public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-user] EFI booting problem - understanding it
@ 2020-07-02 10:56 Peter Humphrey
  2020-07-03  2:05 ` Andrew Udvare
  0 siblings, 1 reply; 5+ messages in thread
From: Peter Humphrey @ 2020-07-02 10:56 UTC (permalink / raw
  To: gentoo-user

Morning all,

I'm trying to set the default boot entry via bootctl or efibootmgr. I know I
can set it directly by pressing D at the boot selection screen, and the system
does boot properly; I just want to understand the setup a bit better. I don't
have the rest of systemd: this is an openrc box.

# tree -L 3 /boot
/boot
├── config-5.4.48-gentoo
├── config-5.4.48-gentoo-rescue
├── config-5.7.6-gentoo
├── config-5.7.7-gentoo
├── early_ucode.cpio
├── EFI
│   ├── Boot
│   │   └── bootx64.efi
│   ├── Linux
│   ├── Microsoft
│   │   ├── Boot
│   │   └── Recovery
│   └── systemd
│       └── systemd-bootx64.efi
├── intel-uc.img
├── loader
│   ├── entries
│   │   ├── 08-gentoo-5.4.48-rescue.conf
│   │   ├── 09-gentoo-5.4.48-rescue.nonet.conf
│   │   ├── 30-gentoo-5.7.7.conf
│   │   ├── 32-gentoo-5.7.7.nox.conf
│   │   ├── 34-gentoo-5.7.7.nonet.conf
│   │   ├── 40-gentoo-5.4.48.conf
│   │   ├── 42-gentoo-5.4.48.nox.conf
│   │   └── 44-gentoo-5.4.48.nonet.conf
│   ├── loader.conf
│   └── random-seed
├── System.map-5.4.48-gentoo
├── System.map-5.4.48-gentoo-rescue
├── System.map-5.7.6-gentoo
├── System.map-5.7.7-gentoo
├── vmlinuz-5.4.48-gentoo
├── vmlinuz-5.4.48-gentoo-rescue
├── vmlinuz-5.7.6-gentoo
└── vmlinuz-5.7.7-gentoo

# bootctl status
--->8
Default Boot Loader Entry:
        title: Gentoo 5.4.48 (No network)
           id: 44-gentoo-5.4.48.nonet.conf
--->8

44-gentoo-5.4.48.nonet.conf is the last entry in /boot/loader/entries.

Man bootctl says:
set-default ID, set-oneshot ID
     Sets the default boot loader entry. Takes a single boot loader entry ID
     string as argument...

But then,
# bootctl set-default 30-gentoo-5.7.7.conf
Failed to update EFI variable: Invalid argument

...in spite of this:
# cat /boot/loader/entries/30-gentoo-5.7.7.conf
title Gentoo 5.7.7
version 5.7.7-gentoo
linux vmlinuz-5.7.7-gentoo
initrd=intel-uc.img
options root=/dev/nvme0n1p4 net.ifnames=0 raid=noautodetect

...and this:
# mount | grep efi
efivarfs on /sys/firmware/efi/efivars type efivarfs 
(rw,nosuid,nodev,noexec,relatime)

I've also tried telling efibootmgr to set the default.

# efibootmgr
BootNext: 0007
BootCurrent: 0007
Timeout: 2 seconds
BootOrder: 000B,0007,0006,0000,000C,000D
Boot0000* Windows Boot Manager
Boot0006* UEFI OS
Boot0007* Linux Boot Manager
Boot000B* CD/DVD Drive 
Boot000C* Hard Drive 
Boot000D* Removable Drive 

Efibootmgr -n 7 seems to make no difference, as expected, but:
# efibootmgr -N 7
Boot entry 0001 does not exist
# cat /boot/loader/loader.conf
default 30-gentoo-5.7.7

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-user] EFI booting problem - understanding it
  2020-07-02 10:56 [gentoo-user] EFI booting problem - understanding it Peter Humphrey
@ 2020-07-03  2:05 ` Andrew Udvare
  2020-07-03  8:36   ` Michael
  2020-07-03 14:52   ` Peter Humphrey
  0 siblings, 2 replies; 5+ messages in thread
From: Andrew Udvare @ 2020-07-03  2:05 UTC (permalink / raw
  To: gentoo-user


[-- Attachment #1.1: Type: text/plain, Size: 1063 bytes --]

On 02/07/2020 06:56, Peter Humphrey wrote:
> But then,
> # bootctl set-default 30-gentoo-5.7.7.conf
> Failed to update EFI variable: Invalid argument

Probably the kernel is blocking write access to EFI. This is on purpose
for safety as you can damage your firmware quite easily. systemd-boot
and others do not have this restriction. You also should be careful
writing to the EFI too much as the NVRAM flash may not be of high quality.

https://lwn.net/Articles/674940/

You can try using `chattr -i` against the files like:

chattr -i /sys/firmware/efi/efivars/Boot*

Then you can try with bootctl and others, but this is not guaranteed to
work.

On my ASUS motherboard I haven't been able to write to EFI variables
from within Linux for a long time. I have to add my keys in the BIOS and
set the default in systemd-boot.

