-
Notifications
You must be signed in to change notification settings - Fork 305
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
systemd-boot support #1719
Comments
That sounds likely yes. I have no opposition to supporting |
Maybe just check for its EFI file? GRUB is a little easily to have automatically installed accidentally forget about it, but systemd-boot is usually manually (and therefore consciously) installed. |
I've run into this issue also. I'm trying to develop a distro around OSTree and I'd much rather use systemd-boot than grub for efi |
@cgwalters Can the bootloader detection issue be solved with a simple config file? OSTree, when running Another possibility is to have the installer tell OSTree which bootloader to use. I'd prefer this option, since this gives the installer script the flexibility to decide on the bootloader, not the tree. This way, boot installation/config all happens in one place. Something like: If the config file doesn't exist/command wasn't run, OSTree can (temporarily) fall back to the current behavior |
For people who are building libostree from source (as it sounds like you are?), one thing we could pretty easily do is add a build-time option, like My main hesistation on this is where to put the config file, but thinking about it as I'm typing, we could add it as an entry in the repo config? Something like
|
@cgwalters Yes, I am building libostree from source. An option like this would be sufficient. The problem with it is that it will restrict the entire system to a single bootloader. If the user prefers Grub and replaces sd-boot, suddenly OSTree deployments break. You'd need to recompile OSTree to boot with Grub. For minimal distros, though, it would be nice to trim down ostree by restricting bootloader support Putting it in the repo config would be perfect! This also automatically gives a cli command, since |
FWIW ostree also does stuff like chmod the kernel file's permissions when it saves it to /boot, but that can't be done with systemd-boot (since it only supports kernels on the ESP, which is fat). |
@kirbyfan64 can it not just skip that step? I've been manually copying things from /boot to /boot/efi without issue |
It could, I'm just pointing out that it would also need to be changed |
Any update on this? |
@cgwalters I've been able to mess about with my distro and get some insight about the relationship between systemd, by default, really wants the ESP to be mounted to either I've been able to temporarily get OSTree working like so: I have a OSTree depends on symlinks in If, for compatability, you need to keep the old behavior, you can translate all of this new behavior to the What are your thoughts? |
PS: It would also be nice is OSTree could format its filenames for boot counting |
@cgwalters I'm unsure of you got pinged. What are your thoughts on my suggested reimplementation of |
There's extensive prior discussion of EFI and BLS and ostree - see e.g. #717 Let's keep this issue just about having the bootloader be configurable. |
@cgwalters Certainly. That issue seems more grub oriented and less EFI but I moved the ESP discussion to #1649. Moreover, isn't the issue of supporting sd-boot really just an issue of supporting the ESP? I don't see any problems with having a simple repo config option for determining which files to generate on deploy. Maybe you could even support having a list, and if absent the value would be You could support sd-boot's bootcounting the same way. A config option would determine the number appended to the end of generated boot options Like so:
|
|
I used systemd-boot ("gummitboot") with "normal" Fedora in the past. As I remember this worked fine - but if you want to use "Secure Boot" you had to use this solution (also /boot must have vfat format which anaconda will not allow - so you have to do this as a manual step): https://blog.hansenpartnership.com/linux-foundation-secure-boot-system-released/ As far as I understood secure boot has to been done in a complete different way wiht systemd-boot. You cannot just sign your kernel but have always add a hash signature to the MokList. I had one PC where this did not work. So I don't know whether this is a solution wwill be maintained in future. And if systemd-boot is only usable if you disable Secure Boot then I would stay with grub. But only for this reason - otherwise I would always prefer systemd-boot. |
@fansari you should research shim. It allows two different ways to do secure boot: the MokList, basically a list of hashes of EFI binaries that are safe to run, and with signed binaries. I think systemd-boot has little to do with it to be honest Also, unless I'm missing something this is seemingly unrelated to the issue. |
Just wanted to clarify the status. Can we have milestone for this or something, to track it better? |
Looks like the prerequisites for #1967, proper atomic Also, this is not necessary if boot counting is leveraged: there can be always one known-good version present if done correctly. The Concurrently, unified kernels made their ways into the fray with the exact same boot counting semantics. One way |
I was able to switch to systemd-boot on my Fedora Silverblue 37 installation by changing the partition type of EDIT: I had to also install the ext4 EFI file system driver from efifs into my EFI partition to get sd-boot to recognize my /boot partition. |
@godvino can you please explain what exact files you got from efifs(they only have ext2 files?) and where exactly you put them? |
Hey everyone, I'm looking to build ostree-based Garden Linux system, and for GL we absolutely require systemd-boot instead of grub. In this POC stage, building ostree myself (also from a non-main branch) would be fine, but in the long run it would be great if this was a standard feature of ostree. Can someone give me some pointers on the current status of this? I'm not yet familiar with ostree internals, but I'd be okay to spend time looking into this. |
@fwilhe if Garden Linux does non-UKI bls-based booting, the contributions required to get sd-boot working should be minimal... UKI support is in progress... Here are some build logs of how an ostree-based image is composed:
so I recommend looking at the ostree osbuild python script stages to get an idea of how to compose an ostree-based OS. |
Hi @ericcurtin, thanks for your hint, I did make quite some progress meanwhile and I got a booting system using systemd-boot. I did not expect this to work and it might actually not be working properly, at least that's my suspicion for the cause of issue #3022. Assuming non-UKI setup (which is good enough for now), can you give me some pointers of what kind of contributions you mean? I did look into the bootloader specific code of ostree, but I'm not sure what systemd-boot specific code would need to do. Best, |
@fwilhe I don't actually know what specifically needs to change, just gotta keep building ostree based images with sd-boot and see what isn't working I guess... |
Which file are you referencing to @ericcurtin? |
The ostree python scripts here: https://github.com/osbuild/osbuild/tree/main/stages that's how we build ostree based OS's, the log I posted above describes the order in which they are called. |
There's probably grub assumptions you are gonna come across that need to be sorted out. |
This would need to be completed also #1967, not sure if @valentindavid wants to complete or if he wants to hand it off to someone else. |
I will try to remember it. I will see if I can find time to rebase and address the directory version concern. But if someone else takes over, I am fine with it. |
Are there any existing tests/PoCs/example for that? Not sure what it's worth, but I've put my debian/sd-boot based experiment here. It's booting, but it is not really functioning. |
I haven't seen anyone reply to this. So I will document how I got systemd-boot working on Silverblue 39. So far, it seems everything works. Make sure secure boot is disabled.
This has the benefit of also not putting kernel images on the efi partition, which is usually smaller than /boot. Grub will continue to work as well. |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
After transitioning to a separate /boot partition I started to see this error: $ bootctl
Failed to open '/boot//loader/entries': Remote address changed
... this is with systemd-boot or grub, regardless. If I return to my previous /boot placement (on btrfs subvolume), I see no such error. I have no idea where this error comes from. |
I am personally not keen on adding attack surface to I've had success mounting the ESP on The problem is that it's very clunky at the moment and the boot-blessing mechanism is different from the bootloader specs'. Actually, if fcos could create UKIs and use grub's own (undocumented) support for the bootloader spec, switching bootloaders would become nearly trivial. |
Any advice on this? PS: PPS: |
However, it might be an issue with OSTree itself, too. |
@AdrianVovk Regarding boot counting support, I've created a PR for this #3310 |
From what I can tell, this is basically present (since the loader syntax is identical), except systemd-boot needs the loaders and kernels to be on the ESP (/boot/efi), not where OSTree places them currently (/boot)...
The text was updated successfully, but these errors were encountered: