How to configure the UEFI boot options?

[rgl]

To properly install an OS in a UEFI machine we need to reset the existing UEFI boot options and configure UEFI to boot the new OS.

In a regular debian root shell, we can do this as:

# delete all boot options (the BootXXXX UEFI variables).
efibootmgr \
  | perl -n -e '/^Boot([0-9A-F]{4})/ && print "$1\n"' \
  | xargs -I% efibootmgr --quiet --delete-bootnum --bootnum %
efibootmgr --quiet --delete-bootorder
# install the current OS boot option.
grub-install

While trying to transpose this to tinkerbell, I've failed to use the cexec action in this non-working workflow:

version: "0.1"
name: debian
global_timeout: 1800
tasks:
  - name: debian-install
    worker: '{{.device_1}}'
    volumes:
      - /dev:/dev
      - /sys/firmware/efi/efivars:/sys/firmware/efi/efivars
      - /worker:/worker
    actions:
      - name: install
        image: image2disk:v1.0.0
        environment:
          IMG_URL: '{{.img_url}}'
          COMPRESSED: true
          DEST_DISK: '{{.boot_device}}'
      - name: configure-uefi
        image: cexec:v1.0.0
        environment:
          BLOCK_DEVICE: '{{.boot_device}}3'
          FS_TYPE: ext4
          CHROOT: y
          DEFAULT_INTERPRETER: /bin/bash -euxo pipefail -c
          CMD_LINE: |
            # delete all the boot options (the firmware will recover them at the next boot).
            # you can also explicitly install it.
            mount
            efibootmgr
            efibootmgr \
              | perl -n -e '/^Boot([0-9A-F]{4})/ && print "$1\n"' \
              | xargs -I% efibootmgr --quiet --delete-bootnum --bootnum %
            efibootmgr --quiet --delete-bootorder
            grub-install --root-directory=/boot {{.boot_device}}
            efibootmgr
      - name: reboot
        image: reboot

This fails to execute the configure-uefi action because the /sys/firmware/efi/efivars is not mounted in the cexec created chroot:

So, how can this be done?

Should a new action for the efibootmgr exist? and only use cexec for running grub-install?

[rgl]

FWIW, I've created a new reset-uefi-boot action that deletes all the BootXXX UEFI variables with efibootmgr --quiet --delete-bootnum --bootnum and is executed in a workflow like:

version: "0.1"
name: debian
global_timeout: 1800
tasks:
  - name: debian-install
    worker: '{{.device_1}}'
    volumes:
      - /dev:/dev
      - /sys/firmware/efi/efivars:/sys/firmware/efi/efivars
      - /worker:/worker
    actions:
      - name: install
        image: image2disk:v1.0.0
        environment:
          IMG_URL: '{{.img_url}}'
          COMPRESSED: true
          DEST_DISK: '{{.boot_device}}'
      - name: reset-uefi-boot
        image: reset-uefi-boot
      - name: reboot
        image: reboot

[tstromberg]

@thebsdbox @displague - is this something you could provide insight on?

[displague]

@rgl It looks like this mount point should be available:

• https://github.com/linuxkit/linuxkit/blob/45429986290f3811b6da093e8fdbbaffce96616e/pkg/init/cmd/rc.init/main.go#L225
• https://github.com/tinkerbell/hook/blob/main/kernel/config-5.10.x-x86_64#L4061

Can you change mount to cat /proc/self/mounts (notice how worker is not included, good explanation at https://unix.stackexchange.com/a/91961/105417)

If it is not mounted, can we try mounting manually to see what that looks like:
mount -t efivarfs efivarfs /sys/firmware/efi/efivars

Can we also check that the system is booting into UEFI mode?
Some https://bbs.archlinux.org/viewtopic.php?id=249546

efivar-tester looks to be included with the efivars package.

[displague]

@thebsdbox will be back later in the week (or next week) and might have other ideas.

@rgl Is your reset-uefi-boot image source available? How does this differ?

[thebsdbox]

This is ace, definitely something that would make sense to add to the hub.

[rgl]

@displague, its at https://github.com/rgl/rpi-tinkerbell-vagrant/tree/master/actions/reset-uefi-boot

I'm using it at https://github.com/rgl/rpi-tinkerbell-vagrant/blob/master/templates/debian/workflow-template.yml

If it makes sense, I can contribute it.

[displague]

@rgl Contributing your action sounds good - https://github.com/tinkerbell/hub

[displague]

Should a new action for the efibootmgr exist? and only use cexec for running grub-install?

In light of your new project, would you say this is safe to close @rgl ?

[rgl]

Should a new action for the efibootmgr exist? and only use cexec for running grub-install?

In light of your new project, would you say this is safe to close @rgl ?

@displague sorry, what new project?

[nshalman]

Should a new action for the efibootmgr exist? and only use cexec for running grub-install?

In light of your new project, would you say this is safe to close @rgl ?

@displague sorry, what new project?

I imagine the idea was for you to contribute https://github.com/rgl/rpi-tinkerbell-vagrant/tree/master/actions/reset-uefi-boot to https://github.com/tinkerbell/hub if you're up for it, @rgl.

[mmlb]

Hey @rgl I think we can close this issue right? Looks like you've figured out how to configure UEFI boot options. We'd love for you to contribute your action to hub, but thats outside of the issue I think.