kairos
kairos copied to clipboard
kairos-io
[RPI] EFI booting no longer supported on kernels shipped with ubuntu > 22.04
For some reason, the efi booting stuff was disabled on the upstream ubuntu kernel packages for raspi:
commit: https://git.launchpad.net/ubuntu/+source/linux-raspi/commit/?h=applied/ubuntu/devel&id=0d02ca7853f4e487ff8b912b0d1d43ceb31a528b
Change:
diff --git a/debian.raspi/config/annotations b/debian.raspi/config/annotations
index 5fddd3c1a9..136d8cf4af 100644
-CONFIG_EFI policy<{'arm64': 'y', 'armhf': 'n'}> note<'Not supported on Pi'>
+CONFIG_EFI policy<{'arm64': 'n', 'armhf': 'n'}> note<'Not supported on Pi'>
What this means is that for our usecase, we would not be able to boot with our current method uboot -> arm64 fallback file (grub) -> kernel as grub complains that the kernel doesnt have the required CONFIG_EFI_STUB option, which is true.
We should probably ask upstream why was this disabled and if they can enable it again, as it was enabled up to kernel 6.5.0-1001.1 with no apparent issues (could not find any bugs related to this)
one (hackish) way would be to use different kernels (even vanilla..) but this is not easy to maintain in the long run.
Probably upstream needs to be educated that actually works on PI (given their note "Not supported on Pi"), as u-boot > GRUB is quite uncommon.
However for now we can block RPI4 support for ubuntu >22.04 as currently there are no requests around that.
shoot, what does that mean, no RPI Ubuntu ? so strange since they offer an Ubuntu RPi release themselves
Yeah but our boot method is different I guess? @mudler probably know of the difference between the normal boot and our boot process, so maybe we need to change our boot process to be close to upstream for this.
@kairos-io/maintainers should we stop producing Ubuntu RPi artifacts for 23+? IMO it is weird that we produce an artifact if we know it will not work, and have to keep adding a notice on the release
as last resort we should try https://github.com/pftf/RPi4 + systemd-boot with type 1 stuff to see if it works that way and its only grub the one being obtuse about it.
nah, I played wiht it, it would require waaaay to many changes to our current implementation of the boot process just for ubutu rpi :(
IMO, we stop producing rpi artifacts for ubuntu and point to the upstream bug. If people really want it they can go to the ticket and comment on it so maybe ubuntu would reconsider increasing the kernel size by 8Kb due to that config. (I can understand the increase in surface attack....mostly....the other 99% of kernels out there have it already enbabled but whatever...)
It is too bad that the upstream taking that decision. :( However, people play with uboot probably have good knowledge with re-configuring kernel on their own. Maybe we could just update the docs, explaining how kairos is dealing with u-boot based modes, like Jetson, RPI, etc. It would be even better to add some instructions, helping developer to enable their board with KairOS, which will bring KairOS to much larger user base.
I know little in the area. However, I've tried to absorb some knowledge from your guys discussion and compose a list here. To have kairOS work with any boards, what is needed:
- Developer need to ship the uboot for their boards with UEFI support, detail instructions can be found at https://github.com/u-boot/u-boot/blob/master/doc/develop/uefi/uefi.rst
- Pack the firmware for the board with package manager tools, like rpm, deb, apk, etc.
- Build a custom kernel with necessary drivers and configs, especially
CONFIG_EFI_STUB=yand pack it as above.
After this, KairOS can launch with uboot in EFI mode, which in turn runs grub.efi and then we load our grub entries from there.
Not sure if this makes sense. If yes, I can create a PR for the docs.
yaha, we actually already have a doc for this https://kairos.io/docs/development/nvidia/