From owner-freebsd-arch@freebsd.org Sun Dec 17 00:46:50 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C397DE957BD for ; Sun, 17 Dec 2017 00:46:50 +0000 (UTC) (envelope-from rpp@ci.com.au) Received: from mippet.ci.com.au (mippet.ci.com.au [192.65.182.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mippet.ci.com.au", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 779DA7A0C9 for ; Sun, 17 Dec 2017 00:46:49 +0000 (UTC) (envelope-from rpp@ci.com.au) Received: from mippet-2.ci.com.au (mippet-2.ci.com.au [192.168.1.254]) by mippet-dkim.ci.com.au (8.15.2/8.15.2/CE050417) with ESMTPS id vBH0HrIJ056652 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=OK) for ; Sun, 17 Dec 2017 11:17:54 +1100 (AEDT) (envelope-from rpp@ci.com.au) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ci.com.au; s=jun2016; t=1513469874; bh=BPHpUDAuAQACgFBg+TpVUl4VtBnmT+iA8MoVIrnC89o=; h=Date:From:To:Subject:References:In-Reply-To; b=HJFur9b3RjMaTJRjxhgw40kyAED5KiLc5ONV7wWiVBNTos8tVbtwib0XY1zuqqug7 Ni567h6YGdCEek/JZDCIzc5dEYP9XsR2Rya9Yry1EMM58A7emaV9cEnGkYg9mKgBRW nwwqc/C6ISKB4r1gTwKA0C2tRR8Sf8Ug5D6zc/2ZeAXR6bryb2WLcYPDSDik6/w/zh 8AcK77hCxT9CpHKEsrG0XE/JmNiiHq/K5SupCtjbrIht7F5Zk80RzFEu6YDxjLnl2P AoYqGtKEQocd7Murll5xFTIj4nn/hl6757GV5S8zyd8+U1B2UGX4/c/nsxqOl0Vi3h O9zGtlQiu5DnA== Received: from jodi.ci.com.au (jodi.ci.com.au [192.168.1.21]) by mippet.ci.com.au (8.15.2/8.15.2/CE120917) with ESMTPS id vBH0HrKX056649 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Sun, 17 Dec 2017 11:17:53 +1100 (AEDT) (envelope-from rpp@ci.com.au) Received: from jodi.ci.com.au (jodi.ci.com.au [192.168.1.21]) by jodi.ci.com.au (8.15.2/8.15.2) with SMTP id vBH0Hq72098274 for ; Sun, 17 Dec 2017 11:17:53 +1100 (AEDT) (envelope-from rpp@ci.com.au) Date: Sun, 17 Dec 2017 11:17:52 +1100 From: Richard Perini To: "freebsd-arch@freebsd.org" Subject: Re: loader.efi architecture for replacing boot1.efi Message-ID: <20171217001752.GA98200@jodi.ci.com.au> References: <1fa7edde-6ac0-1d4f-e75a-503b23a5d4dc@metricspace.net> <46af04dd-8f74-b9dc-3d3a-343f022129ed@metricspace.net> <23c05735-4046-a41f-676c-877d9f07d5f8@metricspace.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Dec 2017 00:46:50 -0000 On Sat, Dec 16, 2017 at 10:07:37AM -0700, Warner Losh wrote: > On Sat, Dec 16, 2017 at 8:31 AM, Eric McCorkle wrote: > > > On 12/16/2017 00:49, Warner Losh wrote: > > > > > CD/DVD booing won't break. We'll still load a kernel from them. No > > > boot.config needed for this case (though it might be for others). > > > > How is that possibly going to work for a liveDVD on a random system? > > People expect it to "just work" (meaning, it correctly guesses the > > kernel, then loads it). > > > > I can see it working with boot.config (which I'd be fine with), but if > > we don't search the CD drives, there's no way it can work. > > > And it will. It booted off the CD device, and will search the CD device > (and only the CD device) for the kernel. It will find it there. How could > that not work? > > > > > > > But for now, loader.efi has got to work whether installed > > > in a boot1/loader (legacy) configuration, or installed directly to > > the > > > ESP. Otherwise, there's going to be a lot of unhappy people out > > there. > > > > > > Correct. My proposed behavior will do just that, and if we get it wrong > > > by default (a) you can be explicit with boot variables or (b) you can > > > type something into the OK prompt, which you didn't have before. > > > > No, I'm talking about people with existing installations, which still > > have both boot1 and loader.efi. A change this big needs to be phased in > > over time, which means both modes of operation need to be supported for > > a while. > > > Unless they have a totally whacked out system, the proposed thing that I'm > suggesting will just work for them. > > If they are booting with multiple disks where /boot/loader comes from a > different disk than the boot disk, they will have to do something to > configure it. The number of such people is likely zero given how fragile > this setup is (it breaks when you plug in a thumb drive with a release on > it, for example). > > > As for the fallback search, it's just that: a fallback mechanism. Its > > > job is to make a sane guess as to where to find the system, but > > > ultimately it's not doing anything the user can't do themselves. > > And it > > > will only run if the EFI vars aren't set anyway, so it can't possibly > > > interfere with any of that. > > > > > > > > > And the fallback mechanism of typing what you want is wrong because? > > > > Because every single person out there with an install is going to > > suddenly have to type, and that's going to lead to a whole bunch of > > people saying we broke loader. > > > I maintain no such people will have to do that. The UEFI BIOS is required > to set BootCurrent and BootXXXX. However, even in the absence of this, > we'll look for a ZFS pool (and disks) or UFS partition on the same disk. > This should generally work by default. > > > > > But it's job isn't to guess. If we don't know for sure what to boot, it's > > > our job to fail so the next OS in the list gets a shot at booting. > > > > That won't happen though. If loader fails to find an installed system, > > it drops out to a prompt, but it doesn't exit. Given that, it makes > > sense to make an effort at finding an installed system. > > > > No. It doesn't. You're assuming that if we fail, the system won't boot. > That's false. If we fail to boot device X, it's our job to fail so that if > there's a Y or a Z it can be next. We have no knowledge of whether the user > would prefer Y or Z as the next one to try, but the boot manager that runs > inside every single UEFI firmware does and it will go to the next one. Y > might be a recovery disk or copy of a freebsd memory stick release and Z > might be a redundant copy of X to use in cases where X fails. Or vice > versa. Do we want to boot to the installer? Not as a first choice, but > maybe as a last resort. But we should let UEFI orchestrate the retries. > Trying to second guess is fundamentally wrong, especially in UEFI where the > boot order and boot recovery stuff is so extensively and particularly > defined. Having fought the "oh, I'm going to guess" code in boot1.efi for > over a year and after having it consistently pick the wrong thing to boot > on some tiny fraction of the hundreds of systems I've had deployed give me > strong empirical data that shows the guessing too hard bit is actually > actively harmful. I've thought about this a lot. I've thought through all > the supported scenarios. I've written up documents and solicited feedback. > Nobody to date has said "oh no! I really want the random installed system > roulette! I love it! Don't kill it." > > Warner > _______________________________________________ > freebsd-arch@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" To add support to Warner, as an administrator of 50+ FreeBSD systems on a variety of hardware and disk configs, I totally support Warner's arguments. Having the loader trying to guess in the case of unusual setups when it can't find a kernel __on the same device as the loader__ causes grief. If you want to have your thing boot that way, then configure it to do so, or present a menu of boot options. -- Richard Perini Ramico Australia Pty Ltd Sydney, Australia rpp@ci.com.au +61 2 9552 5500 ----------------------------------------------------------------------------- "The difference between theory and practice is that in theory there is no difference, but in practice there is"