Description of problem: Currently, package grub2-efi-x64 is only installed on Satellite/Capsule if the TFTP feature is enabled. However, this package is important for the generation of bootdisks for EFI systems, which can be done without having TFTP. I understand this is a design choice. Reporting the BZ so we can consider changing it and having the package installed all the time. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Install a satellite server, don't enable TFTP. 2. Check the presence of the package grub2-efi-x64 (it won't be there, assuming the server where Satellite is installed is using BIOS) Actual results: Only install grub2-efi-x64 when we enable TFTP Expected results: Have the package grub2-efi-x64 installed at all times Additional info: Issues observed due to the lack of this package is linked to UEFI+SecureBoot usage. Boot disk image is created, but fails to boot on Secure Boot enabled systems. Issue is that file /boot/efi/EFI/redhat/grubx64.efi is not present (because it's provided by the package in question). I'm not sure how the file grubx64.efi is created on those circumstances, but it lacks instructions to properly boot with SecureBoot. Having the package grub2-efi-x64 installed manually, allow generated bootdisk images to boot with SecureBoot properly. Enabling the tftp feature also solves the issue, however it may be desired for customer to not have tftp enabled and use only bootdisks.
Given the bootdisk also requires it, that plugin should receive an update to require it.
Upstream bug assigned to ekohlvan
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/36223 has been resolved.