Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem:
After a fresh installation of compose RHEL-9.0.0-20210614.6 on an aarch64 system, /sys/firmware/efi/efivars is not automatically mounted, which causes a problem for example for efibootmgr:
# efibootmgr
EFI variables are not supported on this system.
# mount | grep efi
/dev/sda1 on /boot/efi type vfat (rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=winnt,errors=remount-ro)
# mount -t efivarfs efivarfs /sys/firmware/efi/efivars
# efibootmgr
BootCurrent: 0001
Timeout: 10 seconds
BootOrder: 0001,0002,0003,0004,0000
Boot0000* Fedora
Boot0001* Red Hat Enterprise Linux
Boot0002* UEFI: PXE IP4 EMAC SNP Controller
Boot0003* UEFI: Built-in EFI Shell
Boot0004* RedHat Boot Manager
#
Version-Release number of selected component (if applicable):
RHEL-9.0.0-20210614.6
systemd-248-5.el9
How reproducible:
Always on particular systems
Steps to Reproduce:
1. Install RHEL-9.0
2. Boot into the installed system
3. Run efibootmgr or check if /sys/firmware/efi/efivars is mounted
Actual results:
/sys/firmware/efi/efivars in not mounted
Expected results:
/sys/firmware/efi/efivars is mounted automatically
I also encountered this recently and today (what a coincidence) asked about /sys/firmware/efi/vars vs efivarfs on tech-list.
My efibootmgr is working, however, thanks to a /sys/firmware/efi/vars fallback:
# mount | grep efivarfs
# efibootmgr
BootCurrent: 0001
Timeout: 0 seconds
BootOrder: 0001,0002,0000,0003
Boot0000* UiApp
Boot0001* Red Hat Enterprise Linux
Boot0002* UEFI Misc Device
Boot0003* EFI Internal Shell
# strace -f efibootmgr
...
access("/sys/firmware/efi/efivars/", F_OK) = 0
statfs("/sys/firmware/efi/efivars/", {f_type=SYSFS_MAGIC, ...) = 0
openat(AT_FDCWD, "/sys/firmware/efi/vars/", ...) = 4
...
(In reply to Jiri Jaburek from comment #2)
> I also encountered this recently and today (what a coincidence) asked about
> /sys/firmware/efi/vars vs efivarfs on tech-list.
>
> My efibootmgr is working, however, thanks to a /sys/firmware/efi/vars
> fallback:
To be clear - this is x86_64 UEFI (efibootmgr working, but no efivarfs mount), whereas the OP is aarch64.
(In reply to Mark Salter from comment #7)
> Commit 963fabf37f6a has been around since 5.10-rc1, so that probably isn't
> the problem.
No, I mean, it's the reason we _don't_ see a problem on x86: RHEL9 on x86 still has the old efivars feature enabled and efibootmgr will fall back to it if efivarfs is not available. efivars is not available on ARM -- due to commit 963fabf37f6a -- so efibootmgr does not have a fallback path on ARM systems.
Note: bug 1972424 is about disabling efivars on x86 too, so when that happens, efibootmgr will fail on x86 too (unless efivarfs is manually mounted or this systemd bug is fixed).
It's hard on the eyes to tell the difference between efivars and efivarfs :-)
I've hit this bug as well on aarch64 and very unfortunate effect is that the rhts-reboot effectively cannot be used as many of the systems just boot to efishell (after unsuccessful netboot) and won't continue booting from HDD (which rhts-reboot would do by running efibootmgr -n XXXX).
I'm adding TESTBLOCKER keyword as this bug prevents way to many tests executed in Beaker cannot finish due to this bug.
Changing Hardware to All as my report in this BZ is from x86_64 (where it doesn't block anything, but is an obsolete interface) whereas others seem to be blocked on aarch64 where the same issue causes functionality breakages.
I've posted the patch upstream that changes under what conditions we mount efivarfs. Previously, we would attempt to mount the filesystem if we were compiled with EFI support and system was booted in EFI mode. However, on RHEL-9 we don't want to be compiled with EFI support (as we don't want to ship systemd-boot and bootctl) but we want to mount the efivarfs anwyway (provided that system is booted in EFI mode). First reaction of upstream to the patch was not positive but I will try to persuade the upstream developers to change their mind. Worst case we should be able to introduce this as a downstream change.
https://github.com/systemd/systemd/pull/20532
What if you build systemd with EFI support enabled, but then simply remove the systemd-boot and bootctl binaries in the spec file so we don't ship them in the rpm? That might be the simplest work around.
Pseudo-code:
%build
./configure
make
%install
make install
rm -f ${buildroot}/%{_sbindir}/systemd-boot
rm -f ${buildroot}/%{_sbindir}/bootctl
...
Other rpms do this, so there is precedent. For example, from strace.spec:
%install
make DESTDIR=%{buildroot} install
...
# remove unpackaged files from the buildroot
rm -f %{buildroot}%{_bindir}/strace-graph
...