[rhcos-4.6] buildextend-live: drop shim fallback.efi from ISO #2439
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
For BIOS systems, we're already adding an MBR and boot sector to the ISO image so it can be dd'ed to a USB stick and booted as a hard disk. For UEFI systems, we're already generating an ESP and setting it as an additional El Torito image. For some UEFI firmware (e.g. EDK II) that seems to be sufficient, but we should also create a GPT with an ESP wrapping that El Torito image, for firmware that doesn't support El Torito on hard disks. For coreos/fedora-coreos-tracker#707.
05ba856 added an ESP to the ISO's hybrid GPT to help EFI systems that won't boot El Torito from a hard disk. However, when booting from the ESP, GRUB won't read the grub.cfg from the main ISO image, and just drops to a grub prompt. Add a stub grub.cfg that points GRUB to the right place. Fixes: 05ba856 ("buildextend-live: hybridize live ISO for UEFI boot") Fixes: coreos/fedora-coreos-tracker#724 Fixes: coreos/fedora-coreos-tracker#953
At runtime it's immediately overwritten by the GRUB menu, but it shows up in console logs. This will help validate automated tests.
UEFI boots from removable media via the arch-specific default EFI application in /EFI/BOOT. When booted that way, shim chains to fallback.efi if it exists, and fallback.efi creates an EFI boot entry. That's not appropriate for removable media boot, since the media will probably never be present again. If a TPM is present, fallback.efi will additionally reboot the machine, and on some machines this leads to boot loops. Instead of all this, we just want shim to chain directly to GRUB. Drop fallback.efi and its associated CSV from the EFI image. Replace it with a copy of GRUB in the right place for shim to chain to it. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2004449
|
I build this PR locally and used it to build RHCOS 4.6. I confirmed that the boot was successful on UEFI and BIOS. I also verified the fallback binary and CSV file were absent. |
mike-nguyen
approved these changes
Sep 17, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
UEFI boots from removable media via the arch-specific default EFI application in
/EFI/BOOT. When booted that way, shim chains to fallback.efi if it exists, and fallback.efi creates an EFI boot entry. That's not appropriate for removable media boot, since the media will probably never be present again. If a TPM is present, fallback.efi will additionally reboot the machine, and on some machines this leads to boot loops. Instead of all this, we just want shim to chain directly to GRUB.Drop fallback.efi and its associated CSV from the EFI image. Replace it with a copy of GRUB in the right place for shim to chain to it.
Unlike 4.7+, the 4.6 live ISO doesn't attempt to support UEFI booting when copied to a USB stick (except for firmware that can do so via El Torito). Fixing this is a small change, so for consistency with newer releases, backport the commits to do so. Then apply a lightweight backport of #2435.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2004449