On Tue, Jul 6, 2021 at 12:54 PM Brian C. Lane <bcl@xxxxxxxxxx> wrote: > > On Sat, Jul 03, 2021 at 08:36:54AM -0400, Neal Gompa wrote: > > Hey all, > > > > As a follow up to Chris' thread on hybrid BIOS/UEFI images[1], it was > > pointed out that in order to build images that actually boot, I need > > to make sure that the protective MBR boot flag isn't set. To implement > > this for Fedora Cloud images, I'm using parted in %post[2]. However, > > that has a major problem: I don't necessarily know what the block > > device name is going to be. I'm making an educated guess, but for > > third parties attempting to rebuild our images, that guess may be > > wrong. > > > > What I'd like to see is the clearpart command getting a > > --no-gpt-pmbr-boot-flag or similar that would allow me to do this > > without having to write a magic snippet that includes a guess on how > > this works. > > > > I imagine this would also be useful for RHEL/CentOS 9, since it would > > simplify making hybrid boot images. > > > > What do y'all think? > > I really don't want to add new flags to pykickstart for every corner > case, so I think this needs to be fixed some other way. > > blivet is what's actually responsible for setting this, see: > > https://github.com/storaged-project/blivet/blob/98e436074345974ab1f793f521f0483bdb6d3ba9/blivet/formats/disklabel.py#L187 > > so changing that isn't a simple change. > > If I understand the issue, it's that KVM's UEFI firmware isn't booting > with this set? This seems strange, since it looks like pmbr_boot is > always set by blivet for non-mac UEFI installs, and it has been this way > for a considerable amount of time. > > More importantly, the UEFI specification specifically states that UEFI > firmware is to ignore the flag (it's called 'BootIndicator' in the > spec) so if the firmware isn't recognizing it because of that flag it is > a bug. > It is a bug, and I just fixed it in EDK2 upstream: https://github.com/tianocore/edk2/commit/b3db0cb1f8d163f22b769c205c6347376a315dcd But that doesn't change the ~10 years of UEFI firmware that don't support this properly. -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ Anaconda-devel-list mailing list Anaconda-devel-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/anaconda-devel-list
