Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Supporting Grub2-BLS #708

Open
wants to merge 47 commits into
base: master
Choose a base branch
from
Open

Supporting Grub2-BLS #708

wants to merge 47 commits into from

Conversation

schubi2
Copy link
Member

@schubi2 schubi2 commented Nov 14, 2024

Added grub2-bls support which has been announced:
https://news.opensuse.org/2024/10/08/grub2-bls

jsc#PED-10703

Testing

  • Added new unit tests

  • Tested manually
    -- New installation
    -- In installed system
    -- AutoYaST installation

Screenshots

1
2
3

@coveralls
Copy link

coveralls commented Nov 14, 2024

Coverage Status

coverage: 87.51% (+0.1%) from 87.382%
when pulling b19dd58 on grub-bls2
into 5a649f8 on master.

src/lib/bootloader/bls_sections.rb Outdated Show resolved Hide resolved
src/lib/bootloader/bls_sections.rb Show resolved Hide resolved
src/lib/bootloader/bootloader_factory.rb Show resolved Hide resolved
src/lib/bootloader/grub2_widgets.rb Outdated Show resolved Hide resolved
src/lib/bootloader/grub2bls.rb Outdated Show resolved Hide resolved
src/lib/bootloader/grub2bls.rb Outdated Show resolved Hide resolved
src/lib/bootloader/grub2bls.rb Outdated Show resolved Hide resolved
@jreidinger
Copy link
Member

I add some comments that needs to be clarified...but more importantly to make it work I worry it needs also changes in yast2-storage-ng as currently EFI partition is 256MiB which is quite small for BLS which in the latest specification mention EFI of 1GiB to be able to have inside enough kernels.
We discuss it on daily and it will be problematic to increase it unconditionally for all installation (users already complain it is too big and on aarch with some small storage it is even more critical), so we probably need some flag for installation to adapt storage proposal if given flag is given....flag like passing bls=1 to kernel command line....and in such case it should be possible to even change default bootloader to grub2-bls or systemd boot when such flag is specified.

@aplanas
Copy link
Contributor

aplanas commented Nov 15, 2024

I add some comments that needs to be clarified...but more importantly to make it work I worry it needs also changes in yast2-storage-ng as currently EFI partition is 256MiB which is quite small for BLS which in the latest specification mention EFI of 1GiB to be able to have inside enough kernels.

This 1GiB is for UKIs, and we are not using it now. For the current systemd-boot (already merged) and this grub2-bls, 512MiB should be OK (is what MicroOS is using). The kernel and the initrds are reused, so we can have multiple active snapshots represented in the ESP. But this decision should be done by the bootloader team, in case that they have a different vision here.

About the mechanism ... is this bls=1 set by the user? That is dangerous IMHO, as I select the bootloader much later

@jreidinger
Copy link
Member

I add some comments that needs to be clarified...but more importantly to make it work I worry it needs also changes in yast2-storage-ng as currently EFI partition is 256MiB which is quite small for BLS which in the latest specification mention EFI of 1GiB to be able to have inside enough kernels.

This 1GiB is for UKIs, and we are not using it now. For the current systemd-boot (already merged) and this grub2-bls, 512MiB should be OK (is what MicroOS is using). The kernel and the initrds are reused, so we can have multiple active snapshots represented in the ESP. But this decision should be done by the bootloader team, in case that they have a different vision here.

About the mechanism ... is this bls=1 set by the user? That is dangerous IMHO, as I select the bootloader much later

As said, now it is 256MiB with 128MiB minimum, which is too low from my understanding of BLS. So it will need to adapt to whatever value and as mentioned even with that 256MiB users complain that it is too much space.

mechanism is like with fips. It is set on kernel cmdline during boot of medium and then it changes what installer propose. In agama it will be more straightforward as it do not use wizard approach, but yast installer use wizard and storage is done very soon and bootloader later. So idea is that user set bls=1 on kernel cmdline and it will propose big enough EFI partition to fit BLS based bootloader and then user can change it to even common one, but EFI proposed size will remain.

@aplanas
Copy link
Contributor

aplanas commented Nov 15, 2024

So idea is that user set bls=1 on kernel cmdline and it will propose big enough EFI partition to fit BLS based bootloader and then user can change

That is the part that does not make sense to me. The selection of the bootloader comes later. I select grub2-bls or systemd-boot in YaST with some graphical interface, and I would expect that the proposal changes to the expected sizes and layout that make sense from my selection.

Maybe something that makes a bit more sense, from the user PoV, is that if the system has EFI then the selected layout would be such that mount the ESP in /boot/efi with "enough" size, whatever means means for this version of the installer.

I do not know if the XML that defines the disk layout and some of the defaults (the skel file) can condition the size of the ESP under the condition of the selected boot loader, but this can be another path that can work.

@ancorgs
Copy link
Contributor

ancorgs commented Nov 25, 2024

That is the part that does not make sense to me. The selection of the bootloader comes later. I select grub2-bls or systemd-boot in YaST with some graphical interface, and I would expect that the proposal changes to the expected sizes and layout that make sense from my selection.

That's a historical problem we have with YaST that makes hard to fit this case.

YaST is a wizard and the storage (partitioning) setup is one of the first steps that is configured by the user. But tuning the configuration of the boot loader is something that gets done almost at the end of the process, right before starting the installation. The partitioning setup has already been reviewed, adapted and accepted by the user, we cannot simply change it (for a variety of reasons).

Maybe something that makes a bit more sense, from the user PoV, is that if the system has EFI then the selected layout would be such that mount the ESP in /boot/efi with "enough" size, whatever means means for this version of the installer.

That means we grow the EFI for everyone. Both people using the default boot loader and those using Grub2-BLS. I can tell you there will be a lot of people unhappy with that. For whatever reason, people tend to be very sensitive about having too big UEFI partitions (for their own individual definitions of "too big").

I do not know if the XML that defines the disk layout and some of the defaults (the skel file) can condition the size of the ESP under the condition of the selected boot loader, but this can be another path that can work.

The size of those boot-related partitions are calculated based on different so-called "strategies". We have the following strategies: Legacy (for BIOS-based systems), NFSRoot (for systems without local storage), PReP (for powerPC systems), Raspi (for Raspberry Pi), UEFI (for standard EFI-based systems) and Zipl (for s390). We add new strategies as we need to cover more scenarios.

We could perfectly develop a separate strategy for Grub2-BLS+EFI. But the original problem remains - the installer needs to choose a strategy and stick to it. And the selection happens during the step that sets the initial storage configuration. So we use criteria like the architecture, the product, the location of "/" and any other aspect that is known at that point. If we are going to use the chosen boot-loader as a criteria to choose the strategy, then such a decision needs to be known during the partitioning step.

@aplanas
Copy link
Contributor

aplanas commented Nov 29, 2024

We could perfectly develop a separate strategy for Grub2-BLS+EFI. But the original problem remains - the installer needs to choose a strategy and stick to it.

Can next idea fit in YaST?

  1. Make this Grub2-BLS strategy, and enable if by default if we are in Intel (for now) with UEFI. This will select the default EFI partition for 1Gb and select the grub2-bls bootloader by default.
  2. If the user is in a supported architecture for grub2-bls (the other one is aarch64), and select the grub2-bls bootloader, present some complain about the EFI partition size

Ideally we can move architecture by architecture to the new layout once they are better tested and enabled.

@schubi2
Copy link
Member Author

schubi2 commented Dec 2, 2024

  1. If the user is in a supported architecture for grub2-bls (the other one is aarch64), and select the grub2-bls bootloader, present some complain about the EFI partition size

For the first step I would prefer this solution. While implementation and testing I have not had any issue regarding disk space. So I am wondering why we are insisting on the 1GByte size so strictly.

@aplanas
Copy link
Contributor

aplanas commented Dec 2, 2024

why we are insisting on the 1GByte size so strictly.

The current model (shared kernel and initrd between snapshots, as sdbootutil uses) do not requires 1Gb of EFI space, but if the idea is moving in the future to UKIs, then this size seems more reasonable.

UKIs can be shared now, as certain components can live outside them with new systemd versions (like the cmdline), but I suspect that the re-usage index will be lower than the current approach.

@thkukuk
Copy link

thkukuk commented Dec 2, 2024

For the first step I would prefer this solution. While implementation and testing I have not had any issue regarding disk space. So I am wondering why we are insisting on the 1GByte size so strictly.

As written above, my Tumbleweed reference machine, auto-updating daily since month, uses 480MB of /boot/efi. So there is no space left for something unforeseen, e.g. a firmware update.

@jreidinger
Copy link
Member

Also 1GiB is specified in BLS itself even thought quite vague as Otherwise, if on GPT and an ESP is found and it is large enough (let’s say at least 1G) it should be used as $BOOT and used as primary location to place boot loader menu resources in. ( source https://uapi-group.org/specifications/specs/boot_loader_specification/ )

@ancorgs
Copy link
Contributor

ancorgs commented Dec 4, 2024

Can next idea fit in YaST?

It's surely doable and sounds like a sensible approach to move forward.

1. Make this Grub2-BLS strategy, and enable if by default if we are in Intel (for now) with UEFI. This will select the default EFI partition for 1Gb and select the grub2-bls bootloader by default.

For the yast2-storage-ng part, that's just a matter of adding the related logic to https://github.com/yast/yast-storage-ng/blob/master/src/lib/y2storage/boot_requirements_checker.rb#L125

For the yast2-bootloader part I guess it's also possible to define the default bootloader using any reasonable criteria (I'm not that familiar with that part of the code).

2. If the user is in a supported architecture for grub2-bls (the other one is aarch64), and select the grub2-bls bootloader, present some complain about the EFI partition size

That should be doable as well. We would need to decide which mechanism to use for that check, but it doesn't sound hard to implement.

@jreidinger
Copy link
Member

For bootloader changing default bootloader is mainly about changing logic at https://github.com/yast/yast-bootloader/blob/master/src/lib/bootloader/bootloader_factory.rb#L116 which is the part of code that is responsible for it.

@ancorgs
Copy link
Contributor

ancorgs commented Dec 4, 2024

[...] that's just a matter of adding the related logic to [...]

One important note. That logic to decide whether to go for grub2-bls should be configurable by "product". I'm pretty sure we don't want to change yet the behavior for SLES-16 or other enterprise products, neither for Agama-based installations (until we have tried it in YaST), etc.

So, at least for the time being, we should likely introduce a new configuration option. That would allow us to specify if we want to "try" (if all the other conditions are met) grub2-bls for a given product (only TW installed with YaST, in this case) or even per system role.

@thkukuk
Copy link

thkukuk commented Dec 4, 2024

[...] that's just a matter of adding the related logic to [...]

One important note. That logic to decide whether to go for grub2-bls should be configurable by "product". I'm pretty sure we don't want to change yet the behavior for SLES-16

Yes, we want to change the behavior for SLES-16 now: https://jira.suse.com/browse/PED-10703
It doesn't make any sense to do that only after the Alpha phase, this are things you are doing in the development/Alpha phase.

@jreidinger
Copy link
Member

[...] that's just a matter of adding the related logic to [...]

One important note. That logic to decide whether to go for grub2-bls should be configurable by "product". I'm pretty sure we don't want to change yet the behavior for SLES-16

Yes, we want to change the behavior for SLES-16 now: https://jira.suse.com/browse/PED-10703 It doesn't make any sense to do that only after the Alpha phase, this are things you are doing in the development/Alpha phase.

So if I get that jira entry properly it is requested to have big enough EFI partition for x86_64 and aarch64 and to also have 1GiB /boot/zipl on s390 to allow future transition. And also no change on ppc. Do I get it correctly?
And having default bootloader according to product as for SLES and SLES 4 SAP it should not be default, but for micro and TW it should be default bootloader on supported architectures?

@thkukuk
Copy link

thkukuk commented Dec 6, 2024

So if I get that jira entry properly it is requested to have big enough EFI partition for x86_64 and aarch64 and to also have 1GiB /boot/zipl on s390 to allow future transition. And also no change on ppc. Do I get it correctly?

Ignore s390x for now. That's still not clearified and in evaluation.

And having default bootloader according to product as for SLES and SLES 4 SAP it should not be default, but for micro and TW it should be default bootloader on supported architectures?

PM does not want a difference in SL Micro 6.x and SLES16, both should use the same bootloader setup.
But to answer all this questions: we need that in Tumbleweed now. Without that, there is no way to carry out a reliable evaluation.
And sooner or later we need BLS in SL Micro 6.x and SLES16 for x86-64 and aarch64. There is no way around that. Only question would be, if we use grub2-BLS or systemd-boot...

@schubi2
Copy link
Member Author

schubi2 commented Dec 11, 2024

I will try to go Ancors way, defined in:

For the yast2-storage-ng part, that's just a matter of adding the related logic to https://github.com/yast/yast-storage-ng/blob/master/src/lib/y2storage/boot_requirements_checker.rb#L125

PM does not want a difference in SL Micro 6.x and SLES16, both should use the same bootloader setup. But to answer all this questions: we need that in Tumbleweed now. Without that, there is no way to carry out a reliable evaluation. And sooner or later we need BLS in SL Micro 6.x and SLES16 for x86-64 and aarch64. There is no way around that. Only question would be, if we use grub2-BLS or systemd-boot...

As Josef has already mentioned, the question could be answered around here:

https://github.com/yast/yast-bootloader/blob/master/src/lib/bootloader/bootloader_factory.rb#L116

if current_bl.respond_to?(:pmbr_action)
current_bl.pmbr_action = value
else
log.error("Bootloader #{current_bl} does not support PMBR.")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

JFYI PMBR is not about bootloader support as it is set by parted. For more info https://uefi.org/specs/UEFI/2.10/05_GUID_Partition_Table_Format.html#protective-mbr Basically it is for backward compatibily for stuff that do not understand GPT and needs MS DOS table. But it has some disadvantages, so for EFI boot we usually unset it.

@@ -62,6 +91,9 @@ def trusted_boot_active?

# Check if the system is expected to have nvram - ie. update_nvram_active? makes a difference
def nvram_available?(bootloader_name = nil)
# not for grub2-bls
return false if bootloader_name == "grub2-bls"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aplanas Just to be sure, grub2-bls cannot skip writing to nvram? I remember that especially some aarch64 devices has problems to write to it and needs this "workaround" which skips write to it, otherwise a crash happen. I can find some bugzilla references, if you are interested.

# param bootloader_name [String] bootloader name
# @return [Boolean] true if supported
def console_supported?(bootloader_name)
!Yast::Arch.s390 && bootloader_name != "grub2-bls"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aplanas Just to be sure grub2-bls does not support neither graphical console neither serial console? Especially later one can be a bit problematic on servers. Or it works in different way and is just not configurable and detect serial console automatic?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is supporting both

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have discussed it again and it is not really supported. I have tried it but without really success ;-)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm, especially that serial console can be a bit problematic on SLES as it is common way to get output from headless servers.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Servers today have all a web based management port, which does not only allow you to select a different boot entry, but also to enter the firmware. And with EFI, serial console with bootloader is coming too late anyways, as you select the boot entry in firmware upfront.
So is this really a problem today? Serial console for watching the boot process and login should still work, that's independent of the bootloader.
Since other distributions also switch to grub2-BLS, it looks like they don't see a problem with serial console, too. If it will really become one, somebody will implement it.
So ignore serial console for now, so that we can get this in and collect feedback, what people are really missing.

# param bootloader_name [String] bootloader name
# @return [Boolean] true if supported
def password_supported?(bootloader_name)
bootloader_name != "grub2-bls"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aplanas just to be sure password protected grub is not supported at all with grub2-bls? I remember that some customer even requires old grub1 way of password protection (so with grub2-efi we support both password protection again boot entry modification and also whole boot password protection), so they can see it as regression.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

grub2-bls can be extended via grubenv block, but I do not see there a way to set passwords, so I would say that grub2-bls cannot be protected with passwords today. But mchang will give the last word here.

IIUC the password protected grub2 is about avoiding users to edit the menu entry and such. This is already covered by the TPM2 and measured boot.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should not implement what customers requested ages ago, but what is really needed today. And with EFI, a password protected bootloader does not make really sense.
With SLE Micro we did: implement the minimal set we need to have a working OS, and only add, what customers are really missing, not what got requested ages ago and nobody is using anymore.
Not that surprising: no customer asked for things where developers claimed that all customers will need it...

@schubi2
Copy link
Member Author

schubi2 commented Dec 17, 2024

I will try to go Ancors way, defined in:

For the yast2-storage-ng part, that's just a matter of adding the related logic to https://github.com/yast/yast-storage-ng/blob/master/src/lib/y2storage/boot_requirements_checker.rb#L125

I have made a PR:
https://github.com/yast/yast-storage-ng/pull/1396/files

@jreidinger
Copy link
Member

@schubi in general I would say PR looks good, I am just waiting to get answers from @aplanas what exactly grub2-bls supports. I would say that especially those console support is important to be sure.

@aplanas
Copy link
Contributor

aplanas commented Dec 20, 2024

I am just waiting to get answers from @aplanas what exactly grub2-bls supports. I would say that especially those console support is important to be sure.

What is missing from my side?

@jreidinger
Copy link
Member

@aplanas answer to this question about grub2-bls support for consoles #708 (comment)

@jreidinger
Copy link
Member

OK, I approved PR to give it a try. Discussion about missing features of grub2-bls would be probably best in jira, where the decision about defaults should be taken.

@jreidinger
Copy link
Member

@schubi2 I think you should have rights to merge. If not, just ping me when you want to have it merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants