> Op 27-04-2023 13:52 CEST schreef Klemens Nanni <[email protected]>:
>
>
> Another approach would be to make installboot(8) -p to retain existing
> EFI Sys partitions instead of always recreating them.
I don't think it is the job of installboot(8) to device whether the ESP
should be retained or not. If you want to retain the ESP, don't run
installboot -p!
Since that is what Caspar's diff does, I ave no objection to it.
However, I do think we shouldn't be creating an EFI system partition on the
softraid
volume in the first place; only on the underlying physical disk(s). But I
appreciate
that is a different diff.
> This way, it was nothing to do with softraid, but installing on machines
> like Apple arm64 depends on existing non-OpenBSD partitions and files on
> them.
And we will need this behaviour on other systems as well. The Apple systems
are not unqie.
> We hacked 'installboot -p' to do the 'try mount, fsck, retry mount, newfs'
> dance it does in its normal mode (no '-p'), but that its own design choice
> spilling over to all supported installboot architectures.
>
> For this apple case, it'd be nice to have a sort of idempotent
> 'installboot -p', but at this point it seems overkill and I prefer to fix
> it like caspar did down in the arm64 apple specific installer bits.
>
> This is nicely contained and has no behaviour changes for machines without
> APFS ISC.
>
> On Thu, Apr 27, 2023 at 12:31:09PM +0100, Caspar Schutijser wrote:
> > I was trying to install OpenBSD on the arm64 MacBook Air with
> > softraid crypto (that's the "Encrypt the root disk?" question in the
> > installer). Right now that does not work out of the box.
> >
> > In a regular install, md_prep_fdisk is careful and leaves the EFI Sys
> > partition alone with the "if disk_has $_disk gpt apfsisc" check.
> >
> > However, in the "encrypt the root disk" case, the installer goes through
> > md_prep_fdisk twice. The second time, it's called on the softraid crypto
> > disk, which does not have the special EFI Sys partition. So there we
> > don't hit the special "if disk_has $_disk gpt apfsisc" case. Instead,
> > we go to a more regular case where we end up running "installboot -p".
> >
> > Because it's a softraid disk, installboot also looks at the "chunks"
> > that the softraid volume resides on. I.e., it also looks at sd0 and
> > there "installboot -p" will newfs the EFI Sys partition, which is
> > something we don't want on the Mac.
> >
> > This diff addresses this problem. The first time we go through
> > md_prep_fdisk, we keep track of whether we're in this special Mac
> > case by setting KEEP_EFI_SYS. Then when we go through md_prep_fdisk
> > for the second time to prepare the softraid disk, we can check this
> > variable to see if we should avoid running "installboot -p".
> >
> > Debugged with help from and came up with a fix with kn@, thanks!
> >
> > Comments or OKs?
> >
> > Caspar
> >
> > ---
> >
> > arm64 install.md: fix softraid crypto installation on Mac
> >
> > Make sure we don't newfs the EFI Sys partition on systems that have an
> > "apfsisc" partition in the case we're installing with softraid crypto.
> >
> > Debugged with help from and came up with a fix with kn@
> >
> >
> > Index: install.md
> > ===================================================================
> > RCS file: /cvs/src/distrib/arm64/ramdisk/install.md,v
> > retrieving revision 1.46
> > diff -u -p -r1.46 install.md
> > --- install.md 27 Apr 2023 10:03:49 -0000 1.46
> > +++ install.md 27 Apr 2023 11:26:56 -0000
> > @@ -36,6 +36,7 @@ MDBOOTSR=y
> > NCPU=$(sysctl -n hw.ncpufound)
> > COMPATIBLE=$(sysctl -n machdep.compatible)
> > MOUNT_ARGS_msdos="-o-l"
> > +KEEP_EFI_SYS=false
> >
> > md_installboot() {
> > local _disk=$1 _chunks _bootdisk _mdec _plat
> > @@ -109,6 +110,11 @@ md_prep_fdisk() {
> > [wW]*)
> > echo -n "Creating a ${bootfstype} partition and an
> > OpenBSD partition for rest of $_disk..."
> > if disk_has $_disk gpt apfsisc; then
> > + # On Apple hardware, the existing EFI Sys
> > + # partition contains boot firmware and MUST NOT
> > + # be recreated.
> > + KEEP_EFI_SYS=true
> > +
> > # Is this a boot disk?
> > if [[ $_disk == @($ROOTDISK|$CRYPTOCHUNK) ]];
> > then
> > fdisk -Ay -b "${bootsectorsize}"
> > ${_disk} >/dev/null
> > @@ -119,13 +125,20 @@ md_prep_fdisk() {
> > # Is this a boot disk?
> > if [[ $_disk == @($ROOTDISK|$CRYPTOCHUNK) ]];
> > then
> > fdisk -gy -b "${bootsectorsize}"
> > ${_disk} >/dev/null
> > - installboot -p $_disk
> > +
> > + # With root on softraid,
> > + # 'installboot -p' on the root disk
> > + # nukes EFI Sys on the chunks.
> > + $KEEP_EFI_SYS || installboot -p $_disk
> > else
> > fdisk -gy ${_disk} >/dev/null
> > fi
> > else
> > fdisk -iy -b
> > "${bootsectorsize}@${bootsectorstart}:${bootparttype}" ${_disk} >/dev/null
> > - installboot -p $_disk
> > +
> > + # With root on softraid, 'installboot -p' on
> > + # the root disk nukes EFI Sys on the chunks.
> > + $KEEP_EFI_SYS || installboot -p $_disk
> > fi
> > echo "done."
> > return ;;
> >
