[rhcos-4.8] buildextend-live: drop shim fallback.efi from ISO #2437
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
UEFI boots from removable media via the arch-specific default EFI application in /EFI/BOOT. When booted that way, shim chains to fallback.efi if it exists, and fallback.efi creates an EFI boot entry. That's not appropriate for removable media boot, since the media will probably never be present again. If a TPM is present, fallback.efi will additionally reboot the machine, and on some machines this leads to boot loops. Instead of all this, we just want shim to chain directly to GRUB. Drop fallback.efi and its associated CSV from the EFI image. Replace it with a copy of GRUB in the right place for shim to chain to it. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2004449
miabbott
approved these changes
Sep 16, 2021
There was a problem hiding this comment.
Built locally, then build RHCOS 4.8. Verified the ISO boots in UEFI/BIOS. Confirmed that the fallback EFI binary and CSV file were missing.
$ buildah bud --pull-always -t localhost/coreos-assembler:rhcos-4.8 .
$ coreos-assembler fetch && coreos-assembler build && coreos-assembler buildextend-metal && coreos-assembler buildextend-metal4k && coreos-assembler buildextend-live
$ coreos-assembler run -p qemu-iso --qemu-firmware uefi --memory 8192 --devshell-console
$ coreos-assembler run -p qemu-iso --memory 8192 --devshell-console
$ sudo mount -o loop builds/latest/x86_64/rhcos-48.84.202109161903-0-live.x86_64.iso /mnt/iso
$ sudo mount -o loop,ro /mnt/iso/images/efiboot.img /mnt/efi
$ tree /mnt/efi
/mnt/efi
└── EFI
├── BOOT
│ ├── BOOTX64.EFI
│ └── grubx64.efi
└── redhat
├── fonts
├── grub.cfg
├── grubx64.efi
├── mmx64.efi
├── shimx64.efi
└── shimx64-redhat.efi
4 directories, 7 files
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
UEFI boots from removable media via the arch-specific default EFI application in
/EFI/BOOT. When booted that way, shim chains to fallback.efi if it exists, and fallback.efi creates an EFI boot entry. That's not appropriate for removable media boot, since the media will probably never be present again. If a TPM is present, fallback.efi will additionally reboot the machine, and on some machines this leads to boot loops. Instead of all this, we just want shim to chain directly to GRUB.Drop fallback.efi and its associated CSV from the EFI image. Replace it with a copy of GRUB in the right place for shim to chain to it.
This is a lightweight backport of #2435.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2004449