Skip to content

qcom-minimal-image: empty /boot so the ESP can be mounted there#349

Open
Ricardo Salveti (ricardosalveti) wants to merge 1 commit into
qualcomm-linux:mainfrom
ricardosalveti:efi-boot
Open

qcom-minimal-image: empty /boot so the ESP can be mounted there#349
Ricardo Salveti (ricardosalveti) wants to merge 1 commit into
qualcomm-linux:mainfrom
ricardosalveti:efi-boot

Conversation

@ricardosalveti

Copy link
Copy Markdown
Contributor

On EFI machines the system boots from the ESP partition via UKIs, so the kernel and boot loader entries staged in /boot of the rootfs are never used. Worse, a non-empty /boot prevents systemd from mounting the ESP there at runtime.

Empty /boot at rootfs postprocess time, keeping the directory itself as the mountpoint. Guard on the efi machine feature, matching the ESP image's own gating, since on non-EFI machines /boot may be the real boot path.

This also aligns the regular images with the OTA-enabled ones, where meta-updater already splits the boot content out of the rootfs and ships an empty /boot. The cleanup is a no-op for the sota pipeline, which discards the rootfs /boot content on its own.

find ${IMAGE_ROOTFS}/boot -mindepth 1 -delete
fi
}
ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('MACHINE_FEATURES', 'efi', 'clean_boot_mountpoint; ', '', d)}"

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it should be COMBINED_FEATURES here, since you also need efi DISTRO_FEATURES to be enabled to ensure /boot is not needed, no?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But this is for the distro itself (meta-qcom-distro), and efi is enabled by default already.

@koenkooi

Copy link
Copy Markdown
Contributor

Doesn't systemd mount it at /boot/efi or /efi?

Comment thread recipes-products/images/qcom-minimal-image.bb Outdated
@quaresmajose

Copy link
Copy Markdown
Contributor

Although this solution works for our case, it generally doesn't work for those using other images. Perhaps it would be better to prevent the kernel and bootloader from being installed in /boot on EFI machines.

@ricardosalveti

Copy link
Copy Markdown
Contributor Author

Doesn't systemd mount it at /boot/efi or /efi?

Depends if they are empty directories or not, currently for qcom-distro builds it is mounted under /efi and qcom-distro-sota (ostree-based) it is mounted under /boot, this PR is to try to align on the behavior.

@ricardosalveti

Copy link
Copy Markdown
Contributor Author

Although this solution works for our case, it generally doesn't work for those using other images. Perhaps it would be better to prevent the kernel and bootloader from being installed in /boot on EFI machines.

The goal is just to fix for the qcom-distro default images, but yeah, ideally it should be fixed in OE-core but it is not trivial, as UKI gets decided at the image level at this point (and installing kernel under /boot makes sense when UKI is not used, for example).

@lumag Dmitry Baryshkov (lumag) left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My expectation is that ESP is mounted at /boot/efi, not just /boot.

@ricardosalveti

Copy link
Copy Markdown
Contributor Author

My expectation is that ESP is mounted at /boot/efi, not just /boot.

From https://uapi-group.org/specifications/specs/discoverable_partitions_specification/:

The ESP used for the current boot is automatically mounted to /boot/ or /efi/, unless a different partition is mounted there (possibly via /etc/fstab) or the mount point directory is non-empty on the root disk. If both ESP and XBOOTLDR exist, the /efi/ mount point shall be used for ESP.

By default /boot is not empty, so it is mounted under /efi. And it is not mounted because the kernel is installed there (not the UKI).

@lumag

Copy link
Copy Markdown
Contributor

My expectation is that ESP is mounted at /boot/efi, not just /boot.

From https://uapi-group.org/specifications/specs/discoverable_partitions_specification/:

The ESP used for the current boot is automatically mounted to /boot/ or /efi/, unless a different partition is mounted there (possibly via /etc/fstab) or the mount point directory is non-empty on the root disk. If both ESP and XBOOTLDR exist, the /efi/ mount point shall be used for ESP.

Interesting. So, e.g. Debian (and several other distros) don't follow it. Thanks for the note.

