Re: [gentoo-user] EFI booting problem - understanding it
On Fri, Jul 3, 2020, at 9:52 AM, Peter Humphrey wrote: > On Friday, 3 July 2020 03:05:34 BST Andrew Udvare wrote: > > On 02/07/2020 06:56, Peter Humphrey wrote: > > > But then, > > > # bootctl set-default 30-gentoo-5.7.7.conf > > > Failed to update EFI variable: Invalid argument > > > > Probably the kernel is blocking write access to EFI. This is on purpose > > for safety as you can damage your firmware quite easily. systemd-boot > > and others do not have this restriction. > > Is there some way for me to remove this restriction temporarily? > > > You also should be careful writing to the EFI too much as the NVRAM flash > > may > > not be of high quality. > > Yes, I do only write to it when I have to. I hope Asus would use decent- > quality components though. > They may not have a choice. The flash memory made for "embedded" applications can be very low quality. Typically I see write capability maxing out at 100k. Some devices only offer 10k due to inappropriate cost optimization. These numbers can be particularly visible if there is no wear levelling, which there usually isn't. Anything higher seems to be only available for storage applications. > > https://lwn.net/Articles/674940/ > > Interesting - thanks. > > > You can try using `chattr -i` against the files like: > > > > chattr -i /sys/firmware/efi/efivars/Boot* > > > > Then you can try with bootctl and others, but this is not guaranteed to > > work. > > Those files were already among the 17 that were mutable. It seems I > need to find > which of the other 117 files I need to make mutable. > > > On my ASUS motherboard I haven't been able to write to EFI variables > > from within Linux for a long time. I have to add my keys in the BIOS and > > set the default in systemd-boot. > > Looks like I'm in the same boat. Except that setting the default in systemd- > boot is exactly what I can't do! > > > The logic to write to a file in efivars is here: > > > > https://github.com/torvalds/linux/blob/master/fs/efivarfs/file.c#L15 > > > > If you use strace with bootctl you'll probably see one of these errno > > values. > > I think what I'm seeing comes from this: > > if (attributes & ~(EFI_VARIABLE_MASK)) > return -EINVAL; > > Perhaps I should just stop here and revert to setting the default at the UEFI > boot-choice screen. > > Many thanks for your help, Andrew. > > -- > Regards, > Peter. > > > > >
Re: [gentoo-user] EFI booting problem - understanding it
On Friday, 3 July 2020 03:05:34 BST Andrew Udvare wrote: > On 02/07/2020 06:56, Peter Humphrey wrote: > > But then, > > # bootctl set-default 30-gentoo-5.7.7.conf > > Failed to update EFI variable: Invalid argument > > Probably the kernel is blocking write access to EFI. This is on purpose > for safety as you can damage your firmware quite easily. systemd-boot > and others do not have this restriction. Is there some way for me to remove this restriction temporarily? > You also should be careful writing to the EFI too much as the NVRAM flash may > not be of high quality. Yes, I do only write to it when I have to. I hope Asus would use decent- quality components though. > https://lwn.net/Articles/674940/ Interesting - thanks. > You can try using `chattr -i` against the files like: > > chattr -i /sys/firmware/efi/efivars/Boot* > > Then you can try with bootctl and others, but this is not guaranteed to > work. Those files were already among the 17 that were mutable. It seems I need to find which of the other 117 files I need to make mutable. > On my ASUS motherboard I haven't been able to write to EFI variables > from within Linux for a long time. I have to add my keys in the BIOS and > set the default in systemd-boot. Looks like I'm in the same boat. Except that setting the default in systemd- boot is exactly what I can't do! > The logic to write to a file in efivars is here: > > https://github.com/torvalds/linux/blob/master/fs/efivarfs/file.c#L15 > > If you use strace with bootctl you'll probably see one of these errno > values. I think what I'm seeing comes from this: if (attributes & ~(EFI_VARIABLE_MASK)) return -EINVAL; Perhaps I should just stop here and revert to setting the default at the UEFI boot-choice screen. Many thanks for your help, Andrew. -- Regards, Peter.
Re: [gentoo-user] EFI booting problem - understanding it
On Friday, 3 July 2020 03:05:34 BST Andrew Udvare wrote: > Morning all, > > I'm trying to set the default boot entry via bootctl or efibootmgr. I know I > can set it directly by pressing D at the boot selection screen, and the > system does boot properly; I just want to understand the setup a bit > better. I don't have the rest of systemd: this is an openrc box. > > # tree -L 3 /boot > /boot > ├── config-5.4.48-gentoo > ├── config-5.4.48-gentoo-rescue > ├── config-5.7.6-gentoo > ├── config-5.7.7-gentoo > ├── early_ucode.cpio > ├── EFI > │ ├── Boot > │ │ └── bootx64.efi > │ ├── Linux > │ ├── Microsoft > │ │ ├── Boot > │ │ └── Recovery > │ └── systemd > │ └── systemd-bootx64.efi > ├── intel-uc.img > ├── loader > │ ├── entries > │ │ ├── 08-gentoo-5.4.48-rescue.conf > │ │ ├── 09-gentoo-5.4.48-rescue.nonet.conf > │ │ ├── 30-gentoo-5.7.7.conf > │ │ ├── 32-gentoo-5.7.7.nox.conf > │ │ ├── 34-gentoo-5.7.7.nonet.conf > │ │ ├── 40-gentoo-5.4.48.conf > │ │ ├── 42-gentoo-5.4.48.nox.conf > │ │ └── 44-gentoo-5.4.48.nonet.conf > │ ├── loader.conf > │ └── random-seed > ├── System.map-5.4.48-gentoo > ├── System.map-5.4.48-gentoo-rescue > ├── System.map-5.7.6-gentoo > ├── System.map-5.7.7-gentoo > ├── vmlinuz-5.4.48-gentoo > ├── vmlinuz-5.4.48-gentoo-rescue > ├── vmlinuz-5.7.6-gentoo > └── vmlinuz-5.7.7-gentoo > > # bootctl status > --->8 > Default Boot Loader Entry: > title: Gentoo 5.4.48 (No network) >id: 44-gentoo-5.4.48.nonet.conf > --->8 > > 44-gentoo-5.4.48.nonet.conf is the last entry in /boot/loader/entries. > > Man bootctl says: > set-default ID, set-oneshot ID > Sets the default boot loader entry. Takes a single boot loader entry ID > string as argument... > > But then, > # bootctl set-default 30-gentoo-5.7.7.conf > Failed to update EFI variable: Invalid argument > > ...in spite of this: > # cat /boot/loader/entries/30-gentoo-5.7.7.conf > title Gentoo 5.7.7 > version 5.7.7-gentoo > linux vmlinuz-5.7.7-gentoo > initrd=intel-uc.img > options root=/dev/nvme0n1p4 net.ifnames=0 raid=noautodetect > > ...and this: > # mount | grep efi > efivarfs on /sys/firmware/efi/efivars type efivarfs > (rw,nosuid,nodev,noexec,relatime) > > I've also tried telling efibootmgr to set the default. > > # efibootmgr > BootNext: 0007 > BootCurrent: 0007 > Timeout: 2 seconds > BootOrder: 000B,0007,0006,,000C,000D > Boot* Windows Boot Manager > Boot0006* UEFI OS > Boot0007* Linux Boot Manager > Boot000B* CD/DVD Drive > Boot000C* Hard Drive > Boot000D* Removable Drive > > Efibootmgr -n 7 seems to make no difference, as expected, but: > # efibootmgr -N 7 > Boot entry 0001 does not exist I can't comment on the systemd's bootctl, because I don't use it, by as I understand it 'efibootmgr --delete-bootnext' will clear the BootNext entry in UEFI settings and does not take a boot entry number as a variable on the CLI. I can't answer why "7" in your entry above returns a comment about "Boot entry 0001" ... which is obviously absent. signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] EFI booting problem - understanding it
