bsdinstall/zfsboot: Enable new UEFI+GELI support
After r336252 it is no longer necessary to have a separate bootpool when booting from an encrypted disk with UEFI. This change also switches the EFI System Partition contents from the 800 KB boot1.efifat to a new 200 MB filesystem created with newfs_msdos and uses loader.efi directly, instead of boot1.efi. PR: 228916 Reviewed by: dteske MFC after: 1 month Relnotes: yes Sponsored by: Klara Systems Differential Revision: https://reviews.freebsd.org/D12315
This commit is contained in:
parent
411de280b9
commit
4bdc82c1d0
@ -185,9 +185,11 @@ FSTAB_FMT="%s\t\t%s\t%s\t%s\t\t%s\t%s\n"
|
||||
#
|
||||
# Command strings for various tasks
|
||||
#
|
||||
COPY='cp "%s" "%s"'
|
||||
CHMOD_MODE='chmod %s "%s"'
|
||||
DD_WITH_OPTIONS='dd if="%s" of="%s" %s'
|
||||
ECHO_APPEND='echo "%s" >> "%s"'
|
||||
ECHO_OVERWRITE='echo "%s" > "%s"'
|
||||
GELI_ATTACH='geli attach -j - -k "%s" "%s"'
|
||||
GELI_ATTACH_NOKEY='geli attach -j - "%s"'
|
||||
GELI_DETACH_F='geli detach -f "%s"'
|
||||
@ -211,6 +213,7 @@ KLDLOAD='kldload %s'
|
||||
LN_SF='ln -sf "%s" "%s"'
|
||||
MKDIR_P='mkdir -p "%s"'
|
||||
MOUNT_TYPE='mount -t %s "%s" "%s"'
|
||||
NEWFS_ESP='newfs_msdos -F %s -L "%s" "%s"'
|
||||
PRINTF_CONF="printf '%s=\"%%s\"\\\n' %s >> \"%s\""
|
||||
PRINTF_FSTAB='printf "$FSTAB_FMT" "%s" "%s" "%s" "%s" "%s" "%s" >> "%s"'
|
||||
SHELL_TRUNCATE=':> "%s"'
|
||||
@ -841,18 +844,34 @@ zfs_create_diskpart()
|
||||
# 2. Add small freebsd-boot and/or efi partition
|
||||
#
|
||||
if [ "$ZFSBOOT_BOOT_TYPE" = "UEFI" -o "$ZFSBOOT_BOOT_TYPE" = "BIOS+UEFI" ]; then
|
||||
#
|
||||
# Enable boot pool if encryption is desired
|
||||
#
|
||||
[ "$ZFSBOOT_GELI_ENCRYPTION" ] && ZFSBOOT_BOOT_POOL=1
|
||||
|
||||
f_eval_catch $funcname gpart \
|
||||
"$GPART_ADD_ALIGN_LABEL_WITH_SIZE" \
|
||||
"$align_small" efiboot$index efi 200M $disk ||
|
||||
return $FAILURE
|
||||
f_eval_catch $funcname gpart "$GPART_BOOTCODE_PARTONLY" \
|
||||
/boot/boot1.efifat 1 $disk ||
|
||||
"$align_small" efiboot$index efi 200M \
|
||||
$disk ||
|
||||
return $FAILURE
|
||||
|
||||
f_eval_catch $funcname mkdir "$MKDIR_P" \
|
||||
"$BSDINSTALL_TMPETC/esp" || return $FAILURE
|
||||
f_eval_catch $funcname newfs_msdos "$NEWFS_ESP" "16" \
|
||||
"EFISYS" "/dev/${disk}p1" ||
|
||||
return $FAILURE
|
||||
f_eval_catch $funcname mount "$MOUNT_TYPE" "msdosfs" \
|
||||
"/dev/${disk}p1" \
|
||||
"$BSDINSTALL_TMPETC/esp" ||
|
||||
return $FAILURE
|
||||
f_eval_catch $funcname mkdir "$MKDIR_P" \
|
||||
"$BSDINSTALL_TMPETC/esp/efi/boot" ||
|
||||
return $FAILURE
|
||||
f_eval_catch $funcname cp "$COPY" "/boot/loader.efi" \
|
||||
"$BSDINSTALL_TMPETC/esp/efi/boot/$ZFSBOOT_ESP_NAME" ||
|
||||
return $FAILURE
|
||||
f_eval_catch $funcname echo "$ECHO_OVERWRITE" \
|
||||
"$ZFSBOOT_ESP_NAME" \
|
||||
"$BSDINSTALL_TMPETC/esp/efi/boot/startup.nsh" ||
|
||||
return $FAILURE
|
||||
f_eval_catch $funcname umount "$UMOUNT" \
|
||||
"$BSDINSTALL_TMPETC/esp" ||
|
||||
return $FAILURE
|
||||
fi
|
||||
|
||||
if [ "$ZFSBOOT_BOOT_TYPE" = "BIOS" -o "$ZFSBOOT_BOOT_TYPE" = "BIOS+UEFI" ]; then
|
||||
@ -1576,6 +1595,20 @@ arm64)
|
||||
;;
|
||||
esac
|
||||
|
||||
#
|
||||
# The EFI loader installed in the ESP (EFI System Partition) must
|
||||
# have the expected name in order to load correctly.
|
||||
#
|
||||
[ "$ZFSBOOT_ESP_NAME" ] || case "${UNAME_m:-$( uname -m )}" in
|
||||
arm64) ZFSBOOT_ESP_NAME=BOOTaa64.efi ;;
|
||||
arm) ZFSBOOT_ESP_NAME=BOOTarm.efi ;;
|
||||
i386) ZFSBOOT_ESP_NAME=BOOTia32.efi ;;
|
||||
amd64) ZFSBOOT_ESP_NAME=BOOTx64.efi ;;
|
||||
*)
|
||||
f_dprintf "Unsupported architecture: %s" $UNAME_m
|
||||
f_die
|
||||
esac
|
||||
|
||||
#
|
||||
# Loop over the main menu until we've accomplished what we came here to do
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user