From nobody Fri Jul 16 19:55:11 2021
X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 6404312794B8
	for <freebsd-current@mlmmj.nyi.freebsd.org>; Fri, 16 Jul 2021 19:55:13 +0000 (UTC)
	(envelope-from 0100017ab0e31c55-18dc1023-bef1-46c8-a14a-7cdf2e80dfca-000000@amazonses.com)
Received: from a48-106.smtp-out.amazonses.com (a48-106.smtp-out.amazonses.com [54.240.48.106])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4GRMR464J7z4dww
	for <freebsd-current@freebsd.org>; Fri, 16 Jul 2021 19:55:12 +0000 (UTC)
	(envelope-from 0100017ab0e31c55-18dc1023-bef1-46c8-a14a-7cdf2e80dfca-000000@amazonses.com)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
	s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1626465312;
	h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:Feedback-ID;
	bh=1PMeoJz09VMYiPNHumBMp0cF3erIJ+ztuF48zUJLoe8=;
	b=Dl+VfU1n8r7EM1UGqe/0QwZzOg+YujqPuPJotasdDOR24P7j/jVig/2+fDgScxTB
	bG2MKEOasNF6RUlYBLQM1gAB93bAum4rQZWbPk4v63238Sj0ijxvaNSU1xnbveF/Qqa
	D8z7tNrotH6hPVYU+BUFtNV0GNrScatCDS2Jw/BM=
Subject: Re: EFI boot partition overwritten
To: freebsd-current@freebsd.org
References: <0100017aaf3bd028-56a36bdb-37e1-4d14-9d10-4ff2367110d4-000000@email.amazonses.com>
 <CANCZdfqKcXrkc=aK=ck1yjgGjNPnKZjQwOV5TopEdLTjxGi+dQ@mail.gmail.com>
From: Thomas Laus <lausts@acm.org>
Message-ID: <0100017ab0e31c55-18dc1023-bef1-46c8-a14a-7cdf2e80dfca-000000@email.amazonses.com>
Date: Fri, 16 Jul 2021 19:55:11 +0000
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101
 Thunderbird/78.12.0
List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-current
List-Help: <mailto:freebsd-current+help@freebsd.org>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Subscribe: <mailto:freebsd-current+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@freebsd.org>
Sender: owner-freebsd-current@freebsd.org
MIME-Version: 1.0
In-Reply-To: <CANCZdfqKcXrkc=aK=ck1yjgGjNPnKZjQwOV5TopEdLTjxGi+dQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Feedback-ID: 1.us-east-1.9pbSdi8VQuDGy3n7CRAr3/hYnLCug78GrsPo0xSgBOs=:AmazonSES
X-SES-Outgoing: 2021.07.16-54.240.48.106
X-Rspamd-Queue-Id: 4GRMR464J7z4dww
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=amazonses.com header.s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug header.b=Dl+VfU1n;
	dmarc=none;
	spf=pass (mx1.freebsd.org: domain of 0100017ab0e31c55-18dc1023-bef1-46c8-a14a-7cdf2e80dfca-000000@amazonses.com designates 54.240.48.106 as permitted sender) smtp.mailfrom=0100017ab0e31c55-18dc1023-bef1-46c8-a14a-7cdf2e80dfca-000000@amazonses.com
X-Spamd-Result: default: False [-0.45 / 15.00];
	 ARC_NA(0.00)[];
	 NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	 R_DKIM_ALLOW(-0.20)[amazonses.com:s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug];
	 FROM_HAS_DN(0.00)[];
	 TO_MATCH_ENVRCPT_ALL(0.00)[];
	 R_SPF_ALLOW(-0.20)[+ip4:54.240.0.0/18];
	 MIME_GOOD(-0.10)[text/plain];
	 TO_DN_NONE(0.00)[];
	 DMARC_NA(0.00)[acm.org];
	 RCPT_COUNT_ONE(0.00)[1];
	 NEURAL_HAM_LONG(-0.75)[-0.748];
	 DKIM_TRACE(0.00)[amazonses.com:+];
	 NEURAL_HAM_SHORT(-1.00)[-1.000];
	 RCVD_IN_DNSWL_NONE(0.00)[54.240.48.106:from];
	 FORGED_SENDER(0.30)[lausts@acm.org,0100017ab0e31c55-18dc1023-bef1-46c8-a14a-7cdf2e80dfca-000000@amazonses.com];
	 RCVD_COUNT_ZERO(0.00)[0];
	 MIME_TRACE(0.00)[0:+];
	 RWL_MAILSPIKE_VERYGOOD(0.00)[54.240.48.106:from];
	 ASN(0.00)[asn:14618, ipnet:54.240.48.0/23, country:US];
	 FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN(2.50)[];
	 FROM_NEQ_ENVFROM(0.00)[lausts@acm.org,0100017ab0e31c55-18dc1023-bef1-46c8-a14a-7cdf2e80dfca-000000@amazonses.com];
	 MAILMAN_DEST(0.00)[freebsd-current]
X-Spam: Yes
X-ThisMailContainsUnwantedMimeParts: N