On 02/07/2020 06:56, Peter Humphrey wrote: > But then, > # bootctl set-default 30-gentoo-5.7.7.conf > Failed to update EFI variable: Invalid argument Probably the kernel is blocking write access to EFI. This is on purpose for safety as you can damage your firmware quite easily. systemd-boot and others do not have this restriction. You also should be careful writing to the EFI too much as the NVRAM flash may not be of high quality. https://lwn.net/Articles/674940/ You can try using `chattr -i` against the files like: chattr -i /sys/firmware/efi/efivars/Boot* Then you can try with bootctl and others, but this is not guaranteed to work. On my ASUS motherboard I haven't been able to write to EFI variables from within Linux for a long time. I have to add my keys in the BIOS and set the default in systemd-boot. The logic to write to a file in efivars is here: https://github.com/torvalds/linux/blob/master/fs/efivarfs/file.c#L15 If you use strace with bootctl you'll probably see one of these errno values. Andrew signature.asc Description: OpenPGP digital signature
[gentoo-user] EFI booting problem - understanding it
Morning all, I'm trying to set the default boot entry via bootctl or efibootmgr. I know I can set it directly by pressing D at the boot selection screen, and the system does boot properly; I just want to understand the setup a bit better. I don't have the rest of systemd: this is an openrc box. # tree -L 3 /boot /boot ├── config-5.4.48-gentoo ├── config-5.4.48-gentoo-rescue ├── config-5.7.6-gentoo ├── config-5.7.7-gentoo ├── early_ucode.cpio ├── EFI │ ├── Boot │ │ └── bootx64.efi │ ├── Linux │ ├── Microsoft │ │ ├── Boot │ │ └── Recovery │ └── systemd │ └── systemd-bootx64.efi ├── intel-uc.img ├── loader │ ├── entries │ │ ├── 08-gentoo-5.4.48-rescue.conf │ │ ├── 09-gentoo-5.4.48-rescue.nonet.conf │ │ ├── 30-gentoo-5.7.7.conf │ │ ├── 32-gentoo-5.7.7.nox.conf │ │ ├── 34-gentoo-5.7.7.nonet.conf │ │ ├── 40-gentoo-5.4.48.conf │ │ ├── 42-gentoo-5.4.48.nox.conf │ │ └── 44-gentoo-5.4.48.nonet.conf │ ├── loader.conf │ └── random-seed ├── System.map-5.4.48-gentoo ├── System.map-5.4.48-gentoo-rescue ├── System.map-5.7.6-gentoo ├── System.map-5.7.7-gentoo ├── vmlinuz-5.4.48-gentoo ├── vmlinuz-5.4.48-gentoo-rescue ├── vmlinuz-5.7.6-gentoo └── vmlinuz-5.7.7-gentoo # bootctl status --->8 Default Boot Loader Entry: title: Gentoo 5.4.48 (No network) id: 44-gentoo-5.4.48.nonet.conf --->8 44-gentoo-5.4.48.nonet.conf is the last entry in /boot/loader/entries. Man bootctl says: set-default ID, set-oneshot ID Sets the default boot loader entry. Takes a single boot loader entry ID string as argument... But then, # bootctl set-default 30-gentoo-5.7.7.conf Failed to update EFI variable: Invalid argument ...in spite of this: # cat /boot/loader/entries/30-gentoo-5.7.7.conf title Gentoo 5.7.7 version 5.7.7-gentoo linux vmlinuz-5.7.7-gentoo initrd=intel-uc.img options root=/dev/nvme0n1p4 net.ifnames=0 raid=noautodetect ...and this: # mount | grep efi efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime) I've also tried telling efibootmgr to set the default. # efibootmgr BootNext: 0007 BootCurrent: 0007 Timeout: 2 seconds BootOrder: 000B,0007,0006,,000C,000D Boot* Windows Boot Manager Boot0006* UEFI OS Boot0007* Linux Boot Manager Boot000B* CD/DVD Drive Boot000C* Hard Drive Boot000D* Removable Drive Efibootmgr -n 7 seems to make no difference, as expected, but: # efibootmgr -N 7 Boot entry 0001 does not exist # cat /boot/loader/loader.conf default 30-gentoo-5.7.7
