UEFI boot
Meik Hellmund
Meik.Hellmund at math.uni-leipzig.de
Mon Feb 3 19:10:54 CET 2014
Hi,
I tried a FAI installation with UEFI clients.
What I did in the end is surely not optimal. But perhaps
it's interesting for some people on this list
or you can give me some advice when I didn't do things
the "fai way".
The FAI server runs Debian/Sid (January 2014),
the clients get Wheezy, all for 64bit only.
Regards, Meik
Here are my notes:
A) TFTP configuration
- pxelinux does not support EFI network boot, have to use grub2
- Therefore, things like "fai-chboot -o ..." do not work, one has to
change the DHCP configuration after successful client install
by hand
On the TFTP server:
- install grub2-efi:
#apt-get install efibootmgr grub2-common/experimental grub-efi-amd64-bin/experimental
This will not try to install efi boot on the server. That would only
happen by installing grub-efi-amd64 which conflicts/deinstalls grub-pc.
Grub version 2.00 in Sid has bugs and can't load a kernel via tftp.
Version 2.02 from experimental works for me.
- populate /srv/tftp/fai/efi:
#grub-mknetdir --net-directory /srv/tftp/ --subdir fai/efi
#cp /usr/share/grub/unicode.pf2 /srv/tftp/fai/efi
- create /srv/tftp/fai/efi/grub.cfg
and take the data for the meuentry (kernel name, all kernel options)
from /srv/tftp/fai/pxelinux.cfg/default
#-------------grub.cfg for network boot (kernel loaded via tftp) -----------
set menu_color_normal=white/black
set menu_color_highlight=black/light-gray
set timeout=5
# for debug:
#set pager=1
#set debug=all
insmod efi_gop
insmod efi_uga
if loadfont ${prefix}/unicode.pf2
then
insmod gfxterm
set gfxmode=auto
set gfxpayload=keep
terminal_output gfxterm
fi
menuentry "Install Debian" {
linux (tftp)fai/vmlinuz-3.2.0-4-amd64 ip=dhcp root=/dev/nfs FAI_FLAGS ... ...
initrd (tftp)fai/initrd.img-3.2.0-4-amd64
}
#------- EOF -------------------------------
B) DHCP configuration
See https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s1-netboot-pxe-config-efi.html
The important lines in the DHCP config file are:
option arch code 93 = unsigned integer 16;
if option arch = 00:07 {
filename "fai/efi/x86_64-efi/core.efi";
} else {
filename "fai/pxelinux.0";
}
C) FAI configuration
1. /srv/fai/config/class/50-host-classes:
define a new class "UEFI" in addition to LILO/GRUB_PC/...,
make sure that for every client the right one of those classes is active
2. /etc/fai/NFSROOT: add the package "gdisk" which provides the
"sgdisk" command
3. /srv/fai/config/package_config/DEFAULT: add the two lines
PACKAGES aptitude UEFI
grub-pc- grub-efi-amd64 grub-efi-amd64-bin
4. /srv/fai/config/disk_config/...
make sure the disk configuration for UEFI clients
- uses disklabel:gpt and fstabkey:device
- the partition table starts with the EFI boot partition:
primary /boot/efi 1G vfat rw
- has only primary partitions (but as many as you like)
(I had a problem with the EFI partition: the uuid in /etc/fstab was
wrong, that's why I use the fstabkey:device option)
5. /srv/fai/config/scripts/UEFI/10-setup contains:
#!/bin/bash
error=0 ; trap "error=$((error|1))" ERR
set -a
[[ $FAI_ACTION != "softupdate" ]] || exit 0
# set up a correct EFI boot partition
umount /dev/sda1
sgdisk -t 1:ef00 /dev/sda
mkfs.vfat -F32 /dev/sda1
parted -s /dev/sda set 1 boot on
$ROOTCMD mkdir -p /boot/efi
mount /dev/sda1 $FAI_ROOT/boot/efi
# install grub
modprobe efivars
$ROOTCMD grub-install /dev/sda
$ROOTCMD update-grub
# for some faulty UEFI firmeware, one needs also this:
##$ROOTCMD mkdir -p /boot/efi/EFI/BOOT
##$ROOTCMD cp /boot/efi/EFI/debian/grubx64.efi /boot/efi/EFI/BOOT/bootx64.efi
exit $error
#---------------EOF-------------------------------
D) Client Firmware
disable secure UEFI, disable legacy boot, enable IPv4 network boot
That's it, works for me.
--
Meik Hellmund
Mathematisches Institut, Uni Leipzig
e-mail: Meik.Hellmund at math.uni-leipzig.de
http://www.math.uni-leipzig.de/~hellmund
More information about the linux-fai
mailing list