On 7/16/21 1:35 PM, Warner Losh wrote:
> 
> There should be. Yes. Last time I went hunting for a place to shoe-horn it
> in, I got distracted by something else.
> 
> The instructions are relatively straight forward. I'm writing them here for
> your benefit, and also in case someone wants to send me a diff/pull request
> to include them. Or better yet, put this in the handbook and we can
> reference
> a location from there.
> 
> WARNING: This is a quick run-through of how to do this if you need to.
> The example commands given might not be exactly right for all installations
> as differing numbers of partitions will change the '-i' parameters.
> 
> Frist, you need a partition that's of the right type. For GPT that type is
> `efi`
> as shown in `gpart show <boot-device>` eg
> # gpart show ada0
> =>        40  2000409184  ada0  GPT  (954G)
>           40        1600        - free -  (800K)
>         1640  1992292792     2  freebsd-ufs  (950G)
>   1992294432     7000000     3  freebsd-swap  (3.3G)
>   1999294432     1114792     4  efi  (544M)
>
It looks like the default layout from the install media is 200M
=>       40  488397088  ada0  GPT  (233G)
         40     409600     1  efi  (200M)
     409640       1024     2  freebsd-boot  (512K)
     410664        984        - free -  (492K)
     411648    4194304     3  freebsd-swap  (2.0G)
    4605952  483790848     4  freebsd-zfs  (231G)
  488396800        328        - free -  (164K)

> If you don't have one, you'll need to create one. In the above exmaple,
> I had installed the system with a tiny partition for booting with legacy
> BIOS, but then moved to booting with UEFI. I did this by turning off
> swapping and doing the following:
> # gpart resize -i 3 -s 7000000 ada0
> I then created a new efi partition:
> # gpart add -t efi ada0
> and I let it autosize.
> 
> Next, I needed a FAT32 filesystem on that device. FAT16 usually will
> work and often FAT12, but there are known examples of system integrators
> that omit support for these last two (more the latter than the former since
> it's viewed as a floppy only thing, and who uses floppies).  I just used
> newfs_msdos and mounted it:
> # newfs_msdos -F 32 /dev/ada0p4
> # mount -t msdos /dev/ada0p4 /boot/efi
> 
> Next, you need to put a bootloader on the system. Unless you have
> special needs, loader.efi is that loader.
> # mkdir -p /boot/efi/efi/boot
> # cp /boot/loader.efi /boot/efi/efi/boot/bootx64.efi
>
All of the forums use uppercase for mountpoint/EFI/BOOT/BOOTX64.efi.  Is
that directory structure standard across motherboard manufacturers or is
lower case allowed?

> If you are using efibootmgr to set a location to boot from, generally people
> create a freebsd directory (we've registered /efi/freebsd with the proper
> folks
> to avoid conflicts):
> # mkdir -p /boot/efi/efi/freebsd
> # cp /boot/loader.efi /boot/efi/efi/freebsd
> # efibootmgr -c -a -k /boot/kernel/kernel -l
> /boot/efi/efi/freebsd/loader.efi -L "FreeBSD Boot"
> though some vendors impose limits on how many boot envs you can create
> and some do not allow any at all.
>
Warner:

Thanks for getting this effort rolling.  I think that the best place for
is in the Handbook since it is something that is not performed often.
The /usr/src/UPDATING section can just refer to the section in the
Handbook for the times the loader.efi is updated or requires
re-installation.

Tom

-- 
Public Keys:
PGP KeyID = 0x5F22FDC1
GnuPG KeyID = 0x620836CF