Skip to content

engineering: Generic EFI vendor-dir discovery and AZL4 ESP support#672

Draft
Britel wants to merge 9 commits into
user/britel/azl4-1-grub-nativefrom
user/britel/azl4-2-esp-layouts
Draft

engineering: Generic EFI vendor-dir discovery and AZL4 ESP support#672
Britel wants to merge 9 commits into
user/britel/azl4-1-grub-nativefrom
user/britel/azl4-2-esp-layouts

Conversation

@Britel
Copy link
Copy Markdown
Collaborator

@Britel Britel commented Jun 3, 2026

Summary

Adds AZL4 ESP partition layout support to Trident. AZL4 (Fedora-based) places GRUB binaries in vendor directories (EFI/fedora/, EFI/azurelinux/) instead of the AZL3 EFI/BOOT/grubx64-noprefix.efi convention. This PR makes the ESP setup code distro-agnostic.

Part 2 of the AZL4 enablement stack. Depends on PR #642 (AZL4 distro detection + GRUB update path).

Changes

Generic EFI vendor-dir discovery (esp.rs)

  • Add find_efi_binary_in_vendor_dirs() — searches EFI/*/grubx64.efi when noprefix and standard paths don't exist
  • Three-tier GRUB binary priority: noprefix → standard → vendor-dir
  • Sorted vendor-dir iteration for reproducible builds (prevents PCR/attestation drift)
  • Skip EFI/BOOT/ in vendor scan (already checked as fallback)
  • Improved error message listing all searched paths on failure

AZL4 GRUB search format (grub.rs)

  • Add re3 regex for search --fs-uuid --set=root <UUID> (Fedora's grub2 scripts omit --no-floppy, which is a Mariner-specific convention)
  • Three-form doc comment explaining the distro conventions

AZL3 noprefix guard (esp.rs)

  • Scope the existing ensure!(grub_noprefix) check to AZL3 only via ctx.image_distro().is_azl3()
  • AZL3 ships both GRUB variants; Trident requires noprefix. AZL4+ uses standard grubx64.efi in vendor dirs
  • Preserve DISABLE_GRUB_NOPREFIX_CHECK escape hatch

AZL4 distro helpers (osrelease.rs)

  • Add is_azl4() helper on Distro
  • Add AzureLinuxRelease::AzL4 variant with VERSION_ID 4.x parsing and ID_LIKE=fedora detection

Testing

  • Unit tests for vendor-dir discovery (deterministic ordering, BOOT skip, multi-vendor)
  • Unit tests for AZL3 and AZL4 GRUB search format rewriting
  • Pipeline validated on full PR stack (build 1131460): AZL4 image builds succeed, all AZL3 stages pass
  • E2E validated on karhu-ubuntu with real AZL4 COSI images

PR Stack

# Branch PR Description
1 azl4-1-grub-native #642 AZL4 distro detection + GRUB update path
2 azl4-2-esp-layouts this Generic EFI vendor-dir discovery + AZL4 ESP
3 azl4-5a-builder-infra Builder infra + image acquisition
4 azl4-5b-image-pipeline Image configs + pipeline stages
5 azl4-6-bm-test BM-simulated netlaunch stage
6 azl4-7a-qcow2-rust qcow2 base + offline-init
7 azl4-7b-rollback-stage VM rollback test stage

Britel and others added 9 commits June 3, 2026 16:44
@Britel
engineering: Generic EFI vendor-dir discovery and AZL4 ESP support
460393c 
Adds is_azl4_or_later() helper, generic EFI vendor-dir discovery
via grub-probe, and AZL4 ESP partition layout support.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@Britel
engineering: Clean up ESP noprefix check and grub search comments
b1c2363 
- Remove redundant ensure!(grub_noprefix) check from ESP setup.
  generate_boot_filepaths() already finds a working GRUB binary
  (noprefix, standard, or vendor-dir). The separate policy check
  was redundant.
- Simplify copy_boot_files to return () instead of bool
- Attribute grub search format variants to distro conventions
  (AZL3/Mariner vs AZL4/Fedora), not MIC internals
- Update mixed-forms test comment to reference cross-version A/B
  update scenario

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@Britel
engineering: Remove unused is_azl4_or_later helper
bb2fd89 
No callers remain after the noprefix check removal. Can be re-added
if a future change needs version-range gating.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@Britel
engineering: Restore AZL3 noprefix guard as distro-specific check
2411dd9 
AZL3 ships two GRUB variants: grub2-efi-binary (prefix-relative config
lookup) and grub2-efi-binary-noprefix (root-device-relative lookup).
Trident's A/B update path requires the noprefix variant on AZL3.

Restore the noprefix check, but scope it to AZL3 only using
image_distro().is_azl3(). AZL4+ uses standard grubx64.efi in vendor
directories and does not need noprefix.

This replaces the previous generic ensure! + DISABLE_GRUB_NOPREFIX_CHECK
flag with a targeted distro check. No escape hatch needed since the
check only fires for AZL3.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@Britel
fix: Restore grub_noprefix name and DISABLE_GRUB_NOPREFIX_CHECK flag
d5846c2 
Keep the original variable name and preserve the operator escape hatch.
Minimize diff from upstream.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@Britel
fix: Use ensure! instead of bail for noprefix check
5ad0c6a 
Keep the same macro as upstream to minimize diff.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@Britel
fix: Revert replace_all back to replace in update_search
74ead34 
Keep the original if/else if chain with replace (first match). No
real-world grub config has multiple search lines. Minimizes diff
from upstream.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@Britel
fix: Restore original test variable name noprefix
ed333bf 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@Britel
fix: Remove mixed-forms test incompatible with if/else if chain
550ff11 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Britel