Bug 2140462
Summary: | Anaconda uses the wrong filesystem for the EFI System Partition on intel mac models after 2018. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | sharpenedblade |
Component: | python-blivet | Assignee: | Vojtech Trefny <vtrefny> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 36 | CC: | anaconda-maint-list, blivet-maint-list, dlehman, japokorn, jonathan, kellin, mkolman, redecorating, rvykydal, tbzatek, vanmeeuwen+fedora, vponcova, vslavik, vtrefny, w |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | python-blivet-3.7.0-1.fc38 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2023-02-08 13:18:38 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
sharpenedblade
2022-11-06 22:46:25 UTC
A bit more context/detail: On Macs with the T2 security chip there's secure boot that only allows macOS and Windows. Users can disable this (set to "No Security"), but the firmware will still enforce secure boot on HFS and APFS partitions unconditionally, so Linux cannot boot when its EFI boot loader is on one of those partition types. When the bootloader is installed to a FAT partition, secure boot isn't enforced and Linux can boot. Because Fedora puts the bootloader on a HFS partition for all Apple computers, on T2 Apple computers users get sent into macOS Recovery and are unable to boot Fedora. Some things that could be used to detect T2 Macs are: The presence of any of these pcie devices: 04:00.0 Mass storage controller [0180]: Apple Inc. ANS2 NVMe Controller [106b:2005] (rev 01) 04:00.1 Non-VGA unclassified device [0000]: Apple Inc. T2 Bridge Controller [106b:1801] (rev 01) 04:00.2 Non-VGA unclassified device [0000]: Apple Inc. T2 Secure Enclave Processor [106b:1802] (rev 01) 04:00.3 Multimedia audio controller [0401]: Apple Inc. Apple Audio Device [106b:1803] (rev 01) The DMI product names mentioned here https://lore.kernel.org/all/9D46D92F-1381-4F10-989C-1A12CD2FFDD8@live.com/ Probably the presence of these efivars ("BridgeOS" is what the T2 chip runs): BridgeOSBootSessionUUID-4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14 BridgeOSGestaltKeys-4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14 BridgeOSHardwareModel-4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14 BridgeOSNVRAMGeneration-94b73556-2197-4702-82a8-3e1337dafbfb BridgeOSPanicWatchdogEnabled-4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14 BridgeOSVersion-4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14 Also there is the 2017 iMacPro1,1 that has the T2 chip, and 2019 iMac19,1/iMac19,2 that don't have the T2 chip so setting all macs manufactured after 2018 as T2 probably won't get it right all the time. Merging https://github.com/storaged-project/blivet/pull/1090 would solve this bug. The fix was merged in the blivet 3.7 branch, can it be back ported to older versions. It doesnt need any changes, just git apply the patch for the commit. Thank you for the fix, we plan to release blivet 3.7.0 in time for Fedora 38. We are usually not backporting bug fixes to older Fedora releases because installation media are not updated, but if you have a use case that needs backporting to 37 or 36 we can definitely do that. For the hardware this affects, we have to build a kernel with out-of-tree patches anyways, so I manually added the patches to blivet. It doesn't really affect people using the default ISO because you cant install using it anyways, so I think we dont need to backport this. Ok, thanks. I'm moving this back to POST for tracking -- I want to let Bodhi close this when we actually release and build the correct version of blivet for 38. Blivet 3.7.1 is in Fedora 38 stable. |