GnomeOS (sysupd) - sd-boot does not show entries on boot, bootctl does,

TheGreatDeadOne · September 9, 2024, 1:03pm

bootctl status:

System:
      Firmware: UEFI 2.70 (American Megatrends 5.17)
 Firmware Arch: x64
   Secure Boot: disabled
  TPM2 Support: yes
  Measured UKI: yes
  Boot into FW: supported

Current Boot Loader:
      Product: systemd-boot 256-1912-g887a18b-g887a18b
     Features: ✓ Boot counting
               ✓ Menu timeout control
               ✓ One-shot menu timeout control
               ✓ Default entry control
               ✓ One-shot entry control
               ✓ Support for XBOOTLDR partition
               ✓ Support for passing random seed to OS
               ✓ Load drop-in drivers
               ✓ Support Type #1 sort-key field
               ✓ Support @saved pseudo-entry
               ✓ Support Type #1 devicetree field
               ✓ Enroll SecureBoot keys
               ✓ Retain SHIM protocols
               ✓ Menu can be disabled
               ✓ Boot loader sets ESP information
         Stub: systemd-stub 256-1912-g887a18b-g887a18b
     Features: ✓ Stub sets ESP information
               ✓ Picks up credentials from boot partition
               ✓ Picks up system extension images from boot partition
               ✓ Picks up configuration extension images from boot partition
               ✓ Measures kernel+command line+sysexts
               ✓ Support for passing random seed to OS
               ✓ Pick up .cmdline from addons
               ✓ Pick up .cmdline from SMBIOS Type 11
               ✓ Pick up .dtb from addons
          ESP: /dev/disk/by-partuuid/b9ba4ff2-017f-4eec-8323-e9e52fe610ea
         File: └─/EFI/SYSTEMD/SYSTEMD-BOOTX64.EFI

Random Seed:
 System Token: set
       Exists: yes

Available Boot Loaders on ESP:
          ESP: /efi (/dev/disk/by-partuuid/b9ba4ff2-017f-4eec-8323-e9e52fe610ea)
         File: ├─/EFI/systemd/systemd-bootx64.efi (systemd-boot 256-1912-g887a18b-g887a18b)
               ├─/EFI/BOOT/BOOTX64.EFI (systemd-boot 256-1912-g887a18b-g887a18b)
               ├─/EFI/BOOT/fbx64.efi
               └─/EFI/BOOT/mmx64.efi

Boot Loaders Listed in EFI Variables:
        Title: Linux Boot Manager
           ID: 0x0005
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/b9ba4ff2-017f-4eec-8323-e9e52fe610ea
         File: └─/EFI/SYSTEMD/SYSTEMD-BOOTX64.EFI

        Title: org.gnome.os
           ID: 0x0000
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/b9ba4ff2-017f-4eec-8323-e9e52fe610ea
         File: └─/EFI/ORG.GNOME.OS/SHIMX64.EFI

        Title: UEFI OS
           ID: 0x0001
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/b9ba4ff2-017f-4eec-8323-e9e52fe610ea
         File: └─/EFI/BOOT/BOOTX64.EFI

Boot Loader Entries:
        $BOOT: /efi (/dev/disk/by-partuuid/b9ba4ff2-017f-4eec-8323-e9e52fe610ea)
        token: user

Default Boot Loader Entry:
         type: Boot Loader Specification Type #1 (.conf)
        title: gnomeos_nightly.conf
           id: gnomeos_nightly.conf
       source: /efi//loader/entries/gnomeos_nightly.conf
      options: mitigations=off amd_pstate=active

/proc/cmdline:

rw quiet splash mount.usrflags=ro mount.usrfstype=squashfs lockdown=confidentiality systemd.firstboot=no usrhash=d5c85b6485eacb185ce58c1dabea59dea7ed101ccd49738e5e0ca5be0ff3f343

dmesg:

[    0.000000] Linux version 6.9.12 (tomjon@buildbox) (gcc (GCC) 14.1.0, GNU ld (GNU Binutils) 2.43) #1 SMP PREEMPT_DYNAMIC Thu Nov 10 15:00:00 UTC 2011
[    0.000000] Command line: rw quiet splash mount.usrflags=ro mount.usrfstype=squashfs lockdown=confidentiality systemd.firstboot=no usrhash=d5c85b6485eacb185ce58c1dabea59dea7ed101ccd49738e5e0ca5be0ff3f343

files in /efi


/efi/EFI:
BOOT  Linux  org.gnome.os  systemd

/efi/loader:
credentials  entries  entries.srel  keys  loader.conf  random-seed

/efi/loader/entries:

gnomeos_nightly.conf

gnomeos_nightly.conf:

[root@gnomeos entries]# cat gnomeos_nightly.conf 
options mitigations=off amd_pstate=active

loader.conf:

default gnomeos_nightly.conf
timeout 5
editor yes
console-mode keep

Creating and editing /etc/kernel/cmdline also does not work.

valentindavid · September 9, 2024, 2:19pm

I am not sure what this entry is. But we do not use that format since we use UKIs.
If you want to add kernel parameters you will need to add an addon UKI. You can make this with ukify. Then put it in /loader/addons. You will need to sign it with your MOK if you use secure boot. You can find this information in the man page of systemd-stub. Look for “addon”.

TheGreatDeadOne · September 9, 2024, 2:34pm

I didn’t know it was UKI. That explains a lot.

/efi/loader/entries is the default for sd-boot.

TheGreatDeadOne · September 9, 2024, 3:15pm

I forgot to mention that in the VM I can change kernel parameters via gnomeos_nigthly.conf

valentindavid · September 9, 2024, 4:03pm

That is probably with the ostree version. Even on a VM, the sysupdate version uses UKI. I you need to inject kernel parameters to a VM, I recommend using smbios type 11 instead.

TheGreatDeadOne · September 9, 2024, 10:23pm

It’s actually quite simple because in my case I have SB disabled (I also didn’t know that ukify could now generate UKI). Thanks!

system · October 24, 2024, 10:24pm

This topic was automatically closed 45 days after the last reply. New replies are no longer allowed.