Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EFI boot? #844

Open
deitch opened this issue Mar 31, 2016 · 41 comments

Comments

@deitch
Copy link
Contributor

commented Mar 31, 2016

Does RancherOS support EFI booting? Looking at the distribution iso for 0.4.3, I see /boot directory but no *.efi files, which leads me to suspect that it does not?

@ibuildthecloud

This comment has been minimized.

Copy link
Member

commented Apr 1, 2016

We don't package an EFI image, but it will boot from EFI if you already have a bootloader in place. It would be nice if we created an image, it would make it much easier to run on my Minnowboard Max.

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented Apr 1, 2016

Shouldn't be too hard to extend the image to do it. Use efilinux from Intel or shim from Fedora could even get it working with SecureBoot, although that is less of an issue. I would be happy with an iso that boots straight from EFI with SecureBoot disabled.

Minnowboard Max?

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented Apr 3, 2016

I got it working. There still are 2 issues:

  1. It takes an extra 10 seconds or so to start up (although I suspect that is VirtualBox's EFI implementation)
  2. It doesn't yet support SecureBoot (but easily could with shim)

You want a pull request?

@Xe

This comment has been minimized.

Copy link

commented May 10, 2016

I'd be interested in this

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented May 10, 2016

Gosh, this was a month ago. @ibuildthecloud do you want a PR on this? I would like to add all of it, but:

  1. I need to find some time (paid work comes first)
  2. I am not putting in the effort unless I know it will get merged
@ibuildthecloud

This comment has been minimized.

Copy link
Member

commented May 10, 2016

We 100% would want a PR. Sorry for the delay.

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented May 10, 2016

A little busy, @ibuildthecloud ? I cannot imagine! :-)

I need to dig back in and find this stuff. I just implemented a platform with secure and encrypted apps on a root drive that even physical access to the machine cannot give you... but no need for a user to be present to enter the unlock password. I did it on Debian, but since the apps themselves are just containers, I would love to do it over Rancher too. If only I had the time.

Either way, got all the way into initram and MBR and UEFI and GPT and TPM and encryption and kernel and and ....

I will try to dig this part out and set you up for UEFI boot.

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented May 11, 2016

@ibuildthecloud when I run a full build, what platform do I build it on? What are the prereqs?

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented May 11, 2016

@ibuildthecloud yes, completely confused. How does the build process work? Do I run it on my local Mac? On a Linux machine, and of what flavour? Does it build inside a docker container or locally? There isn't much info there.

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented May 11, 2016

And my head is spinning around the dependencies. What is vbox doing in the initrd?

@ibuildthecloud

This comment has been minimized.

Copy link
Member

commented May 13, 2016

@deitch You might want to work off the v0.5 branch we have the build is completely different there. We are in the middle of a bit of a transition. The build in that branch is kicked off by running make. It runs in a container so you can run it on a Mac assuming you have Docker setup (Docker for Mac or Boot2Docker).

@ibuildthecloud

This comment has been minimized.

Copy link
Member

commented May 13, 2016

@deitch There are almost zero dependencies of the host required, just make and curl. vbox is in the build because people want vbox tools for docker-machine to work right. Currently it is not fully used.

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented May 13, 2016

That works, much easier.

Yeah, I have D4Mac on my MBA for a while. Even got on the latest Beta, but it requires a CPU feature not available on my 5.5-yr-old Air.... and Apple's offerings are so pathetic (and old) now, that I cannot bring myself to spend the money to upgrade. Contemplating an alternate ultrabook and running Hackintosh or Win10 with Linux/Hack VM, or maybe even Linux desktop. Insane.

I am forking now.

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented May 13, 2016

Do you have any idea why github only includes 5 branches in the fork? I can always do it locally on my laptop - add upstream, add tracking branch, then push to origin - but that is a pain.

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented May 13, 2016

OK, got the branch. Next question. Running make pulls a large list of targets from scripts/, basically every file there except clean and run. Each of those is just a target for .dapper <script>. And then there are a series of what look like really small image Dockerfiles in images/.

