How to configure the UEFI boot options?

Question

How to configure the UEFI boot options?

Closed this issue 3 months ago · 11 comments

To properly install an OS in a UEFI machine we need to reset the existing UEFI boot options and configure UEFI to boot the new OS.

In a regular debian root shell, we can do this as:

# delete all boot options (the BootXXXX UEFI variables).
efibootmgr \
  | perl -n -e '/^Boot([0-9A-F]{4})/ && print "$1\n"' \
  | xargs -I% efibootmgr --quiet --delete-bootnum --bootnum %
efibootmgr --quiet --delete-bootorder
# install the current OS boot option.
grub-install

While trying to transpose this to tinkerbell, I've failed to use the cexec action in this non-working workflow:

version: "0.1"
name: debian
global_timeout: 1800
tasks:
  - name: debian-install
    worker: '{{.device_1}}'
    volumes:
      - /dev:/dev
      - /sys/firmware/efi/efivars:/sys/firmware/efi/efivars
      - /worker:/worker
    actions:
      - name: install
        image: image2disk:v1.0.0
        environment:
          IMG_URL: '{{.img_url}}'
          COMPRESSED: true
          DEST_DISK: '{{.boot_device}}'
      - name: configure-uefi
        image: cexec:v1.0.0
        environment:
          BLOCK_DEVICE: '{{.boot_device}}3'
          FS_TYPE: ext4
          CHROOT: y
          DEFAULT_INTERPRETER: /bin/bash -euxo pipefail -c
          CMD_LINE: |
            # delete all the boot options (the firmware will recover them at the next boot).
            # you can also explicitly install it.
            mount
            efibootmgr
            efibootmgr \
              | perl -n -e '/^Boot([0-9A-F]{4})/ && print "$1\n"' \
              | xargs -I% efibootmgr --quiet --delete-bootnum --bootnum %
            efibootmgr --quiet --delete-bootorder
            grub-install --root-directory=/boot {{.boot_device}}
            efibootmgr
      - name: reboot
        image: reboot

This fails to execute the configure-uefi action because the /sys/firmware/efi/efivars is not mounted in the cexec created chroot:

So, how can this be done?

Should a new action for the efibootmgr exist? and only use cexec for running grub-install?

Answer 1 · 2021-09-15T14:51:13.000Z

FWIW, I've created a new reset-uefi-boot action that deletes all the BootXXX UEFI variables with efibootmgr --quiet --delete-bootnum --bootnum and is executed in a workflow like:

version: "0.1"
name: debian
global_timeout: 1800
tasks:
  - name: debian-install
    worker: '{{.device_1}}'
    volumes:
      - /dev:/dev
      - /sys/firmware/efi/efivars:/sys/firmware/efi/efivars
      - /worker:/worker
    actions:
      - name: install
        image: image2disk:v1.0.0
        environment:
          IMG_URL: '{{.img_url}}'
          COMPRESSED: true
          DEST_DISK: '{{.boot_device}}'
      - name: reset-uefi-boot
        image: reset-uefi-boot
      - name: reboot
        image: reboot

Answer 2 · 2021-09-21T15:48:01.000Z

@thebsdbox @displague - is this something you could provide insight on?

Answer 3 · 2021-09-27T13:25:17.000Z

@rgl It looks like this mount point should be available:

Can you change mount to cat /proc/self/mounts (notice how worker is not included, good explanation at https://unix.stackexchange.com/a/91961/105417)

If it is not mounted, can we try mounting manually to see what that looks like:
mount -t efivarfs efivarfs /sys/firmware/efi/efivars

Can we also check that the system is booting into UEFI mode?
Some https://bbs.archlinux.org/viewtopic.php?id=249546

efivar-tester looks to be included with the efivars package.

Answer 4 · 2021-09-27T13:28:30.000Z

@thebsdbox will be back later in the week (or next week) and might have other ideas.

@rgl Is your reset-uefi-boot image source available? How does this differ?

Answer 5 · 2021-09-27T14:19:45.000Z

This is ace, definitely something that would make sense to add to the hub.

Answer 6 · 2021-09-28T07:01:51.000Z

@displague, its at https://github.com/rgl/rpi-tinkerbell-vagrant/tree/master/actions/reset-uefi-boot

I'm using it at https://github.com/rgl/rpi-tinkerbell-vagrant/blob/master/templates/debian/workflow-template.yml

If it makes sense, I can contribute it.

Answer 7 · 2021-11-16T16:59:26.000Z

@rgl Contributing your action sounds good - https://github.com/tinkerbell/hub

Answer 8 · 2021-11-16T17:00:39.000Z

Should a new action for the efibootmgr exist? and only use cexec for running grub-install?

In light of your new project, would you say this is safe to close @rgl ?

Answer 9 · 2021-11-18T08:43:56.000Z

Should a new action for the efibootmgr exist? and only use cexec for running grub-install?

In light of your new project, would you say this is safe to close @rgl ?

@displague sorry, what new project?

Answer 10 · 2021-11-30T16:21:19.000Z

Should a new action for the efibootmgr exist? and only use cexec for running grub-install?

In light of your new project, would you say this is safe to close @rgl ?

@displague sorry, what new project?

I imagine the idea was for you to contribute https://github.com/rgl/rpi-tinkerbell-vagrant/tree/master/actions/reset-uefi-boot to https://github.com/tinkerbell/hub if you're up for it, @rgl.

Answer 11 · 2022-02-08T16:13:22.000Z

Hey @rgl I think we can close this issue right? Looks like you've figured out how to configure UEFI boot options. We'd love for you to contribute your action to hub, but thats outside of the issue I think.