On Tue, Mar 23, 2021 at 8:59 AM Michael Young <m.a.yo...@durham.ac.uk>
wrote:
>
>
> On Tue, 23 Mar 2021, Ian Jackson wrote:
>
> > Jan Beulich writes ("Re: [PATCH] xen: Create EFI_VENDOR directory"):
> >> On 23.03.2021 13:34, Jason Andryuk wrote:
> > ...
> >>> On Fedora, RPMs drop EFI binaries directly into /boot/efi/EFI/fedora/.
> >>> grub, shim, fwupdate and xen are all packaged that way. It seems
> >>> reasonable to have those important binaries tracked by the package
> >>> manager.
> >>>
> >>> Does SuSE populate EFI_VENDOR from EFI_DIR when some boot loader
> >>> script is called?
> >>
> >> Yes. And back at the time, when I consulted our EFI person, I was left
> >> with the impression that this is the only reasonable approach. The
> >> primary reason, as said, was that the EFI partition as a whole may get
> >> rebuilt perhaps even from scratch at any point. Hence it's not
> >> reasonable to expect package-managed files to live there.
> >
> > I agree with this analysis but it is for people like Fedora to decide
> > how they want to build their packages.
> >
> > There is also the case of ad-hoc packages (eg our "make debball")
> > which the user might reasonably choose to have dump things in the EFI
> > system partition.
> >
> > Conversely, I see no downside to the mkdir. Jan, is there some actual
> > harm in it ? If not, we should be accomodating to people's build and
> > packaging strategies even if we don't entirely approve of them.
>
> There is a request in https://bugzilla.redhat.com/show_bug.cgi?id=1750733
> for xen on Fedora to install the efi file elsewhere and then copy it to
> /boot/efi post install. I could change the current Fedora set up for
> Fedora 35 (which should have xen-4.15) if there is a good reason to do so.
> I am not sure how useful the xen.efi file in /boot/efi is anyway for the
> the Fedora set up as it will generally use a xen*.gz file in /boot via
> grub.
>
FWIW: /boot as the source of truth and EFI partition as a cache for that is
also what we've settled on in EVE distro.
As a somewhat unrelated side-note: on ARM at least, with u-boot playing the
role of UEFI more and more -- we can actually pick EFI payloads straight
from source of truth and completely by-pass EFI partition altogether (which
is fine -- it is, after all, only a cache).
Thanks,
Roman.
