No bootloader recognized on UEFI system using the example.ks

[mrguitar]

I'm using a Fedora 39 boot ISO and example.ks from the instructions, and trying to install a container made from the rhel nightlies. Anaconda finishes the install just fine, but the UEFI firmware doesn't recognize /dev/sda as bootable afterwards.

I'm not sure if this is related to grub2/bootupd or if some of the additional files in /boot are missing.

[cgwalters]

OK I did #60 which may help here - sanity checked it with a virt-install --boot uefi,loader.secure=false.

There's lot going on here but basically...the way we've been doing bootloader bits has actually split into three separate paths between:

• anaconda
• Edge (image builder, coreos-installer)
• Fedora CoreOS (bootupd, coreos-isntaller)

This effort is motivating these things to align. In particular, the reason we're not trying to follow the FCOS path is listed in coreos/fedora-coreos-tracker#1151 - basically we don't want to need to make a raw disk image from a container to do an installation (plus tricky overlap with Ignition).

[cgwalters]

Merged #60 - if you (or anyone else) have a few minutes to try sanity checking it in the scenario you were going through, let me know if it helps!

I know again this is all really painful, if we really had to we could cave and not do bootupd integration but honestly the way anaconda+ostree handles bootloader stuff is just a tremendous pile of hacks that is barely touched from when I worked on it for Atomic Host days; and it's what the "Atomic Desktops" rely on today, but they lack "day 2 bootloader updates" because of it.

[mrguitar]

OK, it looks like secure boot is a big part of the problem. I'm on F38 silverblue and trying "--boot uefi,loader.secure=false" gives: ERROR loader attribute 'secure' cannot be specified when firmware autoselection is enabled
My google foo is failing me today on getting past that.

I'm using this in my script and I have the updated kickstart example from #60 working with the centos-stream9 base image using: --boot loader=/usr/share/edk2/ovmf/OVMF_CODE.fd,loader.readonly=yes,loader.secure=no,loader.type=pflash,nvram=/var/lib/libvirt/qemu/nvram/bootc.fd

Thanks for getting me past this!

[cgwalters]

ERROR loader attribute 'secure' cannot be specified when firmware autoselection is enabled

Hmm, what other arguments are you giving to virt-install? For reference here's an example incantation I'm using:

virt-install --boot uefi,loader.secure=false --connect qemu:///system --name centos-boot-demo --memory 2048 --vcpus 4 --disk size=40 \
          --os-variant rhel9.0 --location https://dl.fedoraproject.org/pub/fedora/linux/releases/38/Everything/x86_64/os/ \
          --noautoconsole --initrd-inject $(pwd)/inst.ks --extra-args="inst.ks=file:/inst.ks console=ttyS0"

I'm using this in my script and I have the updated kickstart example from #60 working

Cool! OK I think we can close this as "fixed", even though there's definitely more cleanup here to land.

[mrguitar]

Yeah I can't run that command on my laptop for some reason. I get: ERROR loader attribute 'secure' cannot be specified when firmware autoselection is enabled
Domain installation does not appear to have been successful.

These are the relevant packages I'm layering: libvirt qemu-kvm swtpm swtpm-tools virt-install virt-manager
I would think that has everything necessary, but maybe not.

Also the second attempt to use the kickstart error'ed out with the bootupctl command:

error: Found argument '--auto' which wasn't expected, or isn't valid in this context
If you tried to supply --auto as a value rather than a flag, use -- --auto

which is strange because all I did was switch the container and provide an ssh key.

[cgwalters]

For --auto you currently need the -dev image which has a much newer bootupd.

[mrguitar]

OK thanks, that explains it. I have everything rebuilt w/ the latest CS9 image & booting. Thanks again for the help!