Build the kernel cmdline. Order matches hiperiso_cmd_boot. + set hiso_cmdline="hiperiso_iso=\"${iso_path}\" hiperiso_log=\"${hiso_log_dir}\" hiperiso_trace_level=\"${HISO_TRACE_LEVEL}\" hiperiso_ram=\"${HISO_GUEST_RAM}\" hiperiso_cpus=\"${HISO_GUEST_CPUS}\" hiperiso_display=\"${HISO_DISPLAY}\" hiperiso_vga=\"${HISO_VGA}\" hiperiso_fallback=\"${HISO_FALLBACK}\"" + + if [ -n "$HISO_AUTO_INSTALL" ]; then + set hiso_cmdline="${hiso_cmdline} hiperiso_auto_install=\"${HISO_AUTO_INSTALL}\"" + fi + if [ -n "$HISO_PERSISTENCE" ]; then + set hiso_cmdline="${hiso_cmdline} hiperiso_persistence=\"${HISO_PERSISTENCE}\"" + fi + if [ -n "$HISO_DUD" ]; then + set hiso_cmdline="${hiso_cmdline} hiperiso_dud=\"${HISO_DUD}\"" + fi + if [ -n "$HISO_INJECTION" ]; then + set hiso_cmdline="${hiso_cmdline} hiperiso_injection=\"${HISO_INJECTION}\"" + fi + if [ -n "$HISO_CONF_REPLACE" ]; then + set hiso_cmdline="${hiso_cmdline} hiperiso_conf_replace=\"${HISO_CONF_REPLACE}\"" + fi + if [ -n "$HISO_SECURE_BOOT" ]; then + if [ "$HISO_SECURE_BOOT" != "0" ]; then + set hiso_cmdline="${hiso_cmdline} hiperiso_secure_boot=\"1\"" + fi + fi + if [ -n "$HISO_TPM" ]; then + if [ "$HISO_TPM" != "0" ]; then + set hiso_cmdline="${hiso_cmdline} hiperiso_tpm=\"1\"" + fi + fi + if [ -n "$HISO_CPU_FEATURES" ]; then + set hiso_cmdline="${hiso_cmdline} hiperiso_cpu_features=\"${HISO_CPU_FEATURES}\"" + fi + if [ -n "$hiso_boot_mode" ]; then + set hiso_cmdline="${hiso_cmdline} hiperiso_boot_mode=\"${hiso_boot_mode}\"" + fi + if [ -n "$HISO_NET_DUMP" ]; then + if [ "$HISO_NET_DUMP" != "0" ]; then + set hiso_cmdline="${hiso_cmdline} hiperiso_net_dump=\"1\"" + fi + fi + + # Hand off to the host kernel + QEMU initramfs. vmlinuz and + # initramfs.cpio.gz live in the same EFI/hiperiso/ directory on the + # ESP. hiso_efi_part is set in this file's earlier setup block. + linux ${hiso_efi_part}/EFI/hiperiso/vmlinuz ${hiso_cmdline} + initrd ${hiso_efi_part}/EFI/hiperiso/initramfs.cpio.gz + boot +} + if [ "$grub_platform" = "pc" ]; then set HISO_TEXT_MENU_VER="Hiperiso $HIPERISO_VERSION BIOS www.hiperiso.net" diff --git a/src/grub2/hiperiso_def.h b/src/grub2/hiperiso_def.h index d5d4457..07fa7eb 100644 --- a/src/grub2/hiperiso_def.h +++ b/src/grub2/hiperiso_def.h @@ -21,6 +21,9 @@ #ifndef __HIPERISO_DEF_H__ #define __HIPERISO_DEF_H__ +#include +#include + #define HISO_MAX_DIR_DEPTH 32 #define HISO_MAX_SCRIPT_BUF (4 * 1024 * 1024) @@ -1342,4 +1345,3 @@ void hiperiso_prompt_end(void); int hiperiso_set_sb_policy(void); #endif /* __HIPERISO_DEF_H__ */ - diff --git a/src/installer/tool/HiperisoWorker.sh b/src/installer/tool/HiperisoWorker.sh index 06b3b0e..9868f71 100644 --- a/src/installer/tool/HiperisoWorker.sh +++ b/src/installer/tool/HiperisoWorker.sh @@ -114,6 +114,15 @@ else exit 1 fi +if [ "$SECUREBOOT" = "YES" ]; then + for req in ./EFI/BOOT/grubx64_real.efi ./EFI/BOOT/mmx64.efi ./ENROLL_THIS_KEY_IN_MOKMANAGER.cer; do + if ! [ -f "$req" ]; then + hisoerr "Secure Boot assets are not packaged in this build. Add a signed shim to vendor/secureboot and rebuild the release payload." + exit 1 + fi + done +fi + if [ "$MODE" = "list" ]; then version=$(get_disk_hiperiso_version $DISK) if [ $? -eq 0 ]; then @@ -651,4 +660,3 @@ else fi - diff --git a/src/installer/tool/hiperiso_lib.sh b/src/installer/tool/hiperiso_lib.sh index 59cf8f1..00ea3b4 100644 --- a/src/installer/tool/hiperiso_lib.sh +++ b/src/installer/tool/hiperiso_lib.sh @@ -1,8 +1,12 @@ #!/bin/sh -#Hiperiso partition 64MB +# Hiperiso partition 2 size. We use 64MB to give the payload room to +# grow; scripts/build_grub2_204.sh applies a one-line patch to the +# upstream Ventoy modsrc so its hard-coded 32MB ESP expectation +# (ventoy_check_official_device) accepts our 64MB layout. HIPERISO_PART_SIZE=67108864 HIPERISO_PART_SIZE_MB=64 +HIPERISO_PART_SIZE=512 HIPERISO_SECTOR_SIZE=512 HIPERISO_SECTOR_NUM=131072 @@ -382,7 +386,7 @@ EOF for i in 0 1 2 3 4 5 6 7 8 9; do check_umount_disk "$PART2" - if mkfs.vfat -F 16 -n HISOEFI -s 1 $PART2; then + if mkfs.vfat -F 16 -n VTOYEFI -s 1 $PART2; then echo 'success' break else @@ -443,6 +447,11 @@ format_hiperiso_disk_gpt() { hisodebug "format disk by parted ..." + # Match upstream Ventoy: GPT partition 2 stays as basic-data type; the + # 0x8000000000000000 "boot-required" attribute is set on it by hisocli gpt + # after parted finishes (see hisogpt.c). Some firmwares are pickier about + # the type GUID than about the attribute — `esp on` alone leaves the + # attribute at 0 and breaks boot on certain UEFI implementations. if [ "$TOOLDIR" != "aarch64" ]; then vt_set_efi_type="set 2 msftdata on" fi @@ -500,7 +509,7 @@ format_hiperiso_disk_gpt() { for i in 0 1 2 3 4 5 6 7 8 9; do check_umount_disk "$PART2" - if mkfs.vfat -F 16 -n HISOEFI -s 1 $PART2; then + if mkfs.vfat -F 16 -n VTOYEFI -s 1 $PART2; then echo 'success' break else