How does this all tie together?

And for EFI, we essentially need:

  • wget (or curl) a package, unzip a file out of it,
  • install the correct directories and files in the right place in the image - I figured this out
  • some changes to the iso creation process - I figured this out

The above will handle booting the iso; booting when installed local is more, but one step at a time.

Where do I run the wget and curl? images/ directory looks like boot-up processes; package-iso is where I actual install onto the CD image, but not getting the files needed. Do I put it in Dockerfile.dapper? Where is a better place?

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented May 13, 2016

I am having an issue with the clean (non-EFI-modified) build failing. Will open a separate issue.

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented May 13, 2016

As for the build, I finally am getting my head around how this is structured. A doc would have saved lots of headache, but OK, here we are:

  1. make calls the default target of ci
  2. default target of ci calls ./.dapper scripts/ci, which sets up the entire environment in a container, and then in that container calls scripts/ci
  3. scripts/ci itself calls just 4 scripts: build, test, prepare, package

Each of those scripts in turn calls others:

  • build: calls build-target, which builds the ros binary via go; build-host, which just ensures host_ros is a copy of ros
  • test: runs tests
  • prepare: runs four scripts:
  • * template: generates build/os-config.yml from its template
  • * build-images: builds an image for each of the ones in images/ directory, which serve as the system-docker images to run services
  • * tar-images: saves all of the above images to a tar file once built
  • * layout: creates the initrd directory structure
  • package: runs three scripts:
  • * package-rootfs: creates the root file system structure and zips it up into a .tar.gz, then creates an initrd cpio file
  • * package-initrd: identical to package-rootfs, no clue why it is there
  • * package-iso: builds the iso file

So... given all of the above, I think that the right place to put the steps is:

  • Download necessary files in Dockerfile.dapper - that is our build environment
  • Do installations in iso in package-iso - that is what is responsible for packaging stuff into the ISO format.

Is that correct?

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented May 14, 2016

PR in. Ball in your court, @ibuildthecloud

@pwFoo

This comment has been minimized.

Copy link

commented May 31, 2016

+1
EFI boot would be nice.

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented May 31, 2016

@pwFoo PR is in and ready to run. That will, at least, get the live iso to boot on EFI. Once someone gets ros install working on v0.5, then we can get the local install bootable on EFI as well.

@deniseschannon deniseschannon modified the milestones: v0.5.1, v0.6.0 Jul 14, 2016

@jeff-h

This comment has been minimized.

Copy link

commented Aug 15, 2016

Once someone gets ros install working on v0.5, then we can get the local install bootable on EFI as well

Are you saying that your PR will allow me to boot Rancheros from a USB drive using UEFI, but once there I won't be able to install it onto the internal HD in a way that will allow me to boot the new internal install using UEFI?

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented Aug 15, 2016

Just about @jeff-h. I can get that working as well. But I was stuck on two things:

  1. ros install was not working.
  2. The first step - making it work off of a live cd/usb which is the PR - was open as a PR.

I didn't want to put the extra effort of getting the second step - local install - working until the effort for the first step paid off (PR merged). And I couldn't until ros install worked.

It looks like ros install might be working. If so, once they merge the PR, I will look at getting local install to work in between client work.

I'm a little hesitant, since the effort for the first step doesn't appear to have been accepted and used, but if it gets merged, I will look at it.

@jeff-h

This comment has been minimized.

Copy link

commented Aug 15, 2016

I think I've blurred my comments on this issue and the PR, sorry! My question asking if you "have any suggestions for how I could use your ISO to actually install a usable RancherOS onto my little PC?" actually belongs here, I think.

I'm guessing it's not going to be trivial, so I might just have to go with another OS for a while, although nothing else I've found installs easily on an Atom system either, it seems.

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented Aug 15, 2016

I'm doing this all on my iPhone over 3G, so I couldn't tell you where anything goes!

Sorry, no suggestions. I know how to do it, but haven't put in the effort yet.

