From nobody Tue Aug 16 17:18:52 2022
X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M6dD90bxcz4YwX1
	for <freebsd-current@mlmmj.nyi.freebsd.org>; Tue, 16 Aug 2022 17:19:05 +0000 (UTC)
	(envelope-from wlosh@bsdimp.com)
Received: from mail-vs1-xe34.google.com (mail-vs1-xe34.google.com [IPv6:2607:f8b0:4864:20::e34])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4M6dD83Rvhz3pFY
	for <freebsd-current@freebsd.org>; Tue, 16 Aug 2022 17:19:04 +0000 (UTC)
	(envelope-from wlosh@bsdimp.com)
Received: by mail-vs1-xe34.google.com with SMTP id q190so10787958vsb.7
        for <freebsd-current@freebsd.org>; Tue, 16 Aug 2022 10:19:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=bsdimp-com.20210112.gappssmtp.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc;
        bh=py2lewyLOzuL8nqYpLUAp7No2N65hEP1IdPUCKOsix0=;
        b=a8Gcn9M6yPODCfyxKtzcCHMwrp4Apch/mNS3hcSYBulQLQkzEN0i9D0uBV1WV5MQqb
         fBYgk5ESLS4G8y3PymPD+R7FxzQ0NqmWag0dY8g4PABfFve3Y7O3rppNcsMOas9v9IZH
         YdfQaDlZxoCHlg8sSB+MoNatHbeTHvSxzeexL0vFVHI4BNjqHnMqM6wKa6uIziBKjiFh
         ww4syW+mL6HAfqZ97YZNowS0LRC0INjxxMk/BBPFxG4lJJF1wdEMu1gAM6/gjRCILjFi
         5Aws8acohTt9ixlSve2WLfG4QbQLV/wrNEsyvnF13JRn6Em89WsF4c5FLXHtVLKW9gFZ
         HCUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc;
        bh=py2lewyLOzuL8nqYpLUAp7No2N65hEP1IdPUCKOsix0=;
        b=XdYNpqsYx6ZjkKXg2QUDFm9Gw0oyETxYOwj0BcK5ZeO3OzFH6Q5maifIAA0fLM5Wi6
         1IcHQbSKKwltGPvt0a+TcceCbQPuo7HwYMAo8El45cMEZefgIBin/rAEWHPji+97qxeI
         +mfnJadi3ghZ1FKfSK4kk0Ihs7ZFf2p4q8BUnCwpUFt2b93iOfnL3RqDGG+VqC+SPDMR
         +XbD+tIsm84vqaxQRIyTqetURcU5VB7WDk28dybR9jlwL3QX4zHlskArKof1jhKV7DeZ
         YWum0i8Y6OXwFhGrhMhhLox1eKWcwCDC82UrcyTa7zuftb5uWHXk4OSMVNbDDXvnNARj
         OGAQ==
X-Gm-Message-State: ACgBeo1Z77e9tHaLWkq0VVWLFPGPa28Ht2PE2LPxtOm+5ynzD1mgAdqo
	I/nsOZ8vwHPz/0BA44dTKuVSbNDkZC1yBakoLQSqqwhifDA=
X-Google-Smtp-Source: AA6agR5A519u0q9VSlrbyv1W1aTSwQ8FQTUD7n3D2uzAmgGj8QvlFGI1cSI3u4W3h00nTHunZ/k9H84okq4cSIWoYRk=
X-Received: by 2002:a67:fdce:0:b0:388:485c:889c with SMTP id
 l14-20020a67fdce000000b00388485c889cmr8463950vsq.38.1660670343681; Tue, 16
 Aug 2022 10:19:03 -0700 (PDT)
List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-current
List-Help: <mailto:freebsd-current+help@freebsd.org>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Subscribe: <mailto:freebsd-current+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@freebsd.org>
Sender: owner-freebsd-current@freebsd.org
MIME-Version: 1.0
References: <CAFDf7UJv9QCuD27XDs2ihLiN21Rn6PeZjbJtWVOAAfHb8HHnHw@mail.gmail.com>
 <62B26DE1-0E26-40BA-8647-E591E9ACEB7A@me.com> <CAFDf7UJrnL0RrPyto07-THmhPSBF+pbgqMmj+MmjUZpDotvjXQ@mail.gmail.com>
In-Reply-To: <CAFDf7UJrnL0RrPyto07-THmhPSBF+pbgqMmj+MmjUZpDotvjXQ@mail.gmail.com>
From: Warner Losh <imp@bsdimp.com>
Date: Tue, 16 Aug 2022 11:18:52 -0600
Message-ID: <CANCZdfrUGxxXUrXPZ+9jHufQQaJdRQa2nVWviKOJzX+2mzJAvg@mail.gmail.com>
Subject: Re: 24.3. Updating Bootcode
To: Nuno Teixeira <eduardo@freebsd.org>
Cc: Toomas Soome <tsoome@me.com>, FreeBSD CURRENT <freebsd-current@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000ecad7905e65ef160"
X-Rspamd-Queue-Id: 4M6dD83Rvhz3pFY
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=bsdimp-com.20210112.gappssmtp.com header.s=20210112 header.b=a8Gcn9M6;
	dmarc=none;
	spf=none (mx1.freebsd.org: domain of wlosh@bsdimp.com has no SPF policy when checking 2607:f8b0:4864:20::e34) smtp.mailfrom=wlosh@bsdimp.com
X-Spamd-Result: default: False [-3.00 / 15.00];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	FORGED_SENDER(0.30)[imp@bsdimp.com,wlosh@bsdimp.com];
	R_DKIM_ALLOW(-0.20)[bsdimp-com.20210112.gappssmtp.com:s=20210112];
	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	MLMMJ_DEST(0.00)[freebsd-current@freebsd.org];
	R_SPF_NA(0.00)[no SPF record];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	ARC_NA(0.00)[];
	RCVD_COUNT_TWO(0.00)[2];
	RCVD_TLS_LAST(0.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
	RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::e34:from];
	DKIM_TRACE(0.00)[bsdimp-com.20210112.gappssmtp.com:+];
	TO_DN_ALL(0.00)[];
	RCPT_COUNT_THREE(0.00)[3];
	FROM_HAS_DN(0.00)[];
	FROM_NEQ_ENVFROM(0.00)[imp@bsdimp.com,wlosh@bsdimp.com];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	DMARC_NA(0.00)[bsdimp.com];
	FREEMAIL_CC(0.00)[me.com,freebsd.org]
X-ThisMailContainsUnwantedMimeParts: N

