Hi,
While upgrading my FAI image to 5.10.1 it also updated the kernel to
the latest one from buster-backports (as expected per my NFSROOT
configuration) which currently is '5.10.0-0.bpo.3-amd64'. While doing
this I noticed that new installs that are using EFI was not booting
after FAI had run. The `grub-install` stage flagged with the following
warning message.
```
grub-install: warning: EFI variables are not supported on this system..
```
This points to that either '/sys/firmware/efi/vars' or
'/sys/firmware/efi/efivars' is not available, I'm not sure which one.
After some investigation I can conclude that '/sys/firmware/efi/vars'
is not available for the kernel version 5.10 while it is for kernel
version 4.19 during a FAI `install`. See the output bellow.
== 4.19 kernel ==
root # echo ${FAI_VERSION}
5.10.1
root # echo ${FAI_ACTION}
install
root # uname -r
4.19.0-14-amd64
root # grep -w CONFIG_EFI_VARS /boot/config-$(uname -r)
CONFIG_EFI_VARS=m
root # grep -A1 "task_updatebase" ${LOGDIR}/fai.log
Calling task_updatebase
Updating base
root # ls /sys/firmware/efi/efivars | wc -l
0
root # ls /sys/firmware/efi/vars | wc -l
35
root # ls -1 ${FAI_ROOT}/sys/firmware/efi/efivars/ | wc -l
0
root # ls -1 ${FAI_ROOT}/sys/firmware/efi/vars/ | wc -l
35
root # cat ${LOGDIR}/shell.log
...
===== shell: GRUB_EFI/10-setup =====
ainsl: appending to /target/etc/default/grub: GRUB_DISABLE_OS_PROBER=true
Installing for x86_64-efi platform.
Installation finished. No error reported.
Grub installed on /dev/sda = (hostdisk//dev/sda)
Generating grub configuration file ...
Found background image: /usr/share/images/desktop-base/desktop-grub.png
Found linux image: /boot/vmlinuz-4.19.0-14-amd64
Found initrd image: /boot/initrd.img-4.19.0-14-amd64
Found memtest86+ image: /memtest86+.bin
Found memtest86+ multiboot image: /memtest86+_multiboot.bin
Adding boot menu entry for EFI firmware configuration
done
GRUB_EFI/10-setup OK.
...
== 5.10 kernel ==
root # echo ${FAI_VERSION}
5.10.1
root # echo ${FAI_ACTION}
install
root # uname -r
5.10.0-0.bpo.3-amd64
root # grep -w CONFIG_EFI_VARS /boot/config-$(uname -r)
# CONFIG_EFI_VARS is not set
root # grep -A1 "task_updatebase" ${LOGDIR}/fai.log
Calling task_updatebase
Updating base
root # ls -1 /sys/firmware/efi/efivars | wc -l
0
root # ls -1 /sys/firmware/efi/vars | wc -l
ls: cannot access '/sys/firmware/efi/vars': No such file or directory
0
root # ls -1 ${FAI_ROOT}/sys/firmware/efi/efivars/ | wc -l
0
root # ls -1 ${FAI_ROOT}/sys/firmware/efi/vars/ | wc -l
ls: cannot access '/target/sys/firmware/efi/vars/': No such file or directory
0
root # cat ${LOGDIR}/shell.log
...
===== shell: GRUB_EFI/10-setup =====
ainsl: appending to /target/etc/default/grub: GRUB_DISABLE_OS_PROBER=true
Installing for x86_64-efi platform.
grub-install: warning: EFI variables are not supported on this system..
Installation finished. No error reported.
Grub installed on /dev/sda = (hostdisk//dev/sda)
Generating grub configuration file ...
Found background image: /usr/share/images/desktop-base/desktop-grub.png
Found linux image: /boot/vmlinuz-4.19.0-14-amd64
Found initrd image: /boot/initrd.img-4.19.0-14-amd64
Found memtest86+ image: /memtest86+.bin
Found memtest86+ multiboot image: /memtest86+_multiboot.bin
done
GRUB_EFI/10-setup OK.
...
== CONFIG_EFI_VARS ==
It seems that the 'CONFIG_EFI_VARS' kernel option has been disabled by
the Debian folks for at least the kernel version 5.10 [1] and might be
the reason why '/sys/firmware/efi/vars' is not populated.
Manually mounting `efivarfs` worked for me though I'm not sure if it is
the correct way of doing it. See the output bellow for the hook that
I'm using in my ${FAI} config.
== Workaround hook ==
root # cat ${FAI}/hooks/configure.GRUB_EFI
#!/bin/bash
# Mount efivarfs. Needed for 'scripts/GRUB_EFI/10-setup'.
# Check that we are actually running in EFI mode.
if [ -d /sys/firmware/efi ]; then
mount -t efivarfs efivarfs ${FAI_ROOT}/sys/firmware/efi/efivars
fi
== updatebase ==
While looking through the FAI source code I stumbled upon the
updatebase library which seems to be bind mounting `sysfs` while
${FAI_ACTION} is set to `install`. Should the above hook be implemented
in the updatebase library as well perhaps? It seems that manually
mounting efivarfs is encouraged [2].
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979299
[2] https://www.kernel.org/doc/Documentation/filesystems/efivarfs.txt
--
Markus
