On Monday, December 2, 2024 at 4:52:21 AM UTC-5 Jan Kiszka wrote:
On 27.11.24 21:20, Maxime Roussin-Bélanger wrote: > Hello, > > When *efibootguard* encounters the same label on multiple volumes, it > might select the wrong volume to boot from. > > To reproduce this issue, consider a device with two *efibootguard-boot* > partition labels, |BOOT0| and |BOOT1|. Additionally, a USB stick with a > live image has the same *efibootguard-boot* labels. When we attempt to > boot from the USB stick via the BIOS, *efibootguard* will load the EFI > configuration from the USB stick but might boot from another volume with > a matching label. The behavior appears somewhat random. > > The function |FileDevicePathFromConfig| does not seem to verify whether > the selected device actually owns the volume; it simply matches the > label and proceeds to boot from that volume. > > Is this a user configuration error, or does it indicate a bug in > *efibootguard*? Well, it is an unexpected behavior of EBG, for sure, specifically because it already prioritizes configs from the boot medium. We may have to sort not only the config_volumes in filter_cfg_parts but rather the actual entries in volumes itself. That should give labels on the boot medium precedence. OTOH, it is a user mistake for provide a second medium with identical labeling. Actually, why do you use EBG on that live stick at all? Will that stick be updated like a disk? Hi, We primarily use that live stick for rescue purposes, and it shares the same base template: https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/a23133c5b481341bbfb510e0cbaa043cd34565c1/wic/ebg-sysparts.inc This template is used for our live image and another image we install on the NVMe. This approach ensures the boot process remains consistent, simplifying maintenance. While we could use GRUB or another bootloader, we prefer keeping things simple by maintaining almost identical configurations across our images. Max. Jan -- Siemens AG, Technology Linux Expert Center -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/efibootguard-dev/083df89b-a68b-4351-8b9c-5847b56e68abn%40googlegroups.com.