--000000000000ecad7905e65ef160
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Tue, Aug 16, 2022 at 6:01 AM Nuno Teixeira <eduardo@freebsd.org> wrote:

> Hi Toomas,
>
> For better OS support, the UEFI specification (UEFI 2.8A Feb 14, page 499=
)
>> is suggesting to use structure like:
>>
>> <ESP>/efi/<OS>/=E2=80=A6
>>
>> And to use this suggestion, it means the UEFI Boot Manager needs to be
>> configured (see efibootmgr(8)).
>>
>> Therefore, once you have set up OS specific setup, there is no use for
>> default (<ESP>/efi/boot/=E2=80=A6) and you need to update one or another=
, but not
>> both.
>>
>
> FreeBSD have <ESP>/efi/freebsd/... but it's not configured in efibootmgr:
>

The current default installer will do this, but older upgraded systems
don't do this by default. Likely you are looking at an older
system and/or one of the 'bad actors' that reset this stuff between boots.


> efibootmgr -v:
> ---
> BootOrder  : 0004, 0000, 2002, 2003, 2001
> Boot0004* Windows Boot Manager
> HD(1,GPT,8c497825-1db2-41f8-8924-85dfd0bb7283,0x800,0x82000)/File(\EFI\Mi=
crosoft\Boot\bootmgfw.efi)
>                                    da0p1:/EFI/Microsoft/Boot/bootmgfw.efi
> (null)
> +Boot0000* EFI Hard Drive (SAMSUNG MZVLB1T0HBLR-000L2)
> PciRoot(0x0)/Pci(0x1d,0x0)/Pci(0x0,0x0)/NVMe(0x1,39-f9-b8-01-81-38-25-00)=
/HD(1,GPT,73acd1b2-de41-11eb-8156-002b67dfc673,0x28,0x82000)
>  Boot2002* EFI DVD/CDROM
>  Boot2003* EFI Network
>  Boot2001* EFI USB Device
> ---
> so boot is definitely using <ESP>/efi/boot/bootx64.efi @Boot0000
>

In your case, that's true. The "EFI Hard Drive" is a default entry the UEFI
BIOS created for you.


> I think I can create a new boot:
> ---
> efibootmgr -a -c -l /boot/efi/efi/freebsd/loader.efi -L FreeBSD-14
> (and make it active)
> efibootmgr -a -b NNNN
> ---
> and create other for loader.efi.old in case of problems.
>

Yes.


> In this case I will need only update <ESP>/efi/freebsd/loader.efi.
>
> Q: for what has been said in mailing, boot is compiled in /usr/src/stand,
> isn't a good idea that when it install new boot it backup old boot like
> /boot/kernel -> /boot/kernel.old?
>

Yes. In fact that's what's done, but only for the BIOS version. We should
do the same for efi but don't seem to do so currently. But that's likely
tied up behind issues of installing things automatically into the ESP on
'installworld'.

