Convert Legacy Boot to Uefi zfs (how to)

[oleyska]

I had this X710 nic and I wanted VFIO.
Those options were only available using Uefi, I installed proxmox at some point and I didn't do efi boot so just been stuck ever since, I was a bit annoyed to see everyone just say "just reinstall bro" and I just said to myself No!

system short specs: X470D4U with a 3900X.

So a brief summary of how to, starting from Legacy booted environment:

1.\
Backups.
Take backups of config, boot files and such just in case.
2.\
proxmox-boot-tool reinit
Note down disk uuid and partitions used so you can verify that it'll do the right thing later, or troubleshoot

lsblk -o +FSTYPE
Your installed drive(s) should have a 512mb partition and that partition appeared as vfat for me.


Install systemd-boot

apt-get install systemd-boot


Verify that " bootctl " command works, this verifies that we can do the commands required later.

3.\
download proxmox-ve install media, I used 8.0.2 for my 8.0.3 installed proxmox, 8.1 refused to boot at all.
http://download.proxmox.com/iso/

4.\
Disable CSM in Bios and all legacy boot options, only Uefi from now on.

5.\
Boot proxmox media, advanced options and console debug.

When prompted press CTRL+D

6.\
Make the live environment more like home (more like the actual install with same paths)
Import your pool, replace rpool with your pool name, it just happened to be my pool name for OS install.

zpool import -f -R /mnt rpool

Mount paths:
mount -o rbind /proc /mnt/proc
mount -o rbind /sys /mnt/sys
mount -o rbind /dev /mnt/dev
mount -o rbind /run /mnt/run

Finally change root folder path
chroot /mnt /bin/bash


7.\
Now we'll actually change the bootloader.
pve-efiboot-tool reinit
pve-efiboot-tool refresh

The Partitions touched should match what you saw in point 2.\

Verify you now have a EFI boot option:
efibootmgr -v


Hopefully Success!!

 

[stubbo66]

This worked on a test machine I built just to ensure I followed the process and there were no issues, and it was perfect.

Installed on my production machine as well without a problem. Just working through any errors that have occurred (I had the same on test but as it worked OK I didn't try and resolve them at the time).

First was that on boot it didn't remount rpool so I had to manually enter

zpool import -f rpool

Second is I noticed an error when creating the EFI boot data. Everything works OK, but I thought I better check the journals

journalctl -b0 -u systemd-boot-system-token

Gives me the following.....

Apr 13 14:05:06 proxmox1 systemd[1]: Starting systemd-boot-system-token.service - Store a System Token in an EFI Variable...
Apr 13 14:05:06 proxmox1 bootctl[1809]: No ESP found, not initializing random seed.
Apr 13 14:05:06 proxmox1 systemd[1]: Finished systemd-boot-system-token.service - Store a System Token in an EFI Variable.

Digging a bit deeper I ran..

bootctl

And I get the following

Couldn't find EFI system partition. It is recommended to mount it to /boot or /efi.
Alternatively, use --esp-path= to specify path to mount point.
System:
      Firmware: UEFI 2.40 (American Megatrends 5.11)
 Firmware Arch: x64
   Secure Boot: disabled (disabled)
  TPM2 Support: no
  Boot into FW: supported


Current Boot Loader:
      Product: systemd-boot 252.22-1~deb12u1
     Features: ✓ Boot counting
               ✓ Menu timeout control
               ✓ One-shot menu timeout control
               ✓ Default entry control
               ✓ One-shot entry control
               ✓ Support for XBOOTLDR partition
               ✓ Support for passing random seed to OS
               ✓ Load drop-in drivers
               ✓ Support Type #1 sort-key field
               ✓ Support @saved pseudo-entry
               ✓ Support Type #1 devicetree field
               ✓ Boot loader sets ESP information
          ESP: /dev/disk/by-partuuid/96473510-6563-4482-9c09-7cf8964116ad
         File: └─/EFI/SYSTEMD/SYSTEMD-BOOTX64.EFI


Random Seed:
 Passed to OS: no
 System Token: not set


Boot Loaders Listed in EFI Variables:
        Title: Linux Boot Manager
           ID: 0x0003
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/96473510-6563-4482-9c09-7cf8964116ad
         File: └─/EFI/SYSTEMD/SYSTEMD-BOOTX64.EFI


        Title: Linux Boot Manager
           ID: 0x0001
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/b6958877-8e93-428a-8c97-66cd0b4a65a4
         File: └─/EFI/SYSTEMD/SYSTEMD-BOOTX64.EFI


        Title: UEFI OS
           ID: 0x0004
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/b6958877-8e93-428a-8c97-66cd0b4a65a4
         File: └─/EFI/BOOT/BOOTX64.EFI


        Title: UEFI OS
           ID: 0x0005
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/96473510-6563-4482-9c09-7cf8964116ad
         File: └─/EFI/BOOT/BOOTX64.EFI

So I can see two errors in there. The Random seed not passed to the OS, but that seems to be more of a symptom of the first error that the EFI system partition can't be found.

I can manually mount the EFI partition (which removes the error from bootctl displaying) , but I'm guessing that's what is needed here. It obviously also still leaves the message about the random seed token not set.

I manually mounted my disk to /boot and then ran...

bootctl random-seed

which now gives me

Random seed file /boot/loader/random-seed successfully written (32 bytes).
Failed to write 'LoaderSystemToken' EFI variable: Invalid argument

So the questions.......

1. How do I change things so that the correct EFI partition is mounted to /boot on startup? I have two mirrored ZFS drives, both with EFI boot partitions, but obviously the system only boots from one of them, so only one can be mounted.
2. As I have secure boot disabled, is the issue regarding the LoaderSystemToken important or not, and if so...how to resolve?

 

[stubbo66]

Turns out you don't mount to the /boot directory to protect the contents. So all is well!