I love the idea behind rancheros, which is why I put the effort on. I have a secure appliance OS build; I would look quite seriously at merging the security into rancheros and use it if I felt that the effort would get merged.

@joshwget joshwget modified the milestones: Upcoming milestone, v0.6.0 Aug 16, 2016

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented Oct 30, 2016

@joshwget @SvenDowideit @ibuildthecloud so... we getting this one back in?

@SvenDowideit

This comment has been minimized.

Copy link
Contributor

commented Nov 3, 2016

yes. I need to finish up #1361 first tho (and then go out and buy some ssd's for my ARM build boxes.

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented Nov 4, 2016

I need to finish up #1361 first tho (and then go out and buy some ssd's for my ARM build boxes

I am all for good toys and new build environments, but why does that need to finish first? We know the issues (see the PR), let's get it working conditionally (Intel only, no EFI on ARM), then we can add a PR to get EFI working on ARM. (then we can get ros install working with EFI...)

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented Nov 4, 2016

Just surprised at the complexity. The merge happened very quickly once we decided to do it. Granted, we had to back it out because we didn't think about ARM, but we can add the exception case there, like @ibuildthecloud suggested.

@SvenDowideit

This comment has been minimized.

Copy link
Contributor

commented Nov 4, 2016

basically, it happened very quickly because we didn't have a trivial build system that let us quickly build&test on all 3 HW platforms - my goal for this week is to change that at minimum for amd64...

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented Nov 4, 2016

There was no automated CI for all potential deployment platforms? Ouch.

Once that is in place, I will be able to submit a PR, and the entire system with the PR as if it had been merged will be run on all targets and report before we accept the merge?

Love it! This kind of building platforms is just fun. I am doing something similar with a company, although it is more software, so simpler.

Which CI system are you using?

all 3 HW platforms

3?

Either way, will you comment here when ready so I can resubmit the PR and get it in?

@SvenDowideit

This comment has been minimized.

Copy link
Contributor

commented Nov 4, 2016

don't wait for me - make the PR, and it'll get built as soon as things look like they might hold together :)

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented Nov 12, 2016

OK @SvenDowideit but...

  1. I am traveling the next week or so, and have been doing this on a Linux machine I have, so it will have to wait until I am back
  2. It will get merged in, right? Once it passes tests? I don't like putting work in that goes nowhere.
@Xe

This comment has been minimized.

Copy link

commented Mar 10, 2017

Is there any update on this?

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented Mar 10, 2017

@Xe when Rancher and @SvenDowideit are ready for it (committed to putting it in), I will redo it (or Sven will?). After having done the work and getting it a year ago (pre-0.6) and it went nowhere, reluctant to put in even a few minutes unless I know it will go in.

@jaknoll

This comment has been minimized.

Copy link

commented Apr 16, 2017

+1 on this one. Would love to see it added.

@kanthamohan

This comment has been minimized.

Copy link

commented Sep 5, 2017

+1 for this feature to be added

@TrueOsiris

This comment has been minimized.

Copy link

commented Sep 21, 2017

[Trump]Still no (u)EFI support? So sad[/Trump]

@abuisine

This comment has been minimized.

Copy link

commented Jan 19, 2018

I got a small package which works like a charm for UEFI boot, is there a way to contribute to the project in that regard somewhere ? contribution being doc or images.

@deitch

This comment has been minimized.

Copy link
Contributor Author

commented Jan 19, 2018

Been almost 2 years since I opened this and a PR. Done lots on linuxkit to support it, including on arm64. Not likely to come back to this, but since RancherOS is built on linuxkit nowadays, shouldn't be too hard?

@steve-todorov

This comment has been minimized.

Copy link

commented Jan 20, 2018

@yadkit

This comment has been minimized.

Copy link

commented Apr 12, 2018

+1 immediately.

I need to boot into RancherOS in my Ockel Sirius B Black Cherry. It doesn't support legacy mode so I need to boot in EFI mode soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
You can’t perform that action at this time.