Warner

--000000000000ecad7905e65ef160
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Tue, Aug 16, 2022 at 6:01 AM Nuno =
Teixeira &lt;<a href=3D"mailto:eduardo@freebsd.org">eduardo@freebsd.org</a>=
&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px =
0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div=
 dir=3D"ltr"><div class=3D"gmail_quote"><div>Hi Toomas,</div><div><br></div=
><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border=
-left:1px solid rgb(204,204,204);padding-left:1ex">
For better OS support, the UEFI specification (UEFI 2.8A Feb 14, page 499) =
is suggesting to use structure like:<br>
<br>
&lt;ESP&gt;/efi/&lt;OS&gt;/=E2=80=A6<br>
<br>
And to use this suggestion, it means the UEFI Boot Manager needs to be conf=
igured (see efibootmgr(8)).<br>
<br>
Therefore, once you have set up OS specific setup, there is no use for defa=
ult (&lt;ESP&gt;/efi/boot/=E2=80=A6) and you need to update one or another,=
 but not both.<br></blockquote></div><div><br></div><div>FreeBSD have &lt;E=
SP&gt;/efi/freebsd/... but it&#39;s not configured in efibootmgr:</div></di=
v></blockquote><div><br></div><div>The current default installer will do th=
is, but older upgraded systems don&#39;t do this by default. Likely you are=
 looking at an older</div><div>system and/or one of the &#39;bad actors&#39=
; that reset this stuff between boots.</div><div>=C2=A0</div><blockquote cl=
ass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid=
 rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div>efibootmgr -v:</d=
iv><div>---</div><div>BootOrder =C2=A0: 0004, 0000, 2002, 2003, 2001</div><=
div>Boot0004* Windows Boot Manager HD(1,GPT,8c497825-1db2-41f8-8924-85dfd0b=
b7283,0x800,0x82000)/File(\EFI\Microsoft\Boot\bootmgfw.efi)<br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0da0p1:/EFI/Microsoft/Boot/bootmgfw=
.efi (null)<br>+Boot0000* EFI Hard Drive (SAMSUNG MZVLB1T0HBLR-000L2) PciRo=
ot(0x0)/Pci(0x1d,0x0)/Pci(0x0,0x0)/NVMe(0x1,39-f9-b8-01-81-38-25-00)/HD(1,G=
PT,73acd1b2-de41-11eb-8156-002b67dfc673,0x28,0x82000)</div><div>=C2=A0Boot2=
002* EFI DVD/CDROM<br>=C2=A0Boot2003* EFI Network<br>=C2=A0Boot2001* EFI US=
B Device</div><div>---</div><div>so boot is definitely using &lt;ESP&gt;/ef=
i/boot/bootx64.efi <a class=3D"gmail_plusreply" id=3D"gmail-m_2408750265426=
939096plusReplyChip-0">@Boot0000</a></div></div></blockquote><div><br></div=
><div>In your case, that&#39;s true. The &quot;EFI Hard Drive&quot; is a de=
fault entry the UEFI BIOS created for you.</div><div>=C2=A0</div><blockquot=
e class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px s=
olid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div></div><div>I =
think I can create a new boot:</div><div>---</div><div>efibootmgr -a -c -l =
/boot/efi/efi/freebsd/loader.efi -L FreeBSD-14</div><div>(and make it activ=
e)</div><div>efibootmgr -a -b NNNN</div><div>---</div><div>and create other=
 for loader.efi.old in case of problems.</div></div></blockquote><div><br><=
/div><div>Yes.</div><div>=C2=A0</div><blockquote class=3D"gmail_quote" styl=
e=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);paddin=
g-left:1ex"><div dir=3D"ltr"><div>In this case I will need only update &lt;=
ESP&gt;/efi/freebsd/loader.efi.<br></div><div><br></div><div>Q: for what ha=
s been said in mailing, boot is compiled in /usr/src/stand, isn&#39;t a goo=
d idea that when it install new boot it backup old boot like /boot/kernel -=
&gt; /boot/kernel.old?</div></div></blockquote><div><br></div><div>Yes. In =
fact that&#39;s what&#39;s done, but only for the BIOS version. We should d=
o the same for efi but don&#39;t seem to do so currently. But that&#39;s li=
kely tied up behind issues of installing things automatically into the ESP =
on &#39;installworld&#39;.</div><div><br></div><div>Warner=C2=A0</div></div=
></div>

--000000000000ecad7905e65ef160--