talos icon indicating copy to clipboard operation
talos copied to clipboard
verified publisher icon siderolabs

Set EFIvars after talos install

Open frezbo opened this issue 2 years ago • 7 comments

Feature Request

Set EFI vars to denote the EFI to use sd-boot after talos install is done

We need to write the BootOrder EFI var and set to sd-boot path

Using <boot>/EFI/BOOT/BOOTX64.EFI should in theory should be only used for booting from readonly media (we would still need it for metal image and iso, since we don't have access to efivar store when creating them)

Check the Fallback path' UEFI native boot entries section in https://www.happyassassin.net/posts/2014/01/25/uefi-boot-how-does-that-actually-work-then/

frezbo avatar May 25 '23 09:05 frezbo

Server providers like Hetzner strongly recommend against changing the boot order as their rescue systems rely on PXE always being the first option, so this should be configurable if implemented.

netthier avatar May 26 '23 12:05 netthier

Server providers like Hetzner strongly recommend against changing the boot order as their rescue systems rely on PXE always being the first option, so this should be configurable if implemented.

this is for secureboot only, not normal talos installs

frezbo avatar May 26 '23 12:05 frezbo

Mostly done by #7375

frezbo avatar Jun 21 '23 21:06 frezbo

Server providers like Hetzner strongly recommend against changing the boot order as their rescue systems rely on PXE always being the first option, so this should be configurable if implemented.

i looked into this, seems all normal OS does set the BootOrder EFI var

frezbo avatar Jun 26 '23 09:06 frezbo

I have contacted Hetzner Support for clarification and they've written the following:

Is it correct that boot order may not be changed in order for the rescue system to continue working as intended?

Yes

What happens if an OS changes the BootOrder EFI var during installation such that it boots before PXE?

In this case you need to adapt the boot order using the tool "efibootmgr".

The installer images provided by Hetzner themselves do not modify the boot order, and judging by that response it has to be reverted should it be changed. The rescue system there functions by always having the server boot PXE first, continuing to local boot if the rescue system is disabled or booting via network if it's enabled. (Note: This is all about their bare-metal servers, not their VPSes)

netthier avatar Jun 26 '23 11:06 netthier

(Note: This is all about their bare-metal servers, not their VPSes)

interesting, but what about if someone boots an os not provided by Hetzner, I guess it's upto user to manage that then, Anyways Talos will follow the standard OS practice. Hetzner probably needs special user interaction.

frezbo avatar Jun 26 '23 11:06 frezbo

This issue is stale because it has been open 180 days with no activity. Remove stale label or comment or this will be closed in 7 days.

github-actions[bot] avatar Jul 01 '24 01:07 github-actions[bot]

This issue was closed because it has been stalled for 7 days with no activity.

github-actions[bot] avatar Jul 07 '24 01:07 github-actions[bot]