The logic to write to a file in efivars is here:

https://github.com/torvalds/linux/blob/master/fs/efivarfs/file.c#L15

If you use strace with bootctl you'll probably see one of these errno
values.

Andrew


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-user] EFI booting problem - understanding it
  2020-07-03  2:05 ` Andrew Udvare
@ 2020-07-03  8:36   ` Michael
  2020-07-03 14:52   ` Peter Humphrey
  1 sibling, 0 replies; 5+ messages in thread
From: Michael @ 2020-07-03  8:36 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 3424 bytes --]

On Friday, 3 July 2020 03:05:34 BST Andrew Udvare wrote:
> Morning all,
> 
> I'm trying to set the default boot entry via bootctl or efibootmgr. I know I
> can set it directly by pressing D at the boot selection screen, and the
> system does boot properly; I just want to understand the setup a bit
> better. I don't have the rest of systemd: this is an openrc box.
> 
> # tree -L 3 /boot
> /boot
> ├── config-5.4.48-gentoo
> ├── config-5.4.48-gentoo-rescue
> ├── config-5.7.6-gentoo
> ├── config-5.7.7-gentoo
> ├── early_ucode.cpio
> ├── EFI
> │   ├── Boot
> │   │   └── bootx64.efi
> │   ├── Linux
> │   ├── Microsoft
> │   │   ├── Boot
> │   │   └── Recovery
> │   └── systemd
> │       └── systemd-bootx64.efi
> ├── intel-uc.img
> ├── loader
> │   ├── entries
> │   │   ├── 08-gentoo-5.4.48-rescue.conf
> │   │   ├── 09-gentoo-5.4.48-rescue.nonet.conf
> │   │   ├── 30-gentoo-5.7.7.conf
> │   │   ├── 32-gentoo-5.7.7.nox.conf
> │   │   ├── 34-gentoo-5.7.7.nonet.conf
> │   │   ├── 40-gentoo-5.4.48.conf
> │   │   ├── 42-gentoo-5.4.48.nox.conf
> │   │   └── 44-gentoo-5.4.48.nonet.conf
> │   ├── loader.conf
> │   └── random-seed
> ├── System.map-5.4.48-gentoo
> ├── System.map-5.4.48-gentoo-rescue
> ├── System.map-5.7.6-gentoo
> ├── System.map-5.7.7-gentoo
> ├── vmlinuz-5.4.48-gentoo
> ├── vmlinuz-5.4.48-gentoo-rescue
> ├── vmlinuz-5.7.6-gentoo
> └── vmlinuz-5.7.7-gentoo
> 
> # bootctl status
> --->8
> Default Boot Loader Entry:
>         title: Gentoo 5.4.48 (No network)
>            id: 44-gentoo-5.4.48.nonet.conf
> --->8
> 
> 44-gentoo-5.4.48.nonet.conf is the last entry in /boot/loader/entries.
> 
> Man bootctl says:
> set-default ID, set-oneshot ID
>      Sets the default boot loader entry. Takes a single boot loader entry ID
> string as argument...
> 
> But then,
> # bootctl set-default 30-gentoo-5.7.7.conf
> Failed to update EFI variable: Invalid argument
> 
> ...in spite of this:
> # cat /boot/loader/entries/30-gentoo-5.7.7.conf
> title Gentoo 5.7.7
> version 5.7.7-gentoo
> linux vmlinuz-5.7.7-gentoo
> initrd=intel-uc.img
> options root=/dev/nvme0n1p4 net.ifnames=0 raid=noautodetect
> 
> ...and this:
> # mount | grep efi
> efivarfs on /sys/firmware/efi/efivars type efivarfs
> (rw,nosuid,nodev,noexec,relatime)
> 
> I've also tried telling efibootmgr to set the default.
> 
> # efibootmgr
> BootNext: 0007
> BootCurrent: 0007
> Timeout: 2 seconds
> BootOrder: 000B,0007,0006,0000,000C,000D
> Boot0000* Windows Boot Manager
> Boot0006* UEFI OS
> Boot0007* Linux Boot Manager
> Boot000B* CD/DVD Drive
> Boot000C* Hard Drive
> Boot000D* Removable Drive
> 
> Efibootmgr -n 7 seems to make no difference, as expected, but:
> # efibootmgr -N 7
> Boot entry 0001 does not exist

I can't comment on the systemd's bootctl, because I don't use it, by as I 
understand it 'efibootmgr --delete-bootnext' will clear the BootNext entry in 
UEFI settings and does not take a boot entry number as a variable on the CLI.  
I can't answer why "7" in your entry above returns a comment about "Boot entry 
0001" ... which is obviously absent.

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-user] EFI booting problem - understanding it
  2020-07-03  2:05 ` Andrew Udvare
  2020-07-03  8:36   ` Michael
@ 2020-07-03 14:52   ` Peter Humphrey
  2020-07-03 20:57     ` Sid Spry
  1 sibling, 1 reply; 5+ messages in thread
From: Peter Humphrey @ 2020-07-03 14:52 UTC (permalink / raw
  To: gentoo-user

On Friday, 3 July 2020 03:05:34 BST Andrew Udvare wrote:
> On 02/07/2020 06:56, Peter Humphrey wrote:
> > But then,
> > # bootctl set-default 30-gentoo-5.7.7.conf
> > Failed to update EFI variable: Invalid argument
> 
> Probably the kernel is blocking write access to EFI. This is on purpose
> for safety as you can damage your firmware quite easily. systemd-boot
> and others do not have this restriction.

Is there some way for me to remove this restriction temporarily?

> You also should be careful writing to the EFI too much as the NVRAM flash may
> not be of high quality.

Yes, I do only write to it when I have to. I hope Asus would use decent-
quality components though.

> https://lwn.net/Articles/674940/

Interesting - thanks.

> You can try using `chattr -i` against the files like:
> 
> chattr -i /sys/firmware/efi/efivars/Boot*
> 
> Then you can try with bootctl and others, but this is not guaranteed to
> work.

Those files were already among the 17 that were mutable. It seems I need to find 
which of the other 117 files I need to make mutable.

> On my ASUS motherboard I haven't been able to write to EFI variables
> from within Linux for a long time. I have to add my keys in the BIOS and
> set the default in systemd-boot.

Looks like I'm in the same boat. Except that setting the default in systemd-
boot is exactly what I can't do!

> The logic to write to a file in efivars is here:
> 
> https://github.com/torvalds/linux/blob/master/fs/efivarfs/file.c#L15
> 
> If you use strace with bootctl you'll probably see one of these errno
> values.

I think what I'm seeing comes from this:

if (attributes & ~(EFI_VARIABLE_MASK))
	return -EINVAL;

Perhaps I should just stop here and revert to setting the default at the UEFI 
boot-choice screen.

Many thanks for your help, Andrew.

-- 
Regards,
Peter.





^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-user] EFI booting problem - understanding it
  2020-07-03 14:52   ` Peter Humphrey
@ 2020-07-03 20:57     ` Sid Spry
  0 siblings, 0 replies; 5+ messages in thread
From: Sid Spry @ 2020-07-03 20:57 UTC (permalink / raw
  To: gentoo-user



On Fri, Jul 3, 2020, at 9:52 AM, Peter Humphrey wrote:
> On Friday, 3 July 2020 03:05:34 BST Andrew Udvare wrote:
> > On 02/07/2020 06:56, Peter Humphrey wrote:
> > > But then,
> > > # bootctl set-default 30-gentoo-5.7.7.conf
> > > Failed to update EFI variable: Invalid argument
> > 
> > Probably the kernel is blocking write access to EFI. This is on purpose
> > for safety as you can damage your firmware quite easily. systemd-boot
> > and others do not have this restriction.
> 
> Is there some way for me to remove this restriction temporarily?
> 
> > You also should be careful writing to the EFI too much as the NVRAM flash may
> > not be of high quality.
> 
> Yes, I do only write to it when I have to. I hope Asus would use decent-
> quality components though.
> 

They may not have a choice. The flash memory made for "embedded" applications can be very low quality.
Typically I see write capability maxing out at 100k. Some devices only offer 10k due to inappropriate cost optimization. These numbers can be particularly visible if there is no wear levelling, which there usually isn't.

Anything higher seems to be only available for storage applications.

> > https://lwn.net/Articles/674940/
> 
> Interesting - thanks.
> 
> > You can try using `chattr -i` against the files like:
> > 
> > chattr -i /sys/firmware/efi/efivars/Boot*
> > 
> > Then you can try with bootctl and others, but this is not guaranteed to
> > work.
> 
> Those files were already among the 17 that were mutable. It seems I 
> need to find 
> which of the other 117 files I need to make mutable.
> 
> > On my ASUS motherboard I haven't been able to write to EFI variables
> > from within Linux for a long time. I have to add my keys in the BIOS and
> > set the default in systemd-boot.
> 
> Looks like I'm in the same boat. Except that setting the default in systemd-
> boot is exactly what I can't do!
> 
> > The logic to write to a file in efivars is here:
> > 
> > https://github.com/torvalds/linux/blob/master/fs/efivarfs/file.c#L15
> > 
> > If you use strace with bootctl you'll probably see one of these errno
> > values.
> 
> I think what I'm seeing comes from this:
> 
> if (attributes & ~(EFI_VARIABLE_MASK))
> 	return -EINVAL;
> 
> Perhaps I should just stop here and revert to setting the default at the UEFI 
> boot-choice screen.
> 
> Many thanks for your help, Andrew.
> 
> -- 
> Regards,
> Peter.
> 
> 
> 
> 
>


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2020-07-03 20:58 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-07-02 10:56 [gentoo-user] EFI booting problem - understanding it Peter Humphrey
2020-07-03  2:05 ` Andrew Udvare
2020-07-03  8:36   ` Michael
2020-07-03 14:52   ` Peter Humphrey
2020-07-03 20:57     ` Sid Spry

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox