Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

buildextend-live: drop shim fallback.efi from ISO; simplify EFI image #2435

Merged
merged 3 commits into from
Sep 16, 2021
Merged

buildextend-live: drop shim fallback.efi from ISO; simplify EFI image #2435

merged 3 commits into from
Sep 16, 2021

Conversation

bgilbert
Copy link
Contributor

UEFI boots from removable media via the arch-specific default EFI application in /EFI/BOOT. When booted that way, shim chains to fallback.efi if it exists, and fallback.efi creates an EFI boot entry. That's not appropriate for removable media boot, since the media will probably never be present again. If a TPM is present, fallback.efi will additionally reboot the machine, and on some machines this leads to boot loops. Instead of all this, we just want shim to chain directly to GRUB.

The EFI boot image currently looks like this:

EFI/BOOT/BOOTX64.EFI
EFI/BOOT/fbx64.efi
EFI/fedora/BOOTX64.CSV
EFI/fedora/fonts/
EFI/fedora/grub.cfg
EFI/fedora/grubx64.efi
EFI/fedora/mmx64.efi
EFI/fedora/shim.efi
EFI/fedora/shimx64.efi

Refactor the EFI boot image under the expectation that we never want to create or boot from an EFI boot entry. Consolidate /EFI/<vendor-id> into /EFI/BOOT and delete things we don't need: fallback.efi, its associated CSV, and extra copies of shim. The result is this:

EFI/BOOT/BOOTX64.EFI
EFI/BOOT/fonts/
EFI/BOOT/grub.cfg
EFI/BOOT/grubx64.efi
EFI/BOOT/mmx64.efi

This also saves a couple MB of space.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2004449

@bgilbert bgilbert mentioned this pull request Sep 16, 2021
Closed
@bgilbert
cosalib: add glob helper that checks for at least one match
8da74b0
@bgilbert
buildextend-live: drop shim fallback.efi from ISO; simplify EFI image
9e3a7b1 
UEFI boots from removable media via the arch-specific default EFI
application in /EFI/BOOT.  When booted that way, shim chains to
fallback.efi if it exists, and fallback.efi creates an EFI boot entry.
That's not appropriate for removable media boot, since the media will
probably never be present again.  If a TPM is present, fallback.efi will
additionally reboot the machine, and on some machines this leads to boot
loops.  Instead of all this, we just want shim to chain directly to GRUB.

The EFI boot image currently looks like this:

    EFI/BOOT/BOOTX64.EFI
    EFI/BOOT/fbx64.efi
    EFI/fedora/BOOTX64.CSV
    EFI/fedora/fonts/
    EFI/fedora/grub.cfg
    EFI/fedora/grubx64.efi
    EFI/fedora/mmx64.efi
    EFI/fedora/shim.efi
    EFI/fedora/shimx64.efi

Refactor the EFI boot image under the expectation that we never want to
create or boot from an EFI boot entry.  Consolidate /EFI/<vendor-id> into
/EFI/BOOT and delete things we don't need: fallback.efi, its associated
CSV, and extra copies of shim.  The result is this:

    EFI/BOOT/BOOTX64.EFI
    EFI/BOOT/fonts/
    EFI/BOOT/grub.cfg
    EFI/BOOT/grubx64.efi
    EFI/BOOT/mmx64.efi

This also saves a couple MB of space.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2004449
@bgilbert
mantle/kola/testiso: ensure live ISO doesn't create an EFI boot entry
678e058 
On UEFI systems, confirm that shim hasn't created an EFI boot entry during
live ISO bootup.
This was referenced Sep 16, 2021
Merged
Merged
Merged
Merged
jlebon
jlebon approved these changes Sep 16, 2021
View reviewed changes
Copy link
Member

@jlebon jlebon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM overall!

src/cmd-buildextend-live
os.unlink(path)

# Drop vendor copies of shim; we already have it in BOOT*.EFI in
# BOOT
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we sanity-check before nuking that BOOTX64.EFI and shimx86.efi are the same file?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it matters. If the shim package decides to install a slightly different binary into BOOTX64.EFI, presumably that's the one we want to use. The shimx64.efi in the vendor directory is there for booting via a boot entry, which we won't be doing.

mantle/cmd/kola/testiso.go
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/sh -c '! efibootmgr -v | grep -E "(HD|CDROM)\("'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you verify, even if manually, that this test failed before this PR?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup!

@jlebon jlebon merged commit bf6d88e into coreos:main Sep 16, 2021
@bgilbert bgilbert deleted the fallback-iso branch September 16, 2021 16:36
This was referenced Dec 2, 2021
Closed
Closed
@bgilbert bgilbert mentioned this pull request Dec 24, 2021
Closed
@dustymabe dustymabe mentioned this pull request Aug 9, 2023
Open
wanghao75 pushed a commit to openeuler-mirror/nestos-assembler that referenced this pull request Jun 25, 2024
Refer to upstream optimization for live iso image efi startup process
2ec6630 
Reference:coreos/coreos-assembler#2435
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jlebon jlebon jlebon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bgilbert @jlebon