By default /boot is not empty, so it is mounted under /efi. And it is not mounted because the kernel is installed there (not the UKI).

@lumag

Copy link
Copy Markdown
Contributor

I checked, the generated image contains a proper ESP data under /boot (including the loader and loader entries). I wonder if we should be using that instead of our efi.bin

@ricardosalveti

Copy link
Copy Markdown
Contributor Author

Interesting. So, e.g. Debian (and several other distros) don't follow it. Thanks for the note.

Most distros are probably mounting at a different location via fstab, probably decided before the discoverable spec, which we are using here.

@ricardosalveti

Copy link
Copy Markdown
Contributor Author

I checked, the generated image contains a proper ESP data under /boot (including the loader and loader entries). I wonder if we should be using that instead of our efi.bin

You mean the /boot folder in the rootfs? UKI shouldn't be there as it is created at the image level there.

@lumag

Copy link
Copy Markdown
Contributor

I checked, the generated image contains a proper ESP data under /boot (including the loader and loader entries). I wonder if we should be using that instead of our efi.bin

You mean the /boot folder in the rootfs? UKI shouldn't be there as it is created at the image level there.

Yes, it's not our UKI, it's just UEFI Image / Image.gz

On EFI machines the system boots from the ESP partition via UKIs, so
the kernel and boot loader entries staged in /boot of the rootfs are
never used. Worse, a non-empty /boot prevents systemd from mounting
the ESP there at runtime.

Empty /boot at rootfs postprocess time, keeping the directory itself
as the mountpoint. Guard on the efi machine feature, matching the ESP
image's own gating, since on non-EFI machines /boot may be the real
boot path.

This also aligns the regular images with the OTA-enabled ones, where
meta-updater already splits the boot content out of the rootfs and
ships an empty /boot. The cleanup is a no-op for the sota pipeline,
which discards the rootfs /boot content on its own.

Signed-off-by: Ricardo Salveti <ricardo.salveti@oss.qualcomm.com>
@ricardosalveti

Copy link
Copy Markdown
Contributor Author

Yes, it's not our UKI, it's just UEFI Image / Image.gz

Yeah, it is basically ignored with our current setup, not only because we're creating our own esp partition, but because UKI is not properly integrated in oe-core yet.

rsalveti@evatuf:~/build/qualcomm-linux/build/tmp/work/qcs9100_ride_sx-qcom-linux/qcom-console-image/1.0/rootfs$ cat boot/loader/loader.conf
# Automatically created by OE
default boot.conf
timeout 10
rsalveti@evatuf:~/build/qualcomm-linux/build/tmp/work/qcs9100_ride_sx-qcom-linux/qcom-console-image/1.0/rootfs$ cat boot/loader/entries/boot.conf
title boot
linux /Image
options LABEL=boot  root=/dev/sda2
rsalveti@evatuf:~/build/qualcomm-linux/build/tmp/work/qcs9100_ride_sx-qcom-linux/qcom-console-image/1.0/rootfs$ find boot/
boot/
boot/loader
boot/loader/loader.conf
boot/loader/entries
boot/loader/entries/boot.conf
boot/Image.gz
boot/Image.gz-6.18.30-g360986b713f8-dirty
boot/vmlinux
boot/Image-6.18.30-g360986b713f8-dirty
boot/EFI
boot/EFI/BOOT
boot/EFI/BOOT/bootaa64.efi
boot/Image

It is just using disk space at this point, and by removing the content systemd will automatically mount our esp partition in /boot (same as done with the sota variant).

I agree the right solution is to fix oe-core itself, will try to investigate this issue later.

# empty mountpoint and systemd can mount the ESP there at runtime.
clean_boot_mountpoint() {
if [ -d ${IMAGE_ROOTFS}/boot ]; then
find ${IMAGE_ROOTFS}/boot -mindepth 1 -delete

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be easier to:

clean_boot_mountpoint() {
    rm -rf "${IMAGE_ROOTFS}/boot"
    mkdir "${IMAGE_ROOTFS}/boot"
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants