[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Adding option to clearpart in kickstart to not set pmbr_boot flag?



On Tue, Jul 6, 2021 at 12:54 PM Brian C. Lane <bcl redhat com> wrote:
>
> On Sat, Jul 03, 2021 at 08:36:54AM -0400, Neal Gompa wrote:
> > Hey all,
> >
> > As a follow up to Chris' thread on hybrid BIOS/UEFI images[1], it was
> > pointed out that in order to build images that actually boot, I need
> > to make sure that the protective MBR boot flag isn't set. To implement
> > this for Fedora Cloud images, I'm using parted in %post[2]. However,
> > that has a major problem: I don't necessarily know what the block
> > device name is going to be. I'm making an educated guess, but for
> > third parties attempting to rebuild our images, that guess may be
> > wrong.
> >
> > What I'd like to see is the clearpart command getting a
> > --no-gpt-pmbr-boot-flag or similar that would allow me to do this
> > without having to write a magic snippet that includes a guess on how
> > this works.
> >
> > I imagine this would also be useful for RHEL/CentOS 9, since it would
> > simplify making hybrid boot images.
> >
> > What do y'all think?
>
> I really don't want to add new flags to pykickstart for every corner
> case, so I think this needs to be fixed some other way.
>
> blivet is what's actually responsible for setting this, see:
>
> https://github.com/storaged-project/blivet/blob/98e436074345974ab1f793f521f0483bdb6d3ba9/blivet/formats/disklabel.py#L187
>
> so changing that isn't a simple change.
>
> If I understand the issue, it's that KVM's UEFI firmware isn't booting
> with this set? This seems strange, since it looks like pmbr_boot is
> always set by blivet for non-mac UEFI installs, and it has been this way
> for a considerable amount of time.
>
> More importantly, the UEFI specification specifically states that UEFI
> firmware is to ignore the flag (it's called 'BootIndicator' in the
> spec) so if the firmware isn't recognizing it because of that flag it is
> a bug.
>

It is a bug, and I just fixed it in EDK2 upstream:
https://github.com/tianocore/edk2/commit/b3db0cb1f8d163f22b769c205c6347376a315dcd

But that doesn't change the ~10 years of UEFI firmware that don't
support this properly.




--
真実はいつも一つ!/ Always, there's only one truth!



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]