View previous topic :: View next topic |
Author |
Message |
pc_user4 n00b
Joined: 14 Sep 2023 Posts: 15
|
Posted: Fri Sep 15, 2023 12:32 pm Post subject: Messed up separating /boot and ESP |
|
|
I will preface by saying this is not a systemd-boot problem, my systemd-boot is working great so no worries if you are unfamiliar.
Typically in other distros I have had /boot/EFI/ on its own vfat partition, and the Wiki page on systemd-boot (https://wiki.gentoo.org/wiki/Systemd/systemd-boot) says to mount ESP at /boot/efi, so when I first chrooted into my system, I mounted ESP to /boot/efi.
Then when my system was not booting I realized I had another EFI folder inside that one (/boot/efi/EFI) and some other files that were supposed to be in ESP such as the ESP/loader/entries/ directory were really in /boot. I had to mount the ESP at /boot in fstab and then the system booted and worked just fine.
The AMD64 install wiki has you mount ESP to /efi, but I totally overlooked this - though even if I hadn't, I suppose I already would have been trying to work with it at /boot/efi.
Just to get things working I copied files from /boot into /boot/efi that needed to be there, as well as moving files from /boot/efi/EFI into /boot/efi as they should be. The system works perfectly now. But i know I shouldn't have my whole /boot in the vfat partition dedicated to ESP..... is it safe to move everything not in /boot/efi back into the root partition, and modify my fstab to mount ESP to /boot/efi? And are there any permissions etc I need to fix that may have been lost copying /boot files from xfs into vfat which I would need to restore when moving them back into the xfs root partition? |
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3448
|
Posted: Fri Sep 15, 2023 12:54 pm Post subject: |
|
|
Quote: | But i know I shouldn't have my whole /boot in the vfat partition dedicated to ESP..... |
Why?
Quote: | is it safe to move everything not in /boot/efi back into the root partition, and modify my fstab to mount ESP to /boot/efi? |
Yes. At least as long as your efi loader understands your new FS on /boot.
Quote: | And are there any permissions etc I need to fix that may have been lost copying /boot files from xfs into vfat which I would need to restore when moving them back into the xfs root partition? | Bootloaders have no concept of users and permissions.
Other than that, everything under /boot is owned by root. I'm going to congratulate you if you manage to actually mess it up.
Do you actually have a reason to split /boot into /boot and EFI?
EFI _is_ the new /boot. It serves the same purpose, making /boot redundant. Unless you have a particular reason to separate boot and efi, just format /boot as vfat and mark it as efi boot partition. |
|
Back to top |
|
|
pietinger Moderator
Joined: 17 Oct 2006 Posts: 5145 Location: Bavaria
|
|
Back to top |
|
|
sMueggli Guru
Joined: 03 Sep 2022 Posts: 500
|
Posted: Fri Sep 15, 2023 2:10 pm Post subject: |
|
|
szatox wrote: | Bootloaders have no concept of users and permissions.
Other than that, everything under /boot is owned by root. I'm going to congratulate you if you manage to actually mess it up.
|
Ownership is a feature of the filesystem and not of /boot. If /boot is using FAT32, then the files do not have owners (they are emulated). See also https://learn.microsoft.com/en-us/windows/win32/fileio/filesystem-functionality-comparison.
szatox wrote: | EFI _is_ the new /boot. It serves the same purpose, making /boot redundant. Unless you have a particular reason to separate boot and efi, just format /boot as vfat and mark it as efi boot partition. |
No, EFI is the successor of the BIOS (firmware) and has also a new way to boot systems. The main purpose of the ESP is to replace the old MBR (Master boot record with exactly one bootloader) to allow having several bootloaders. EFI also allows to boot other binaries and is not limited to bootloaders. It is possible to boot the kernel directly without a bootloader and for this purpose some people find it easier to use the ESP also as /boot.
But it is not a goal of the ESP to make /boot redundant. And it is also not a goal to share the same /boot partition with all Linux systems. The ESP is not meant to be part of the operating system. If you want a Full Disk Encryption you would need an ESP and a separate and encrypted /boot. Otherwise the Disk Encryption is not really Full.
And https://uapi-group.org/specifications/specs/boot_loader_specification/#mount-points makes it also clear, that /boot and /efi are two different mountpoints for two different purposes. Both mountpoints are under / and avoid any problems with nested mounting (first /boot and second /boot/efi). |
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3448
|
Posted: Fri Sep 15, 2023 3:27 pm Post subject: |
|
|
sMueggli, I know.
You're technically not wrong, but it wasn't my point and it's not what OP asked about.
Let's give him some time to deal with the issue at hand.
pietinger wrote: | szatox wrote: | EFI _is_ the new /boot. [...] |
YES ... but is very new ... it has started before two days (in Gentoo) ... |
I'll take your word on it. Haven't checked the docs for a very long time. To me, it's been this way as a concept for years. Understanding is better than docs, though well written docs do help with understanding, a lot. |
|
Back to top |
|
|
pietinger Moderator
Joined: 17 Oct 2006 Posts: 5145 Location: Bavaria
|
Posted: Fri Sep 15, 2023 4:01 pm Post subject: |
|
|
I have a feeling we have a misunderstanding ...
I dont have talked about /boot or /boot/efi or /boot/efi/gentoo or /boot/efi/efi/gentoo ...
It is the NEW /efi ... directly in our root-filesystem ... at the moment you also must create this directory manually (because no updated GentooInstallCD).
See in our updated (yesterday) AMD64 handbook:
https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Base#UEFI_systems
=>
|
|
Back to top |
|
|
pc_user4 n00b
Joined: 14 Sep 2023 Posts: 15
|
Posted: Fri Sep 15, 2023 4:15 pm Post subject: |
|
|
Thank you for the clarification, everyone! (by the way, I'm she/her.) Yes, when I opened the handbook just a couple days ago, it hadn't listed /efi yet but it does now
No problems at all - I unmounted ESP, made the /efi directory, changed fstab so ESP was mounted to /efi instead of /boot, and since I'm using systemd-boot, ran bootctl --esp-path=/efi install to be sure the bootloader knew where to look, rebooted, and everything worked just as it should
I'm glad this change was made, since it easily got messy if /boot and /boot/efi were on separate partitions, having /efi as its own root directory is much better, in my view.
A side note: if /efi is going to be where /boot used to be, perhaps this line in the handbook needs to be changed as well, if i'm not misunderstanding? "....First create a small EFI system partition, which will also be mounted as /boot..." under the section Creating the EFI System Partition (ESP). Similarly, the systemd-boot wiki page makes numerous references to /boot/efi which I imagine should be updated. |
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3448
|
Posted: Fri Sep 15, 2023 4:33 pm Post subject: |
|
|
Quote: | It is the NEW /efi ... directly in our root-filesystem |
Ah, that's what you meant. Yes, moving /boot/efi to /efi is something new to me.
Looks like grub users will have to look out for bootloader updates. Running refind, I suppose I can just ignore it.
Quote: | (by the way, I'm she/her.) | Live that garbage out.
Quote: | No problems at all - I unmounted ESP, made the /efi directory, changed fstab so ESP was mounted to /efi instead of /boot, and since I'm using systemd-boot, ran bootctl --esp-path=/efi install to be sure the bootloader knew where to look, rebooted, and everything worked just as it should | Good job |
|
Back to top |
|
|
eeckwrk99 Apprentice
Joined: 14 Mar 2021 Posts: 231 Location: Gentoo forums
|
Posted: Sat Sep 16, 2023 7:23 am Post subject: |
|
|
pietinger wrote: | I have a feeling we have a misunderstanding ...
I dont have talked about /boot or /boot/efi or /boot/efi/gentoo or /boot/efi/efi/gentoo ...
It is the NEW /efi ... directly in our root-filesystem ... at the moment you also must create this directory manually (because no updated GentooInstallCD).
See in our updated (yesterday) AMD64 handbook:
https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Base#UEFI_systems
=>
|
Wouldn't mounting the ESP to /efi instead of /boot complicate things with encrypted installs, considering the kernels and the initramfs are placed in the /boot directory of the encrypted root partition? |
|
Back to top |
|
|
lekto Apprentice
Joined: 20 Sep 2014 Posts: 209 Location: Ancient Rome
|
Posted: Sat Sep 16, 2023 8:14 am Post subject: |
|
|
eeckwrk99 wrote: | pietinger wrote: | I have a feeling we have a misunderstanding ...
I dont have talked about /boot or /boot/efi or /boot/efi/gentoo or /boot/efi/efi/gentoo ...
It is the NEW /efi ... directly in our root-filesystem ... at the moment you also must create this directory manually (because no updated GentooInstallCD).
See in our updated (yesterday) AMD64 handbook:
https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Base#UEFI_systems
=>
|
Wouldn't mounting the ESP to /efi instead of /boot complicate things with encrypted installs, considering the kernels and the initramfs are placed in the /boot directory of the encrypted root partition? |
If root partition is unreadable by bootloader, kernel shouldn't be stored there. Instead there should be a separate /boot partition that is readable by bootloader. At least this is how I understand it. |
|
Back to top |
|
|
sMueggli Guru
Joined: 03 Sep 2022 Posts: 500
|
Posted: Sat Sep 16, 2023 12:54 pm Post subject: |
|
|
eeckwrk99 wrote: | Wouldn't mounting the ESP to /efi instead of /boot complicate things with encrypted installs, considering the kernels and the initramfs are placed in the /boot directory of the encrypted root partition? |
It depends.
The ESP cannot be encrypted because the firmware (UEFI) must be able to access, read and load the EFI binary. If the EFI binary is an EFI stub kernel, then you cannot encrypt the kernel. But if the EFI binary is a bootloader, you can encrypt the kernel and initramfs.
If you are using a bootloader you can mount the ESP to /boot/efi or /efi or whatever you like. The ESP is mounted to be able to write new EFI binaries to the ESP, but is not needed otherwise by the operating system.
If you are using/abusing the ESP as /boot, you have to ask yourself which kind of encryption you want: Full Disk Encryption with encrypted kernel and initramfs, an "Almost Full Disk Encryption" with unencrypted kernel and initramfs or an partially encrypted system (e.g. just the data). |
|
Back to top |
|
|
pietinger Moderator
Joined: 17 Oct 2006 Posts: 5145 Location: Bavaria
|
|
Back to top |
|
|
pc_user4 n00b
Joined: 14 Sep 2023 Posts: 15
|
Posted: Sat Sep 16, 2023 2:49 pm Post subject: |
|
|
sMueggli wrote: | If you are using/abusing the ESP as /boot... |
This is more or less the real point I wanted to address when making the thread, because when I realized my files inside /boot had become unorganized, I simply copied everything in there into the ESP as there was plenty of space remaining. Now I realize I have some old stuff in there such as initramfs images from old kernel versions which I don't need, and am assuming won't get purged automatically - and according to the information provided in pietinger's new article, it appears to confirm that the ESP only really needs to have a few files present, so I can comfortably delete the rest.
I do make backups of the root partition regularly in case I mess something up (or break everything with a bad @world update) so it wouldn't have been the end of the world if I removed more than I needed to, but it's better to know & understand why we do something. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20488
|
Posted: Sat Sep 16, 2023 8:07 pm Post subject: |
|
|
Non-technical posts have been moved. _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
|